Fixes crash in gif image decoder

Fuzzing test revealed that for certain malformed gif files,
qgifhandler would segfault.

Change-Id: I5bb6f60e1c61849e0d8c735edc3869945e5331c1
(cherry picked from qtbase/ea2c5417fcd374302f5019e67f72af5facbd29f6)
Reviewed-by: Richard J. Moore <rich@kde.org>
Gbp-Pq: Name fixes_crash_in_gif_image_decoder.patch

diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp
index 6540f8aece53c551851aafbd7b5add0ea0a4e54c..bcdc80269795af32c44c33c2d8d2d2e516d9ec04 100644 (file)
--- a/src/gui/image/qgifhandler.cpp
+++ b/src/gui/image/qgifhandler.cpp
@@ -951,6 +951,8 @@ void QGIFFormat::fillRect(QImage *image, int col, int row, int w, int h, QRgb co
 
 void QGIFFormat::nextY(unsigned char *bits, int bpl)
 {
+    if (out_of_bounds)
+        return;
     int my;
     switch (interlace) {
     case 0: // Non-interlaced