cve-2015-0295

author Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>

Fri, 1 May 2015 19:35:39 +0000 (19:35 +0000)

committer Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>

Fri, 1 May 2015 19:35:39 +0000 (19:35 +0000)
author Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Fri, 1 May 2015 19:35:39 +0000 (19:35 +0000)
committer Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
Fri, 1 May 2015 19:35:39 +0000 (19:35 +0000)
diff --git a/src/gui/image/qbmphandler.cpp b/src/gui/image/qbmphandler.cpp

index 0b9edf5cb47f8d5f2e2c16f95467cfad38970f7b..17a880b530d36667af33da2203cb9fc5a0b83e27 100644 (file)
--- a/src/gui/image/qbmphandler.cpp
+++ b/src/gui/image/qbmphandler.cpp
@@ -319,10 +319,16 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int
          }
      } else if (comp == BMP_BITFIELDS && (nbits == 16 || nbits == 32)) {
          red_shift = calc_shift(red_mask);
+        if (((red_mask >> red_shift) + 1) == 0)
+            return false;
          red_scale = 256 / ((red_mask >> red_shift) + 1);
          green_shift = calc_shift(green_mask);
+        if (((green_mask >> green_shift) + 1) == 0)
+            return false;
          green_scale = 256 / ((green_mask >> green_shift) + 1);
          blue_shift = calc_shift(blue_mask);
+        if (((blue_mask >> blue_shift) + 1) == 0)
+            return false;
          blue_scale = 256 / ((blue_mask >> blue_shift) + 1);
      } else if (comp == BMP_RGB && (nbits == 24 || nbits == 32)) {
          blue_mask = 0x000000ff;
author	Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
	Fri, 1 May 2015 19:35:39 +0000 (19:35 +0000)
committer	Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
	Fri, 1 May 2015 19:35:39 +0000 (19:35 +0000)