qiurui
/
qtimageformats
mirror of https://github.com/qt/qtimageformats.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix UB in webp decode and memory leak in encoder 

Ensure the ICC block is aligned before parsing and clear the writer
after we have initialized it.

Fixes: QTBUG-84267
Change-Id: I7e16ee7663dbe404b4819769deab7d9c9b6c8f20
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
(cherry picked from commit b761ff58d6)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
This commit is contained in:
Allan Sandfeld Jensen 2020-05-18 13:51:09 +02:00 committed by Qt Cherry-pick Bot
parent ec15f82b67
commit 1a790ba615
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/plugins/imageformats/webp/qwebphandler.cpp
View File

@ -167,8 +167,11 @@ bool QWebpHandler::read(QImage *image)
// Read global meta-data chunks first // Read global meta-data chunks first
WebPChunkIterator metaDataIter; WebPChunkIterator metaDataIter;
if ((m_formatFlags & ICCP_FLAG) && WebPDemuxGetChunk(m_demuxer, "ICCP", 1, &metaDataIter)) { if ((m_formatFlags & ICCP_FLAG) && WebPDemuxGetChunk(m_demuxer, "ICCP", 1, &metaDataIter)) {
const QByteArray iccProfile = QByteArray::fromRawData(reinterpret_cast<const char *>(metaDataIter.chunk.bytes), QByteArray iccProfile = QByteArray::fromRawData(reinterpret_cast<const char *>(metaDataIter.chunk.bytes),
metaDataIter.chunk.size); metaDataIter.chunk.size);
// Ensure the profile is 4-byte aligned.
if (reinterpret_cast<qintptr>(iccProfile.constData()) & 0x3)
iccProfile.detach();
m_colorSpace = QColorSpace::fromIccProfile(iccProfile); m_colorSpace = QColorSpace::fromIccProfile(iccProfile);
// ### consider parsing EXIF and/or XMP metadata too. // ### consider parsing EXIF and/or XMP metadata too.
WebPDemuxReleaseChunkIterator(&metaDataIter); WebPDemuxReleaseChunkIterator(&metaDataIter);
@ -288,6 +291,7 @@ bool QWebpHandler::write(const QImage &image)
if (!WebPEncode(&config, &picture)) { if (!WebPEncode(&config, &picture)) {
qWarning() << "failed to encode webp picture, error code: " << picture.error_code; qWarning() << "failed to encode webp picture, error code: " << picture.error_code;
WebPPictureFree(&picture); WebPPictureFree(&picture);
WebPMemoryWriterClear(&writer);
return false; return false;
} }
@ -336,6 +340,7 @@ bool QWebpHandler::write(const QImage &image)
static_cast<size_t>(device()->write(reinterpret_cast<const char *>(writer.mem), writer.size))); static_cast<size_t>(device()->write(reinterpret_cast<const char *>(writer.mem), writer.size)));
} }
WebPPictureFree(&picture); WebPPictureFree(&picture);
WebPMemoryWriterClear(&writer);
return res; return res;
} }