TGA handler: check for out of range image size

Make the decoder fail early to avoid spending time and memory on attempting to decode a corrupt image file. Change-Id: Iac35e72de743f412a65d11c58fe7faa275dc4e41 Reviewed-by: Lars Knoll <lars.knoll@qt.io> (cherry picked from commit 7cfe47a8)

TGA handler: check for out of range image size
Make the decoder fail early to avoid spending time and memory on attempting to decode a corrupt image file. Change-Id: Iac35e72de743f412a65d11c58fe7faa275dc4e41 Reviewed-by: Lars Knoll <lars.knoll@qt.io> (cherry picked from commit 7cfe47a8)
6eefe6d0 · Eirik Aavitsland · Jani Heikkinen · 55904e96 · 6eefe6d0
Commit 6eefe6d0 authored 6 years ago by Eirik Aavitsland Committed by Jani Heikkinen 6 years ago
--- a/src/plugins/imageformats/tga/qtgafile.cpp
+++ b/src/plugins/imageformats/tga/qtgafile.cpp
@@ -163,6 +163,12 @@ QTgaFile::QTgaFile(QIODevice *device)
    if (!validDepth)
    {
        mErrorMessage = tr("Image depth not valid");
+        return;
+    }
+    if (quint64(width()) * quint64(height()) > (8192 * 8192))
+    {
+        mErrorMessage = tr("Image size exceeds limit");
+        return;
    }
    int curPos = mDevice->pos();
    int fileBytes = mDevice->size();
@@ -233,6 +239,8 @@ QImage QTgaFile::readImage()
    unsigned char yCorner = desc & 0x20; // 0 = lower, 1 = upper

    QImage im(imageWidth, imageHeight, QImage::Format_ARGB32);
+    if (im.isNull())
+        return QImage();
    TgaReader *reader = 0;
    if (bitsPerPixel == 16)
        reader = new Tga16Reader();