From 0d287500be09c800fbcc8f04862d316075ced546 Mon Sep 17 00:00:00 2001
From: Eirik Aavitsland <eirik.aavitsland@qt.io>
Date: Wed, 1 Mar 2017 12:21:29 +0100
Subject: [PATCH] xpm image format: Reject corrupt images with invalid header
 info

The xpm handler did not properly check that the information read from
the file header was sane.

Task-number: QTBUG-59211
Change-Id: I84099777a16b2b0c473d139f5fdec1d0cb5d515e
Reviewed-by: Paul Olav Tvete <paul.tvete@qt.io>
---
 src/gui/image/qxpmhandler.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/gui/image/qxpmhandler.cpp b/src/gui/image/qxpmhandler.cpp
index 1f1f6b388f..ce7f7b8a0f 100644
--- a/src/gui/image/qxpmhandler.cpp
+++ b/src/gui/image/qxpmhandler.cpp
@@ -852,6 +852,9 @@ static bool read_xpm_header(
 #endif
         return false;                                        // < 4 numbers parsed
 
+    if (*w <= 0 || *w > 32767 || *h <= 0 || *h > 32767 || *ncols <= 0 || *ncols > (64 * 64 * 64 * 64) || *cpp <= 0 || *cpp > 15)
+        return false;                                        // failed sanity check
+
     return true;
 }