ppmhandler: Fix undefined overflow behavior
image/qppmhandler.cpp:260:53: runtime error: signed integer overflow: 44444444 * 255 cannot be represented in type 'int' #0 0x4cbc8a in read_pbm_body(QIODevice*, char, int, int, int, QImage*) /src/qt/qtbase/src/gui/image/qppmhandler.cpp:260:53 #1 0x4ca3d8 in QPpmHandler::read(QImage*) /src/qt/qtbase/src/gui/image/qppmhandler.cpp:514:10 #2 0x4b238d in QImageReader::read(QImage*) /src/qt/qtbase/src/gui/image/qimagereader.cpp:1253:22 #3 0x4b1b61 in QImageReader::read() /src/qt/qtbase/src/gui/image/qimagereader.cpp:1201:12 #4 0x486f66 in QImage::fromData(unsigned char const*, int, char const*) /src/qt/qtbase/src/gui/image/qimage.cpp:3624:37 #5 0x486cd8 in QImage::loadFromData(unsigned char const*, int, char const*) /src/qt/qtbase/src/gui/image/qimage.cpp:3590:13 #6 0x434b2e in LLVMFuzzerTestOneInput /src/qimage_fuzzer.cc:28:7 #7 0x44b167 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:570:15 #8 0x44a535 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:479:3 #9 0x44c428 in fuzzer::Fuzzer::MutateAndTestOne() /src/libfuzzer/FuzzerLoop.cpp:707:19 #10 0x44d1b5 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:838:5 #11 0x440a29 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:764:6 #12 0x434bf8 in main /src/libfuzzer/FuzzerMain.cpp:20:10 #13 0x7fe01697282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #14 0x409bb8 in _start (/out/qimage_fuzzer+0x409bb8) Change-Id: Ibc5df6db52639f12319910b927f6443d927206d8 Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
This commit is contained in:
parent
63e0c3e1b5
commit
591d1fd28a
@ -258,7 +258,7 @@ static bool read_pbm_body(QIODevice *device, char type, int w, int h, int mcc, Q
|
||||
}
|
||||
} else {
|
||||
while (n--) {
|
||||
*p++ = read_pbm_int(device) * 255 / mcc;
|
||||
*p++ = (read_pbm_int(device) & 0xffff) * 255 / mcc;
|
||||
}
|
||||
}
|
||||
} else { // 32 bits
|
||||
|
Loading…
Reference in New Issue
Block a user