Fixes crash in gif image decoder

Eirik Aavitsland · aavit · commit a1cf194c54be · 2015-03-13T10:16:39.000Z
Fuzzing test revealed that for certain malformed gif files,
qgifhandler would segfault.

Change-Id: I5bb6f60e1c61849e0d8c735edc3869945e5331c1
(cherry picked from qtbase/ea2c5417fcd374302f5019e67f72af5facbd29f6)
Reviewed-by: Richard J. Moore &lt;rich@kde.org&gt;
diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp
@@ -944,6 +944,8 @@ void QGIFFormat::fillRect(QImage *image, int col, int row, int w, int h, QRgb co
 
 void QGIFFormat::nextY(unsigned char *bits, int bpl)
 {
+    if (out_of_bounds)
+        return;
     int my;
     switch (interlace) {
     case 0: // Non-interlaced

Original file line number	Diff line number	Diff line change
`@@ -944,6 +944,8 @@ void QGIFFormat::fillRect(QImage *image, int col, int row, int w, int h, QRgb co`
`944`	`944`
`945`	`945`	`void QGIFFormat::nextY(unsigned char *bits, int bpl)`
`946`	`946`	`{`
	`947`	`+ if (out_of_bounds)`
	`948`	`+ return;`
`947`	`949`	`int my;`
`948`	`950`	`switch (interlace) {`
`949`	`951`	`case 0: // Non-interlaced`