diff options
| author | Marc Mutz <marc.mutz@kdab.com> | 2016-10-15 22:23:03 +0200 |
|---|---|---|
| committer | Giuseppe D'Angelo <giuseppe.dangelo@kdab.com> | 2016-11-08 18:49:58 +0000 |
| commit | e6deda527721f94133d5715f5c34a170c043f3d1 (patch) | |
| tree | e82be0cf0c698665e740490decf33e156692de4d /src | |
| parent | 7e7aa7a6591222a11a7268f6c73b724a7da1b880 (diff) | |
| download | qtimageformats-e6deda527721f94133d5715f5c34a170c043f3d1.tar.gz | |
QTgaFile: fix parsing of TGA16 rgb data
The code tries to expand a 16-bit value of the form 0bABBBBBGGGGGRRRRR
into a 32-bit QRgb, but got the operator precedence wrong:
<< has higher precedence than binary &
This made the first operand of the |-chain (BBBBB) unconditionally
zero. The second operand had the same precedence problem, but didn't
decay into a tautological value like the first one did.
Fix by adding another set of parentheses.
The test coverage for this security-relevant piece of code is quite
obviously insufficient, and should be increased, or else the format be
dropped.
[ChangeLog][TGA] Fixed reading of TGA-16 formats.
Coverity-Id: 21782
Change-Id: I7019be8fe22e480c40192e0c1916b1d2bebf71cc
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/plugins/imageformats/tga/qtgafile.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/plugins/imageformats/tga/qtgafile.cpp b/src/plugins/imageformats/tga/qtgafile.cpp index a0fc26d..b248b3a 100644 --- a/src/plugins/imageformats/tga/qtgafile.cpp +++ b/src/plugins/imageformats/tga/qtgafile.cpp @@ -52,7 +52,7 @@ struct Tga16Reader : public TgaReader if (s->getChar(&ch1) && s->getChar(&ch2)) { quint16 d = (int(ch1) & 0xFF) | ((int(ch2) & 0xFF) << 8); QRgb result = (d & 0x8000) ? 0xFF000000 : 0x00000000; - result |= (d & 0x7C00 << 6) | (d & 0x03E0 << 3) | (d & 0x001F); + result |= ((d & 0x7C00) << 6) | ((d & 0x03E0) << 3) | (d & 0x001F); return result; } else { return 0; |