Upstream-Status: Backport

Backport patch to fix CVE-2015-1860

http://code.qt.io/cgit/qt/qt.git/commit/?id=9f2425a

Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
From a1cf194c54be57d6ab55dfd26b9562a60532208e Mon Sep 17 00:00:00 2001
From: Eirik Aavitsland <eirik.aavitsland@theqtcompany.com>
Date: Wed, 11 Mar 2015 09:00:41 +0100
Subject: [PATCH] Fixes crash in gif image decoder

Fuzzing test revealed that for certain malformed gif files,
qgifhandler would segfault.

Change-Id: I5bb6f60e1c61849e0d8c735edc3869945e5331c1
(cherry picked from qtbase/ea2c5417fcd374302f5019e67f72af5facbd29f6)
Reviewed-by: Richard J. Moore <rich@kde.org>
---
 src/gui/image/qgifhandler.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp
index 5199dd3..49aa2a6 100644
--- a/src/gui/image/qgifhandler.cpp
+++ b/src/gui/image/qgifhandler.cpp
@@ -944,6 +944,8 @@ void QGIFFormat::fillRect(QImage *image, int col, int row, int w, int h, QRgb co
 
 void QGIFFormat::nextY(unsigned char *bits, int bpl)
 {
+    if (out_of_bounds)
+        return;
     int my;
     switch (interlace) {
     case 0: // Non-interlaced
-- 
2.4.1