Qt: Fix getPixels UAF
Vicki Pfau vi@endrift.com
Sun, 15 Sep 2019 13:27:43 -0700
1 files changed,
5 insertions(+),
4 deletions(-)
M
src/platform/qt/CoreController.cpp
→
src/platform/qt/CoreController.cpp
@@ -221,12 +221,13 @@ Interrupter interrupter(this);
const void* pixels; m_threadContext.core->getPixels(m_threadContext.core, &pixels, &stride); stride *= BYTES_PER_PIXEL; - buffer.resize(stride * size.height()); - memcpy(buffer.data(), pixels, buffer.size()); + buffer = QByteArray::fromRawData(static_cast<const char*>(pixels), stride * size.height()); } - return QImage(reinterpret_cast<const uchar*>(buffer.constData()), - size.width(), size.height(), stride, QImage::Format_RGBX8888); + QImage image(reinterpret_cast<const uchar*>(buffer.constData()), + size.width(), size.height(), stride, QImage::Format_RGBX8888); + image.bits(); // Cause QImage to detach + return image; } bool CoreController::isPaused() {