whytofly
/
qt6-bb10
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
qt6-bb10/tests/auto/gui/util/qtexturefilereader
History
Jonas Karlsson 28ecb523ce Improve KTX file reading memory safety 
* Use qAddOverflow/qSubOverflow methods for catching additions and
  subtractions with overflow and handle these scenarios when reading the
  file.
* Add 'safeView' method that checks that the byte array view constructed
  is not out of bounds.
* Return error if number of levels is higher than what is reasonable.
* Return error if number of faces is incorrect.
* Add unit test with invalid KTX file previously causing a segmentation
  fault.

This fixes CVE-2024-25580.

Fixes: QTBUG-121918
Pick-to: 6.7 6.6 6.5 6.2 5.15
Change-Id: Ie0824c32a5921de30cf07c1fc1b49a084e6d07b2
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
 		2024-02-09 13:08:44 +01:00
..
texturefiles Improve KTX file reading memory safety 2024-02-09 13:08:44 +01:00
CMakeLists.txt Improve KTX file reading memory safety 2024-02-09 13:08:44 +01:00
tst_qtexturefilereader.cpp Improve KTX file reading memory safety 2024-02-09 13:08:44 +01:00