diff options
| author | Jonas Karlsson <jonas.karlsson@qt.io> | 2024-02-08 17:01:05 +0100 |
|---|---|---|
| committer | Jani Heikkinen <jani.heikkinen@qt.io> | 2024-02-09 12:43:42 +0000 |
| commit | dec1863c7dc63e5788b0c6c061d36e856a6ae2b2 (patch) | |
| tree | d5fd44eba55766819aeb91eb60367525312ce9d3 /src/gui/util/qktxhandler_p.h | |
| parent | b47ad83d7c84c30506b47787b58cc26a4baa214c (diff) | |
* Use qAddOverflow/qSubOverflow methods for catching additions and
subtractions with overflow and handle these scenarios when reading the
file.
* Add 'safeView' method that checks that the byte array view constructed
is not out of bounds.
* Return error if number of levels is higher than what is reasonable.
* Return error if number of faces is incorrect.
* Add unit test with invalid KTX file previously causing a segmentation
fault.
This fixes CVE-2024-25580.
Fixes: QTBUG-121918
Change-Id: Ie0824c32a5921de30cf07c1fc1b49a084e6d07b2
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
(cherry picked from commit 28ecb523ce8490bff38b251b3df703c72e057519)
Reviewed-by: Jonas Karlsson <jonas.karlsson@qt.io>
Diffstat (limited to 'src/gui/util/qktxhandler_p.h')
| -rw-r--r-- | src/gui/util/qktxhandler_p.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/gui/util/qktxhandler_p.h b/src/gui/util/qktxhandler_p.h index 7d54b20922..3a0b8fcf7e 100644 --- a/src/gui/util/qktxhandler_p.h +++ b/src/gui/util/qktxhandler_p.h @@ -17,6 +17,8 @@ #include "qtexturefilehandler_p.h" +#include <optional> + QT_BEGIN_NAMESPACE struct KTXHeader; @@ -33,7 +35,7 @@ public: private: bool checkHeader(const KTXHeader &header); - QMap<QByteArray, QByteArray> decodeKeyValues(QByteArrayView view) const; + std::optional<QMap<QByteArray, QByteArray>> decodeKeyValues(QByteArrayView view) const; quint32 decode(quint32 val) const; bool inverseEndian = false; |