diff options
author | Jonas Karlsson <jonas.karlsson@qt.io> | 2024-02-08 17:01:05 +0100 |
---|---|---|
committer | Jani Heikkinen <jani.heikkinen@qt.io> | 2024-02-09 12:43:42 +0000 |
commit | dec1863c7dc63e5788b0c6c061d36e856a6ae2b2 (patch) | |
tree | d5fd44eba55766819aeb91eb60367525312ce9d3 /tests/auto/gui/util/qtexturefilereader/texturefiles/invalid.ktx | |
parent | b47ad83d7c84c30506b47787b58cc26a4baa214c (diff) |
* Use qAddOverflow/qSubOverflow methods for catching additions and
subtractions with overflow and handle these scenarios when reading the
file.
* Add 'safeView' method that checks that the byte array view constructed
is not out of bounds.
* Return error if number of levels is higher than what is reasonable.
* Return error if number of faces is incorrect.
* Add unit test with invalid KTX file previously causing a segmentation
fault.
This fixes CVE-2024-25580.
Fixes: QTBUG-121918
Change-Id: Ie0824c32a5921de30cf07c1fc1b49a084e6d07b2
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
(cherry picked from commit 28ecb523ce8490bff38b251b3df703c72e057519)
Reviewed-by: Jonas Karlsson <jonas.karlsson@qt.io>
Diffstat (limited to 'tests/auto/gui/util/qtexturefilereader/texturefiles/invalid.ktx')
-rw-r--r-- | tests/auto/gui/util/qtexturefilereader/texturefiles/invalid.ktx | bin | 0 -> 69 bytes |
1 files changed, 0 insertions, 0 deletions
diff --git a/tests/auto/gui/util/qtexturefilereader/texturefiles/invalid.ktx b/tests/auto/gui/util/qtexturefilereader/texturefiles/invalid.ktx Binary files differnew file mode 100644 index 0000000000..68a92221db --- /dev/null +++ b/tests/auto/gui/util/qtexturefilereader/texturefiles/invalid.ktx |