Improve KTX file reading memory safetyv6.6.2 6.6.2

* Use qAddOverflow/qSubOverflow methods for catching additions and subtractions with overflow and handle these scenarios when reading the file. * Add 'safeView' method that checks that the byte array view constructed is not out of bounds. * Return error if number of levels is higher than what is reasonable. * Return error if number of faces is incorrect. * Add unit test with invalid KTX file previously causing a segmentation fault. This fixes CVE-2024-25580. Fixes: QTBUG-121918 Change-Id: Ie0824c32a5921de30cf07c1fc1b49a084e6d07b2 Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io> Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> (cherry picked from commit 28ecb523ce8490bff38b251b3df703c72e057519) Reviewed-by: Jonas Karlsson <jonas.karlsson@qt.io>
author: Jonas Karlsson <jonas.karlsson@qt.io> 2024-02-08 17:01:05 +0100
committer: Jani Heikkinen <jani.heikkinen@qt.io> 2024-02-09 12:43:42 +0000
commit: dec1863c7dc63e5788b0c6c061d36e856a6ae2b2 (patch)
tree: d5fd44eba55766819aeb91eb60367525312ce9d3 /tests/auto/gui/util/qtexturefilereader/texturefiles/invalid.ktx
parent: b47ad83d7c84c30506b47787b58cc26a4baa214c (diff)
1 files changed, 0 insertions, 0 deletions
diff --git a/tests/auto/gui/util/qtexturefilereader/texturefiles/invalid.ktx b/tests/auto/gui/util/qtexturefilereader/texturefiles/invalid.ktx
new file mode 100644
index 0000000000..68a92221db
--- /dev/null
+++ b/tests/auto/gui/util/qtexturefilereader/texturefiles/invalid.ktx
author	Jonas Karlsson <jonas.karlsson@qt.io>	2024-02-08 17:01:05 +0100
committer	Jani Heikkinen <jani.heikkinen@qt.io>	2024-02-09 12:43:42 +0000
commit	dec1863c7dc63e5788b0c6c061d36e856a6ae2b2 (patch)
tree	d5fd44eba55766819aeb91eb60367525312ce9d3 /tests/auto/gui/util/qtexturefilereader/texturefiles/invalid.ktx
parent	b47ad83d7c84c30506b47787b58cc26a4baa214c (diff)