Improve KTX file reading memory safetyv6.6.26.6.2

* Use qAddOverflow/qSubOverflow methods for catching additions and
  subtractions with overflow and handle these scenarios when reading the
  file.
* Add 'safeView' method that checks that the byte array view constructed
  is not out of bounds.
* Return error if number of levels is higher than what is reasonable.
* Return error if number of faces is incorrect.
* Add unit test with invalid KTX file previously causing a segmentation
  fault.

This fixes CVE-2024-25580.

Fixes: QTBUG-121918
Change-Id: Ie0824c32a5921de30cf07c1fc1b49a084e6d07b2
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
(cherry picked from commit 28ecb523ce8490bff38b251b3df703c72e057519)
Reviewed-by: Jonas Karlsson <jonas.karlsson@qt.io>

1 files changed, 13 insertions, 0 deletions

diff --git a/tests/auto/gui/util/qtexturefilereader/tst_qtexturefilereader.cpp b/tests/auto/gui/util/qtexturefilereader/tst_qtexturefilereader.cpp
index 9d7205a921..41d0acfab2 100644
--- a/tests/auto/gui/util/qtexturefilereader/tst_qtexturefilereader.cpp
+++ b/tests/auto/gui/util/qtexturefilereader/tst_qtexturefilereader.cpp
@@ -11,6 +11,7 @@ class tst_qtexturefilereader : public QObject
 private slots:
     void checkHandlers_data();
     void checkHandlers();
+    void checkInvalid();
     void checkMetadata();
 };
 
@@ -140,6 +141,18 @@ void tst_qtexturefilereader::checkMetadata()
     QCOMPARE(kvs.value("test C"), QByteArrayLiteral("3\x0000"));
 }
 
+void tst_qtexturefilereader::checkInvalid()
+{
+    QFile f(":/texturefiles/invalid.ktx");
+    QVERIFY(f.open(QIODevice::ReadOnly));
+    QTextureFileReader r(&f);
+    QTextureFileData d = r.read();
+    auto kvs = d.keyValueMetadata();
+
+    // Basically just checking that we don't crash on and invalid file
+    QVERIFY(kvs.empty());
+}
+
 QTEST_MAIN(tst_qtexturefilereader)
 
 #include "tst_qtexturefilereader.moc"