diff options
| author | Jonas Karlsson <jonas.karlsson@qt.io> | 2024-02-08 17:01:05 +0100 |
|---|---|---|
| committer | Jonas Karlsson <jonas.karlsson@qt.io> | 2024-02-09 13:08:44 +0100 |
| commit | 28ecb523ce8490bff38b251b3df703c72e057519 (patch) | |
| tree | 5a2cb04ca290e0e17cc725193285837e8f1a270a /tests/auto/gui | |
| parent | a3bc8fc560c1b1d4b3173d142c5484fb0a85b11b (diff) | |
Improve KTX file reading memory safety
* Use qAddOverflow/qSubOverflow methods for catching additions and
subtractions with overflow and handle these scenarios when reading the
file.
* Add 'safeView' method that checks that the byte array view constructed
is not out of bounds.
* Return error if number of levels is higher than what is reasonable.
* Return error if number of faces is incorrect.
* Add unit test with invalid KTX file previously causing a segmentation
fault.
This fixes CVE-2024-25580.
Fixes: QTBUG-121918
Pick-to: 6.7 6.6 6.5 6.2 5.15
Change-Id: Ie0824c32a5921de30cf07c1fc1b49a084e6d07b2
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Diffstat (limited to 'tests/auto/gui')
| -rw-r--r-- | tests/auto/gui/util/qtexturefilereader/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | tests/auto/gui/util/qtexturefilereader/texturefiles/invalid.ktx | bin | 0 -> 69 bytes | |||
| -rw-r--r-- | tests/auto/gui/util/qtexturefilereader/tst_qtexturefilereader.cpp | 13 |
3 files changed, 14 insertions, 0 deletions
diff --git a/tests/auto/gui/util/qtexturefilereader/CMakeLists.txt b/tests/auto/gui/util/qtexturefilereader/CMakeLists.txt index abc36b9495..70e2c02417 100644 --- a/tests/auto/gui/util/qtexturefilereader/CMakeLists.txt +++ b/tests/auto/gui/util/qtexturefilereader/CMakeLists.txt @@ -17,6 +17,7 @@ set(qtexturefilereader_resource_files "texturefiles/car_mips.ktx" "texturefiles/cubemap_float32_rgba.ktx" "texturefiles/cubemap_metadata.ktx" + "texturefiles/invalid.ktx" "texturefiles/newlogo.astc" "texturefiles/newlogo_srgb.astc" "texturefiles/pattern.pkm" diff --git a/tests/auto/gui/util/qtexturefilereader/texturefiles/invalid.ktx b/tests/auto/gui/util/qtexturefilereader/texturefiles/invalid.ktx Binary files differnew file mode 100644 index 0000000000..68a92221db --- /dev/null +++ b/tests/auto/gui/util/qtexturefilereader/texturefiles/invalid.ktx diff --git a/tests/auto/gui/util/qtexturefilereader/tst_qtexturefilereader.cpp b/tests/auto/gui/util/qtexturefilereader/tst_qtexturefilereader.cpp index 58ff6e744d..62760e3844 100644 --- a/tests/auto/gui/util/qtexturefilereader/tst_qtexturefilereader.cpp +++ b/tests/auto/gui/util/qtexturefilereader/tst_qtexturefilereader.cpp @@ -11,6 +11,7 @@ class tst_qtexturefilereader : public QObject private slots: void checkHandlers_data(); void checkHandlers(); + void checkInvalid(); void checkMetadata(); }; @@ -140,6 +141,18 @@ void tst_qtexturefilereader::checkMetadata() QCOMPARE(kvs.value("test C"), QByteArrayLiteral("3\x0000")); } +void tst_qtexturefilereader::checkInvalid() +{ + QFile f(":/texturefiles/invalid.ktx"); + QVERIFY(f.open(QIODevice::ReadOnly)); + QTextureFileReader r(&f); + QTextureFileData d = r.read(); + auto kvs = d.keyValueMetadata(); + + // Basically just checking that we don't crash on and invalid file + QVERIFY(kvs.empty()); +} + QTEST_MAIN(tst_qtexturefilereader) #include "tst_qtexturefilereader.moc" |