diff options
| author | Jonas Karlsson <jonas.karlsson@qt.io> | 2024-02-08 17:01:05 +0100 |
|---|---|---|
| committer | Jonas Karlsson <jonas.karlsson@qt.io> | 2024-02-09 13:08:44 +0100 |
| commit | 28ecb523ce8490bff38b251b3df703c72e057519 (patch) | |
| tree | 5a2cb04ca290e0e17cc725193285837e8f1a270a /src/opengl/qopenglframebufferobject.cpp | |
| parent | a3bc8fc560c1b1d4b3173d142c5484fb0a85b11b (diff) | |
Improve KTX file reading memory safety
* Use qAddOverflow/qSubOverflow methods for catching additions and
subtractions with overflow and handle these scenarios when reading the
file.
* Add 'safeView' method that checks that the byte array view constructed
is not out of bounds.
* Return error if number of levels is higher than what is reasonable.
* Return error if number of faces is incorrect.
* Add unit test with invalid KTX file previously causing a segmentation
fault.
This fixes CVE-2024-25580.
Fixes: QTBUG-121918
Pick-to: 6.7 6.6 6.5 6.2 5.15
Change-Id: Ie0824c32a5921de30cf07c1fc1b49a084e6d07b2
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Diffstat (limited to 'src/opengl/qopenglframebufferobject.cpp')
0 files changed, 0 insertions, 0 deletions