Skip to content

456738 JPEG XL: fix crash on Substance Designer exports

In the associated bug report, we were notified that certain JPEG XL images crashed Krita outright. This is because of multiple concurrent bugs:

  1. Substance Designer, the generator, exports metadata before the actual pixel stream, which makes it impossible to set metadata as is done in Krita; we require an active image before we can create a paint layer, which in turn will receive the metadata.
  2. Stack smashing bug on box contents retrieval. Due to my usage of stack space for the box types, and a typo when setting the buffers (I set the buffer to be boxType, a 4-byte container, instead of box which is 16K) the image instantly killed Krita's internal state.
  3. Buffer resize operating on a stale size. This is because I truncate the box to its reported size (pruning excess space) before passing it to QBuffer for the metadata backends, and then not updating the cached size for future resize operations.

This MR fixes the issue in three separate commits:

  1. Fixed box type retrieval and checking. Changed the box type storage to QByteArray, used std::strlen and range equal to check the type instead of std::array's equality operator. (The change of storage helps to trap possible future overruns via ASAN.)
  2. Fixed the stack smashing above by setting the correct buffers for retrieving box types and box contents, and updating the cached size appropriately.
  3. Fixed the actual metadata application by storing the boxes in a hash map. Then, once we get the OK from libjxl, we apply the boxes in a single swoop.

BUG: 456738

Test Plan

Build Krita. Open the image from the associated bug. Check that we do not crash.

Formalities Checklist

  • I confirmed this builds.
  • I confirmed Krita ran and the relevant functions work.
  • I tested the relevant unit tests and can confirm they are not broken. (If not possible, don't hesitate to ask for help!)
  • I made sure my commits build individually and have good descriptions as per KDE guidelines.
  • I made sure my code conforms to the standards set in the HACKING file.
  • I can confirm the code is licensed and attributed appropriately, and that unattributed code is mine, as per KDE Licensing Policy.

Merge request reports

Loading