Improve KTX file reading memory safety (!310) · Merge requests · Qt Project / qt / qtbase

Fabian Vogt requested to merge fvogt/qtbase:work/fvogt/CVE-2024-25580 into kde/5.15 Feb 15, 2024

This commit is imported from the Qt security announcement. It didn't have
a summary, so here's the one for the 6.6 backport, which applies mostly:

* Use qAddOverflow/qSubOverflow methods for catching additions and
  subtractions with overflow and handle these scenarios when reading the
  file.
* Add 'safeView' method that checks that the byte array view constructed
  is not out of bounds.
* Return error if number of levels is higher than what is reasonable.
* Return error if number of faces is incorrect.
* Add unit test with invalid KTX file previously causing a segmentation
  fault.

This fixes CVE-2024-25580.

Fixes: QTBUG-121918
Pick-to: 6.5 6.2 5.15
Change-Id: Ie0824c32a5921de30cf07c1fc1b49a084e6d07b2
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
(cherry picked from commit 28ecb523ce8490bff38b251b3df703c72e057519)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit de5820c3f822b3dc0444d4aed16c6146c06f175d)

Edited Feb 15, 2024 by Fabian Vogt

Improve KTX file reading memory safety

Merge request reports