Improve KTX file reading memory safety (!311) · Merge requests · Qt Project / qt / qtbase

Andreas Sturmlechner requested to merge asturmlechner/qtbase:asturmlechner/QTBUG-121918-CVE-2024-25580 into kde/5.15 Feb 15, 2024

https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-images
https://lists.qt-project.org/pipermail/announce/2024-February/000472.html

Use qAddOverflow/qSubOverflow methods for catching additions and subtractions with overflow and handle these scenarios when reading the file.
Add 'safeView' method that checks that the byte array view constructed is not out of bounds.
Return error if number of levels is higher than what is reasonable.
Return error if number of faces is incorrect.
Add unit test with invalid KTX file previously causing a segmentation fault.

This fixes CVE-2024-25580.

Fixes: QTBUG-121918 Pick-to: 6.7 6.6 6.5 6.2 5.15 Change-Id: Ie0824c32a5921de30cf07c1fc1b49a084e6d07b2 Reviewed-by: Eirik Aavitsland eirik.aavitsland@qt.io Reviewed-by: Qt CI Bot qt_ci_bot@qt-project.org (cherry picked from commit 28ecb523)

Improve KTX file reading memory safety

Merge request reports