Skip to content

Improve KTX file reading memory safety

  • Use qAddOverflow/qSubOverflow methods for catching additions and subtractions with overflow and handle these scenarios when reading the file.
  • Add 'safeView' method that checks that the byte array view constructed is not out of bounds.
  • Return error if number of levels is higher than what is reasonable.
  • Return error if number of faces is incorrect.
  • Add unit test with invalid KTX file previously causing a segmentation fault.

This fixes CVE-2024-25580.

Fixes: QTBUG-121918 Pick-to: 6.7 6.6 6.5 6.2 5.15 Change-Id: Ie0824c32a5921de30cf07c1fc1b49a084e6d07b2 Reviewed-by: Eirik Aavitsland Reviewed-by: Qt CI Bot (cherry picked from commit 28ecb523)

Merge request reports