* Use qAddOverflow/qSubOverflow methods for catching additions and
subtractions with overflow and handle these scenarios when reading the
file.
* Add 'safeView' method that checks that the byte array view constructed
is not out of bounds.
* Return error if number of levels is higher than what is reasonable.
* Return error if number of faces is incorrect.
* Add unit test with invalid KTX file previously causing a segmentation
fault.
This fixes CVE-2024-25580.
Fixes: QTBUG-121918
Change-Id: Ie0824c32a5921de30cf07c1fc1b49a084e6d07b2
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
(cherry picked from commit 28ecb523ce8490bff38b251b3df703c72e057519)
Reviewed-by: Jonas Karlsson <jonas.karlsson@qt.io>
They cause clashes in CMake Unity (Jumbo) builds.
Pick-to: 6.5
Task-number: QTBUG-109394
Change-Id: I3c51fb41d29e5c649537b999dced7e2d413b26a7
Done-with: Amir Masoud Abdol <amir.abdol@qt.io>
Reviewed-by: Axel Spoerl <axel.spoerl@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Amir Masoud Abdol <amir.abdol@qt.io>
Replace the current license disclaimer in files by
a SPDX-License-Identifier.
Files that have to be modified by hand are modified.
License files are organized under LICENSES directory.
Task-number: QTBUG-67283
Change-Id: Id880c92784c40f3bbde861c0d93f58151c18b9f1
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Jörg Bornemann <joerg.bornemann@qt.io>
Required for porting away from QLatin1Char/QLatin1String in scope of
QTBUG-98434.
Change-Id: I308d86cefcbfd126929b68f9a853d420840c965f
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
Previously there was a mixture of buf.constData() and buf.data() with
buf not being const QByteArray. As a result, buf.data() returned a
re-allocated buffer and texData was keeping pointers to that one, which
became invalid once the function returned and the re-allocated buffer
was cleaned up by destructor.
Change buf to const QByteArray so that there is no difference between
data() and constData(). Additionally convert all constData() calls to
data() to avoid confusion.
Detected by Address Sanitizer on testcase
tst_qtexturefilereader::checkMetadata()
Pick-to: 6.3 6.2
Change-Id: Idb6f6141898678bf95ed9233a92b7bb3ad12e250
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
As a drive-by, remove superfluous includes from qnetworkmanagerservice.h
and obey the coding conventions for includes in a few more places.
Change-Id: I65b68c0cef7598d06a125e97637040392d4be9ff
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Destructors of polymorphic classes should be out-of-line to pin vtable
and type_info objects to a single TU.
Pick-to: 6.3
Task-number: QTBUG-45582
Change-Id: I541437a3ff53852527f6278355f7b549e62e17f7
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
comparison of integers of different signs: 'unsigned int'
and 'qsizetype' (aka 'int') [-Wsign-compare]
Pick-to: 6.1
Change-Id: Ia27f79ab4abca8b757b65ef5f1d30151842088fe
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
Move the QIODevice::OpenMode enum into a base class, so that
we can remove the full QIODevice (and thus QObject) dependency
from qdatastream.h and qtextstream.h.
This is required so that we can include QDataStream in qmetatype.h
without getting circular dependencies.
As a nice side effect, QDataStream and QTextStream can now inherit
QIODeviceBase and provide the OpenMode enum directly in their
class scope.
Change-Id: Ifa68b7b1d8d95687ed032f6c9206f92e63bfacdf
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
Reviewed-by: Maurice Kalinowski <maurice.kalinowski@qt.io>
This is required to remove the ; from the macro with Qt 6.
Task-number: QTBUG-82978
Change-Id: I3f0b6717956ca8fa486bed9817b89dfa19f5e0e1
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
Add a framework for reading and decoding stored graphical texture file
formats. Includes decoders for the PKM and KTX formats.
This is basically the same texture file reading that was added to
qtdeclarative for 5.11, but has been refactored to be independent of
the scenegraph and opengl.
Task-number: QTBUG-67026
Change-Id: I87d8117550d8a2112f4f58c03e9ac6b3249cbc5a
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
Reviewed-by: Laszlo Agocs <laszlo.agocs@qt.io>
