1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1064054: qtbase-opensource-src-gles: CVE-2024-25580

    From Moritz =?UTF-8?Q?M=C3=BChlenhoff?=@21:1/5 to All on Fri Feb 16 15:30:01 2024
    Source: qtbase-opensource-src-gles
    X-Debbugs-CC: team@security.debian.org
    Severity: important
    Tags: security

    Hi,

    The following vulnerability was published for qtbase-opensource-src-gles.

    CVE-2024-25580[0]:
    https://bugzilla.redhat.com/show_bug.cgi?id=2264423 https://download.qt.io/official_releases/qt/5.15/CVE-2024-25580-qtbase-5.15.diff


    If you fix the vulnerability please also make sure to include the
    CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

    For further information see:

    [0] https://security-tracker.debian.org/tracker/CVE-2024-25580
    https://www.cve.org/CVERecord?id=CVE-2024-25580

    Please adjust the affected versions in the BTS as needed.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From James Addison@21:1/5 to All on Fri Feb 16 17:10:01 2024
    This is a multi-part MIME message sent by reportbug.


    Source: qtbase-opensource-src-gles
    Followup-For: Bug #1064054
    Control: found -1 5.12.2+dfsg-1
    Control: tags -1 patch

    diff --git a/src/gui/util/qktxhandler.cpp b/src/gui/util/qktxhandler.cpp
    index 0d98e97453..6a79e55109 100644
    --- a/src/gui/util/qktxhandler.cpp
    +++ b/src/gui/util/qktxhandler.cpp
    @@ -73,7 +73,7 @@ struct KTXHeader {
    quint32 bytesOfKeyValueData;
    };

    -static const quint32 headerSize = sizeof(KTXHeader);
    +static constexpr quint32 qktxh_headerSize = sizeof(KTXHeader);

    // Currently unused, declared for future reference
    struct KTXKeyValuePairItem {
    @@ -103,11 +103,36 @@ struct KTXMipmapLevel {
    */
    };

    -bool QKtxHandler::canRead(const QByteArray &suffix, const QByteArray &block) +static bool qAddOverflow(quint32 v1, quint32 v2, quint32 *r) {
    + // unsigned additions are well-defined
    + *r = v1 + v2;
    + return v1 > quint32(v1 + v2);
    +}
    +
    +// Returns the nearest multiple of 4 greater than or equal to 'value'
    +static bool nearestMultipleOf4(quint32 value, quint32 *result)
    +{
    + constexpr quint32 rounding = 4;
    + *result = 0;
    + if (qAddOverflow(value, rounding - 1, result))
    + return true;
    + *result &= ~(rounding - 1);
    + return false;
    +}
    +
    +// Returns a sl