Priority: P1: Critical
Affects Version/s: 6.2.3, 6.4
Component/s: Image formats
Environment:Ubuntu 20.04 LTS
clang 10.0.0, g++ 9.4.0
Commits:34731687ee (qt/qtimageformats/dev) 34731687ee (qt/tqtc-qtimageformats/dev) 8730ead6e0 (qt/qtimageformats/6.3) 8730ead6e0 (qt/tqtc-qtimageformats/6.3) e46b3dc574 (qt/tqtc-qtimageformats/5.15) c7e795eb63 (qt/tqtc-qtimageformats/6.2)
- Have a build of Qt including qtimageformats.
No sanitizers needed.
- Build the attached project.
- Run this, passing the attached input file.
If you configured Qt with "-sanitize address", you'll see a stacktrace:
Looking into the file, the problem is obvious:
After the magic number, the file claims to have a total size of 0 which is obviously incorrect. Qt should catch this.
Google's oss-fuzz found this as issue 47415. They will publish the details 90 days from now, the latest.