Hello, Il 15/04/2018 18:14, Иван Комиссаров ha scritto:
The usual amount of parsing a file without doing bounds checks, so making the user vulnerable to crashes / code execution / overflows and the like.Are there any tickets on Jira related? All tickets i found are fixed and closed long ago (Qt5.5)
I'm not sure if it was reported on Jira or through a security notification. I'm thinking about the latter, around the time where we fuzzed Qt's image formats.
What need to be done to return the plugin to the default build?Build it yourself; as far as I know it's still shipped as part of qtimageformats.I’m asking because I’m, the original author of the DDS plugin and I’m disappointed my work is thrown away:(
Sorry about that... just a matter of evolution of the code. But, as I said, the code itself should be still shipped, just not built by default.
The reason i started the work is to convert to/from DDS files because existing converters (PS/GIMP plugins and microsoft tool are not ideal, GIMP plugin is really buggy). However, i stucked because of the limitations of the QImageWriter API (which can’t be changedun till Qt6).
What do you mean? What has Qt to do in terms of converters?From my personal experience texconv / texassemble are probably the best tools in terms of creating DDS files. Recently ImageMagick also has got some support, however I found it still extremely buggy.
I can fix the security issues and move the dds reading/writing code to the separate lib so it can be shared with Qt 3d (i saw the duplication of the DDSHeader at least) and not be dependent on the QImageIoPlugin API which is flawed.
In the broader plan of things Qt should get some convenience APIs for loading from texture files; these APIs should sit in QtGui and then be used by Qt3D, QtQuick and so on. I don't see it useful to revamp the DDS image loader just for this purpose.
To say it all: such a thing in QtGui (QOpenGLTexture::loadFromFile?) should just use GLI or some other similar library, so we make it SEP and also support a bunch of formats in one go.
My 2 cents, -- Giuseppe D'Angelo | [email protected] | Senior Software Engineer KDAB (France) S.A.S., a KDAB Group company Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com KDAB - The Qt, C++ and OpenGL Experts
smime.p7s
Description: Firma crittografica S/MIME
_______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
