On Tuesday, 15 July 2025 21:32:04 Central European Summer Time Ilya Fedin wrote: > On Tue, 15 Jul 2025 17:22:58 +0200 > > Allan Sandfeld Jensen <k...@carewolf.com> wrote: > > On Tuesday, 15 July 2025 00:55:48 Central European Summer Time Ilya > > > > Fedin wrote: > > > Could it be used indirectly via other Qt APIs? Is e.g. reading > > > images via QImage from untrusted sources affected? Is there a full > > > list of Qt APIs affected? > > > > It only affects the QColorSpace and if you use single color transform > > to or from them, AND have built Qt in debug mode where it will > > trigger an assert as one of the color values become infinite and upon > > further work upon it NaN which could escape simple value clamping, > > but still trigger a later assert that clamping was successful. > > Ah, so release builds without asserts are unaffected? > > > So yes > > it can apply to a QImage, but only if you then access the > > QImage::colorSpace() create a QColorTransform to or from it, and use > > that to convert a QColor. If you do any other transform on them or is > > running in release, the behavior is technically undefined but will in > > practice only affect the output pixels, depending on what your CPU > > architecture does with NaN or INF float when converted to an integer. > > Thanks! Nice if that's like that... I've asked because a brief search of > QColorSpace::fromICCProfile in qtbase reveals that it's used in > qjpeghandler.cpp and qpnghandler.cpp: > > https://github.com/qt/qtbase/blob/d3f300dd3b7d88a729f4db2b61dc238ed6a47730/s > rc/gui/image/qpnghandler.cpp#L448 > > https://github.com/qt/qtbase/blob/d3f300dd3b7d88a729f4db2b61dc238ed6a47730/s > rc/plugins/imageformats/jpeg/qjpeghandler.cpp#L1043 > > Which looks to me like it should affect this QImage constructor: > > https://doc.qt.io/Qt-6/qimage.html#QImage-5 > > And QImageReader. And that's only qtbase, I haven't searched other > modules... > > So, just to make sure, my understanding that those APIs are affected is > wrong, right? > Only indirectly, the assert is in QColorTransform https://doc.qt.io/qt-6/ qcolortransform.html#map-4[1]
So yes, you can load a color profile that can trigger the issue with all those apis, but they wouldn't trigger it on their own. You then have to access the color profile of the image, make a color transform to or from it, and then use that transform on a QColor. I don't personally find that a common use-case, but it is possible. Best regards Allan -------- [1] https://doc.qt.io/qt-6/qcolortransform.html#map-4
-- Development mailing list Development@qt-project.org https://lists.qt-project.org/listinfo/development
