On Wed, 16 Jul 2025 09:31:38 +0200 Allan Sandfeld Jensen <k...@carewolf.com> wrote:
> On Tuesday, 15 July 2025 21:32:04 Central European Summer Time Ilya > Fedin wrote: > > On Tue, 15 Jul 2025 17:22:58 +0200 > > > > Allan Sandfeld Jensen <k...@carewolf.com> wrote: > > > On Tuesday, 15 July 2025 00:55:48 Central European Summer Time > > > Ilya > > > > > > Fedin wrote: > > > > Could it be used indirectly via other Qt APIs? Is e.g. reading > > > > images via QImage from untrusted sources affected? Is there a > > > > full list of Qt APIs affected? > > > > > > It only affects the QColorSpace and if you use single color > > > transform to or from them, AND have built Qt in debug mode where > > > it will trigger an assert as one of the color values become > > > infinite and upon further work upon it NaN which could escape > > > simple value clamping, but still trigger a later assert that > > > clamping was successful. > > > > Ah, so release builds without asserts are unaffected? > > > > > So yes > > > it can apply to a QImage, but only if you then access the > > > QImage::colorSpace() create a QColorTransform to or from it, and > > > use that to convert a QColor. If you do any other transform on > > > them or is running in release, the behavior is technically > > > undefined but will in practice only affect the output pixels, > > > depending on what your CPU architecture does with NaN or INF > > > float when converted to an integer. > > > > Thanks! Nice if that's like that... I've asked because a brief > > search of QColorSpace::fromICCProfile in qtbase reveals that it's > > used in qjpeghandler.cpp and qpnghandler.cpp: > > > > https://github.com/qt/qtbase/blob/d3f300dd3b7d88a729f4db2b61dc238ed6a47730/s > > rc/gui/image/qpnghandler.cpp#L448 > > > > https://github.com/qt/qtbase/blob/d3f300dd3b7d88a729f4db2b61dc238ed6a47730/s > > rc/plugins/imageformats/jpeg/qjpeghandler.cpp#L1043 > > > > Which looks to me like it should affect this QImage constructor: > > > > https://doc.qt.io/Qt-6/qimage.html#QImage-5 > > > > And QImageReader. And that's only qtbase, I haven't searched other > > modules... > > > > So, just to make sure, my understanding that those APIs are > > affected is wrong, right? > > > Only indirectly, the assert is in QColorTransform > https://doc.qt.io/qt-6/ qcolortransform.html#map-4[1] > > So yes, you can load a color profile that can trigger the issue with > all those apis, but they wouldn't trigger it on their own. You then > have to access the color profile of the image, make a color transform > to or from it, and then use that transform on a QColor. I don't > personally find that a common use-case, but it is possible. > > Best regards > Allan > > > > > > -------- > [1] https://doc.qt.io/qt-6/qcolortransform.html#map-4 Thank you for clarification! -- Development mailing list Development@qt-project.org https://lists.qt-project.org/listinfo/development
