[frameworks-kimageformats] [Bug 498380] Integer overflow in XCF parser

https://bugs.kde.org/show_bug.cgi?id=498380 Mirco Miranda changed: What|Removed |Added CC||mirco...@gmail.com --- Comment #6 from Mirco Mi

[frameworks-kimageformats] [Bug 498380] Integer overflow in XCF parser

https://bugs.kde.org/show_bug.cgi?id=498380 --- Comment #5 from iph...@gmail.com --- It's recommended not to ship with ubsan + runtime, because the runtime opens more attack vectors. We use the no-runtime version. -- You are receiving this mail because: You are watching all bug changes.

[frameworks-kimageformats] [Bug 498380] Integer overflow in XCF parser

https://bugs.kde.org/show_bug.cgi?id=498380 Albert Astals Cid changed: What|Removed |Added Resolution|WAITINGFORINFO |--- Severity|crash

[frameworks-kimageformats] [Bug 498380] Integer overflow in XCF parser

https://bugs.kde.org/show_bug.cgi?id=498380 --- Comment #3 from iph...@gmail.com --- It's undefined behaviour. This prevents us from using ubsan in trap mode as a security measure (yes, crashes are better than remote code execution). The zig cross compiler toolchain has this as a (in my view sensi

[frameworks-kimageformats] [Bug 498380] Integer overflow in XCF parser

https://bugs.kde.org/show_bug.cgi?id=498380 Albert Astals Cid changed: What|Removed |Added Resolution|--- |WAITINGFORINFO Status|REPORTED

[frameworks-kimageformats] [Bug 498380] Integer overflow in XCF parser

https://bugs.kde.org/show_bug.cgi?id=498380 --- Comment #1 from iph...@gmail.com --- Reproducer: ``` const QByteArray data = QByteArray::fromBase64( "AWdpbXAgeGNmAAAwAAoAAABbAzMgCHAAAC0AAAgg" "8AAACAAgAPAACgCJ2/AAA