Hello,

Il 15/04/2018 18:14, Иван Комиссаров ha scritto:
The usual amount of parsing a file without doing bounds checks, so making the 
user vulnerable to crashes / code execution / overflows and the like.

Are there any tickets on Jira related? All tickets i found are fixed and closed 
long ago (Qt5.5)

I'm not sure if it was reported on Jira or through a security notification. I'm thinking about the latter, around the time where we fuzzed Qt's image formats.

What need to be done to return the plugin to the default build?

Build it yourself; as far as I know it's still shipped as part of 
qtimageformats.

I’m asking because I’m, the original author of the DDS plugin and I’m 
disappointed my work is thrown away:(

Sorry about that... just a matter of evolution of the code. But, as I said, the code itself should be still shipped, just not built by default.

The reason i started the work is to convert to/from DDS files because existing 
converters (PS/GIMP plugins and microsoft tool are not ideal, GIMP plugin is 
really buggy). However, i stucked because of the limitations of the 
QImageWriter API (which can’t be changedun till Qt6).

What do you mean? What has Qt to do in terms of converters?

From my personal experience texconv / texassemble are probably the best tools in terms of creating DDS files. Recently ImageMagick also has got some support, however I found it still extremely buggy.


I can fix the security issues and move the dds reading/writing code to the 
separate lib so it can be shared with Qt 3d (i saw the duplication of the 
DDSHeader at least) and not be dependent on the QImageIoPlugin API which is 
flawed.

In the broader plan of things Qt should get some convenience APIs for loading from texture files; these APIs should sit in QtGui and then be used by Qt3D, QtQuick and so on. I don't see it useful to revamp the DDS image loader just for this purpose.

To say it all: such a thing in QtGui (QOpenGLTexture::loadFromFile?) should just use GLI or some other similar library, so we make it SEP and also support a bunch of formats in one go.

My 2 cents,
--
Giuseppe D'Angelo | giuseppe.dang...@kdab.com | Senior Software Engineer
KDAB (France) S.A.S., a KDAB Group company
Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
KDAB - The Qt, C++ and OpenGL Experts

Attachment: smime.p7s
Description: Firma crittografica S/MIME

_______________________________________________
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Reply via email to