On Tuesday, 15 July 2025 00:55:48 Central European Summer Time Ilya Fedin wrote: > > Could it be used indirectly via other Qt APIs? Is e.g. reading images > via QImage from untrusted sources affected? Is there a full list of Qt > APIs affected?
It only affects the QColorSpace and if you use single color transform to or from them, AND have built Qt in debug mode where it will trigger an assert as one of the color values become infinite and upon further work upon it NaN which could escape simple value clamping, but still trigger a later assert that clamping was successful. So yes it can apply to a QImage, but only if you then access the QImage::colorSpace() create a QColorTransform to or from it, and use that to convert a QColor. If you do any other transform on them or is running in release, the behavior is technically undefined but will in practice only affect the output pixels, depending on what your CPU architecture does with NaN or INF float when converted to an integer. Best regards Allan -- Development mailing list Development@qt-project.org https://lists.qt-project.org/listinfo/development
