Skip to content

Fix undefined behavior in texture bit-field parsing from untrusted input#2341

Open
SABITHSAHEB wants to merge 1 commit into
Ultimaker:mainfrom
SABITHSAHEB:texture-bitfield-ub
Open

Fix undefined behavior in texture bit-field parsing from untrusted input#2341
SABITHSAHEB wants to merge 1 commit into
Ultimaker:mainfrom
SABITHSAHEB:texture-bitfield-ub

Conversation

@SABITHSAHEB

Copy link
Copy Markdown

Description

While reviewing the texture painting code, I noticed that bit ranges for paint features are read from PNG Description metadata and used directly for bit extraction.

Since these values originate from untrusted PNG files or Arcus messages, invalid ranges such as end >= 32 or start > end can result in out-of-range shift operations in TextureDataProvider::getValue, leading to undefined behavior.

Changes

  • Added TextureBitField::isValid() to enforce:

    • start <= end
    • end < 32
  • Validate bit ranges while parsing JSON metadata in loadTextureFromPngData.

  • Added a defensive validation check in TextureDataProvider::getValue.

  • Verify JSON values are unsigned integers before calling GetUint().

  • Invalid metadata is now logged and skipped instead of being processed.

Testing

Added TextureDataProviderTest.cpp covering:

  • Valid bit ranges continue to extract the expected values.

  • Invalid ranges such as:

    • [0,32]
    • [0,64]
    • [10,5]
      are rejected safely.
  • Confirmed that valid textures behave exactly as before and only malformed metadata is ignored.

@github-actions github-actions Bot added the PR: Community Contribution 👑 Community Contribution PR's label Jun 23, 2026
@SABITHSAHEB

Copy link
Copy Markdown
Author

Any Updates on this pr?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

PR: Community Contribution 👑 Community Contribution PR's

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant