qt/CVE-2020-17507.patch

From 1a27a6cefbb457f2fb74159267835aaefb7c992d Mon Sep 17 00:00:00 2001
From: kang_xiao_qiang <kangshaoqiang1@huawei.com>
Date: Sun, 20 Sep 2020 15:35:21 +0800
Subject: [PATCH] 2

---
 src/gui/image/qxbmhandler.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/gui/image/qxbmhandler.cpp b/src/gui/image/qxbmhandler.cpp
index 414e8233..7483b245 100644
--- a/src/gui/image/qxbmhandler.cpp
+++ b/src/gui/image/qxbmhandler.cpp
@@ -154,7 +154,9 @@ static bool read_xbm_body(QIODevice *device, int w, int h, QImage *outImage)
     w = (w+7)/8;                                // byte width
 
     while (y < h) {                                // for all encoded bytes...
-        if (p) {                                // p = "0x.."
+        if (p && p < (buf + readBytes - 3)) {                                // p = "0x.."
+	    if (!isxdigit(p[2]) || !isxdigit(p[3]))
+		return false;
             *b++ = hex2byte(p+2);
             p += 2;
             if (++x == w && ++y < h) {
-- 
2.23.0
fix cve 2020-09-20 16:40:46 +08:00			`From 1a27a6cefbb457f2fb74159267835aaefb7c992d Mon Sep 17 00:00:00 2001`
			`From: kang_xiao_qiang <kangshaoqiang1@huawei.com>`
			`Date: Sun, 20 Sep 2020 15:35:21 +0800`
			`Subject: [PATCH] 2`

			`---`
			`src/gui/image/qxbmhandler.cpp \| 4 +++-`
			`1 file changed, 3 insertions(+), 1 deletion(-)`

			`diff --git a/src/gui/image/qxbmhandler.cpp b/src/gui/image/qxbmhandler.cpp`
			`index 414e8233..7483b245 100644`
			`--- a/src/gui/image/qxbmhandler.cpp`
			`+++ b/src/gui/image/qxbmhandler.cpp`
			`@@ -154,7 +154,9 @@ static bool read_xbm_body(QIODevice device, int w, int h, QImage outImage)`
			`w = (w+7)/8; // byte width`

			`while (y < h) { // for all encoded bytes...`
			`- if (p) { // p = "0x.."`
			`+ if (p && p < (buf + readBytes - 3)) { // p = "0x.."`
			`+ if (!isxdigit(p[2]) \|\| !isxdigit(p[3]))`
			`+ return false;`
			`*b++ = hex2byte(p+2);`
			`p += 2;`
			`if (++x == w && ++y < h) {`
			`--`
			`2.23.0`