packages/qt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!2 add CVE-2018-19869 patch

Browse Source 
Merge pull request !2 from openeuler-basic/init
This commit is contained in:
openeuler-ci-bot 2019-12-24 16:39:37 +08:00 committed by Gitee
commit 0366733c3a
1 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
CVE-2018-19869.patch Normal file
View File

@ -0,0 +1,43 @@
From 39c31b0454ad7f4f72237cc23fcfb8ef2f80cea9 Mon Sep 17 00:00:00 2001
From: Eirik Aavitsland <eirik.aavitsland@qt.io>
Date: Mon, 9 Jul 2018 10:45:22 +0200
Subject: [PATCH] Fix crash when parsing misformed url reference
The parsing did not check for end of input.
[ChangeLog][][]
Change-Id: I56a478877d242146395977b767511425d2b8ced1
---
src/svg/qsvghandler.cpp | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
index 6d2e279..fe07d0e 100644
--- a/src/svg/qsvghandler.cpp
+++ b/src/svg/qsvghandler.cpp
@@ -774,16 +774,17 @@ static QVector<qreal> parsePercentageList(const QChar *&str)
static QString idFromUrl(const QString &url)
{
QString::const_iterator itr = url.constBegin();
- while ((*itr).isSpace())
+ QString::const_iterator end = url.constEnd();
+ while (itr != end && (*itr).isSpace())
++itr;
- if ((*itr) == QLatin1Char('('))
+ if (itr != end && (*itr) == QLatin1Char('('))
++itr;
- while ((*itr).isSpace())
+ while (itr != end && (*itr).isSpace())
++itr;
- if ((*itr) == QLatin1Char('#'))
+ if (itr != end && (*itr) == QLatin1Char('#'))
++itr;
QString id;
- while ((*itr) != QLatin1Char(')')) {
+ while (itr != end && (*itr) != QLatin1Char(')')) {
id += *itr;
++itr;
}
--
2.16.3