packages/qt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix cve

Browse Source
This commit is contained in:
kang_xiao_qiang 2020-09-20 16:40:46 +08:00
parent b774e3a170
commit 698c875797
2 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
CVE-2020-17507.patch Normal file
View File

@ -0,0 +1,27 @@
From 1a27a6cefbb457f2fb74159267835aaefb7c992d Mon Sep 17 00:00:00 2001
From: kang_xiao_qiang <kangshaoqiang1@huawei.com>
Date: Sun, 20 Sep 2020 15:35:21 +0800
Subject: [PATCH] 2
---
src/gui/image/qxbmhandler.cpp | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/gui/image/qxbmhandler.cpp b/src/gui/image/qxbmhandler.cpp
index 414e8233..7483b245 100644
--- a/src/gui/image/qxbmhandler.cpp
+++ b/src/gui/image/qxbmhandler.cpp
@@ -154,7 +154,9 @@ static bool read_xbm_body(QIODevice *device, int w, int h, QImage *outImage)
w = (w+7)/8; // byte width
while (y < h) { // for all encoded bytes...
- if (p) { // p = "0x.."
+ if (p && p < (buf + readBytes - 3)) { // p = "0x.."
+ if (!isxdigit(p[2]) || !isxdigit(p[3]))
+ return false;
*b++ = hex2byte(p+2);
p += 2;
if (++x == w && ++y < h) {
--
2.23.0

6
qt.spec
View File

@ -13,7 +13,7 @@
Name: qt Name: qt
Epoch: 1 Epoch: 1
Version: 4.8.7 Version: 4.8.7
Release: 49 Release: 50
Summary: A software toolkit for developing applications Summary: A software toolkit for developing applications
License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
URL: http://qt-project.org/ URL: http://qt-project.org/
@ -78,6 +78,7 @@ Patch6001: CVE-2018-19872.patch
Patch6002: CVE-2018-19871.patch Patch6002: CVE-2018-19871.patch
Patch6003: CVE-2018-19870.patch Patch6003: CVE-2018-19870.patch
Patch6004: CVE-2018-19873.patch Patch6004: CVE-2018-19873.patch
Patch45: CVE-2020-17507.patch
BuildRequires: cups-devel desktop-file-utils gcc-c++ libjpeg-devel findutils libmng-devel libtiff-devel pkgconfig pkgconfig(alsa) BuildRequires: cups-devel desktop-file-utils gcc-c++ libjpeg-devel findutils libmng-devel libtiff-devel pkgconfig pkgconfig(alsa)
BuildRequires: pkgconfig(dbus-1) pkgconfig(fontconfig) pkgconfig(glib-2.0) pkgconfig(icu-i18n) openssl-devel pkgconfig(libpng) BuildRequires: pkgconfig(dbus-1) pkgconfig(fontconfig) pkgconfig(glib-2.0) pkgconfig(icu-i18n) openssl-devel pkgconfig(libpng)
@ -444,6 +445,9 @@ fi
%{_qt4_prefix}/examples/ %{_qt4_prefix}/examples/
%changelog %changelog
* Sun Sep 20 2020 shaoqiang kang <kangshaoqiang1@huawei.com> - 1:4.8.7-50
- fix CVE-2020-17507
* Tue Sep 2020 shaoqiang kang <kangshaoqiang1@huawei.com> - 1:4.8.7-49 * Tue Sep 2020 shaoqiang kang <kangshaoqiang1@huawei.com> - 1:4.8.7-49
- Modify source - Modify source