fix cve
This commit is contained in:
kang_xiao_qiang
parent
b774e3a170
commit
698c875797
27
CVE-2020-17507.patch
Normal file
27
CVE-2020-17507.patch
Normal file
@ -0,0 +1,27 @@
|
||||
From 1a27a6cefbb457f2fb74159267835aaefb7c992d Mon Sep 17 00:00:00 2001
|
||||
From: kang_xiao_qiang <kangshaoqiang1@huawei.com>
|
||||
Date: Sun, 20 Sep 2020 15:35:21 +0800
|
||||
Subject: [PATCH] 2
|
||||
|
||||
---
|
||||
src/gui/image/qxbmhandler.cpp | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/gui/image/qxbmhandler.cpp b/src/gui/image/qxbmhandler.cpp
|
||||
index 414e8233..7483b245 100644
|
||||
--- a/src/gui/image/qxbmhandler.cpp
|
||||
+++ b/src/gui/image/qxbmhandler.cpp
|
||||
@@ -154,7 +154,9 @@ static bool read_xbm_body(QIODevice *device, int w, int h, QImage *outImage)
|
||||
w = (w+7)/8; // byte width
|
||||
|
||||
while (y < h) { // for all encoded bytes...
|
||||
- if (p) { // p = "0x.."
|
||||
+ if (p && p < (buf + readBytes - 3)) { // p = "0x.."
|
||||
+ if (!isxdigit(p[2]) || !isxdigit(p[3]))
|
||||
+ return false;
|
||||
*b++ = hex2byte(p+2);
|
||||
p += 2;
|
||||
if (++x == w && ++y < h) {
|
||||
--
|
||||
2.23.0
|
||||
|
||||
6
qt.spec
6
qt.spec
@ -13,7 +13,7 @@
|
||||
Name: qt
|
||||
Epoch: 1
|
||||
Version: 4.8.7
|
||||
Release: 49
|
||||
Release: 50
|
||||
Summary: A software toolkit for developing applications
|
||||
License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
|
||||
URL: http://qt-project.org/
|
||||
@ -78,6 +78,7 @@ Patch6001: CVE-2018-19872.patch
|
||||
Patch6002: CVE-2018-19871.patch
|
||||
Patch6003: CVE-2018-19870.patch
|
||||
Patch6004: CVE-2018-19873.patch
|
||||
Patch45: CVE-2020-17507.patch
|
||||
|
||||
BuildRequires: cups-devel desktop-file-utils gcc-c++ libjpeg-devel findutils libmng-devel libtiff-devel pkgconfig pkgconfig(alsa)
|
||||
BuildRequires: pkgconfig(dbus-1) pkgconfig(fontconfig) pkgconfig(glib-2.0) pkgconfig(icu-i18n) openssl-devel pkgconfig(libpng)
|
||||
@ -444,6 +445,9 @@ fi
|
||||
%{_qt4_prefix}/examples/
|
||||
|
||||
%changelog
|
||||
* Sun Sep 20 2020 shaoqiang kang <kangshaoqiang1@huawei.com> - 1:4.8.7-50
|
||||
- fix CVE-2020-17507
|
||||
|
||||
* Tue Sep 2020 shaoqiang kang <kangshaoqiang1@huawei.com> - 1:4.8.7-49
|
||||
- Modify source
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user