fix CVE-2018-15518
This commit is contained in:
bingo2008
parent
94e2073e8d
commit
46e5bf8c1b
31
CVE-2018-15518.patch
Normal file
31
CVE-2018-15518.patch
Normal file
@ -0,0 +1,31 @@
|
||||
From 6256729a6da532079505edfe4c56a6ef29cd8ab8 Mon Sep 17 00:00:00 2001
|
||||
From: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
||||
Date: Mon, 13 Aug 2018 15:29:16 +0200
|
||||
Subject: [PATCH] Fix possible heap corruption in QXmlStream
|
||||
|
||||
The value of 'tos' at the check might already be on the last element,
|
||||
so triggering stack expansion on the second last element is too late.
|
||||
|
||||
Change-Id: Ib3ab2662d4d27a71effe9e988b9e172923af2908
|
||||
Reviewed-by: Richard J. Moore <rich@kde.org>
|
||||
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
||||
---
|
||||
src/corelib/serialization/qxmlstream_p.h | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h
|
||||
index 4157fbbd0e0..f8b1ede9439 100644
|
||||
--- a/src/corelib/serialization/qxmlstream_p.h
|
||||
+++ b/src/corelib/serialization/qxmlstream_p.h
|
||||
@@ -1250,7 +1250,7 @@ bool QXmlStreamReaderPrivate::parse()
|
||||
state_stack[tos] = 0;
|
||||
return true;
|
||||
} else if (act > 0) {
|
||||
- if (++tos == stack_size-1)
|
||||
+ if (++tos >= stack_size-1)
|
||||
reallocateStack();
|
||||
|
||||
Value &val = sym_stack[tos];
|
||||
--
|
||||
2.16.3
|
||||
|
||||
@ -13,7 +13,7 @@
|
||||
Name: qt5-qtbase
|
||||
Summary: Core component of Qt toolkit
|
||||
Version: 5.11.1
|
||||
Release: 8
|
||||
Release: 9
|
||||
License: LGPLv2 with exceptions or GPLv3 with exceptions
|
||||
Url: http://qt-project.org/
|
||||
Source0: https://download.qt.io/official_releases/qt/5.11/%{version}/submodules/qtbase-everywhere-src-%{version}.tar.xz
|
||||
@ -34,6 +34,8 @@ Patch0009: qt5-qtbase-5.9.1-firebird.patch
|
||||
Patch0010: qtbase-everywhere-src-5.11.1-python3.patch
|
||||
Patch0011: qt5-qtbase-glibc.patch
|
||||
|
||||
Patch6000: CVE-2018-15518.patch
|
||||
|
||||
BuildRequires: pkgconfig(libsystemd) cups-devel desktop-file-utils findutils
|
||||
BuildRequires: libjpeg-devel libmng-devel libtiff-devel pkgconfig(alsa)
|
||||
BuildRequires: pkgconfig(atspi-2) pkgconfig(dbus-1) pkgconfig(libdrm)
|
||||
@ -399,5 +401,12 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Dec 25 2019 fengbing <fengbing7@huawei.com> - 5.11.1-9
|
||||
- Type:cves
|
||||
- ID:CVE-2018-15518
|
||||
- SUG:restart
|
||||
- DESC: fix CVE-2018-15518
|
||||
|
||||
|
||||
* Thu Nov 07 2019 yanzhihua <yanzhihua4@huawei.com> - 5.11.1-8
|
||||
- Package init
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user