packages/qt5-qtbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!2 fix CVE-2018-15518

Browse Source 
Merge pull request !2 from bingo2008/bingo2008
This commit is contained in:
openeuler-ci-bot 2019-12-25 16:19:38 +08:00 committed by Gitee
commit c366246372
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
CVE-2018-15518.patch Normal file
View File

@ -0,0 +1,31 @@
From 6256729a6da532079505edfe4c56a6ef29cd8ab8 Mon Sep 17 00:00:00 2001
From: Allan Sandfeld Jensen <allan.jensen@qt.io>
Date: Mon, 13 Aug 2018 15:29:16 +0200
Subject: [PATCH] Fix possible heap corruption in QXmlStream
The value of 'tos' at the check might already be on the last element,
so triggering stack expansion on the second last element is too late.
Change-Id: Ib3ab2662d4d27a71effe9e988b9e172923af2908
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
---
src/corelib/serialization/qxmlstream_p.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h
index 4157fbbd0e0..f8b1ede9439 100644
--- a/src/corelib/serialization/qxmlstream_p.h
+++ b/src/corelib/serialization/qxmlstream_p.h
@@ -1250,7 +1250,7 @@ bool QXmlStreamReaderPrivate::parse()
state_stack[tos] = 0;
return true;
} else if (act > 0) {
- if (++tos == stack_size-1)
+ if (++tos >= stack_size-1)
reallocateStack();
Value &val = sym_stack[tos];
--
2.16.3

11
qt5-qtbase.spec
View File

@ -13,7 +13,7 @@
Name: qt5-qtbase Name: qt5-qtbase
Summary: Core component of Qt toolkit Summary: Core component of Qt toolkit
Version: 5.11.1 Version: 5.11.1
Release: 8 Release: 9
License: LGPLv2 with exceptions or GPLv3 with exceptions License: LGPLv2 with exceptions or GPLv3 with exceptions
Url: http://qt-project.org/ Url: http://qt-project.org/
Source0: https://download.qt.io/official_releases/qt/5.11/%{version}/submodules/qtbase-everywhere-src-%{version}.tar.xz Source0: https://download.qt.io/official_releases/qt/5.11/%{version}/submodules/qtbase-everywhere-src-%{version}.tar.xz
@ -34,6 +34,8 @@ Patch0009: qt5-qtbase-5.9.1-firebird.patch
Patch0010: qtbase-everywhere-src-5.11.1-python3.patch Patch0010: qtbase-everywhere-src-5.11.1-python3.patch
Patch0011: qt5-qtbase-glibc.patch Patch0011: qt5-qtbase-glibc.patch
Patch6000: CVE-2018-15518.patch
BuildRequires: pkgconfig(libsystemd) cups-devel desktop-file-utils findutils BuildRequires: pkgconfig(libsystemd) cups-devel desktop-file-utils findutils
BuildRequires: libjpeg-devel libmng-devel libtiff-devel pkgconfig(alsa) BuildRequires: libjpeg-devel libmng-devel libtiff-devel pkgconfig(alsa)
BuildRequires: pkgconfig(atspi-2) pkgconfig(dbus-1) pkgconfig(libdrm) BuildRequires: pkgconfig(atspi-2) pkgconfig(dbus-1) pkgconfig(libdrm)
@ -399,5 +401,12 @@ fi
%changelog %changelog
* Wed Dec 25 2019 fengbing <fengbing7@huawei.com> - 5.11.1-9
- Type:cves
- ID:CVE-2018-15518
- SUG:restart
- DESC: fix CVE-2018-15518
* Thu Nov 07 2019 yanzhihua <yanzhihua4@huawei.com> - 5.11.1-8 * Thu Nov 07 2019 yanzhihua <yanzhihua4@huawei.com> - 5.11.1-8
- Package init - Package init