From e40830cbfe69671359cb47035e47c459863b5ad3 Mon Sep 17 00:00:00 2001
From: peijiankang <peijiankang@kylinos.cn>
Date: Wed, 31 Jan 2024 13:40:16 +0800
Subject: [PATCH] qtbase5.15-CVE-2023-51714

---
 qt5-qtbase.spec                 | 11 +++++++---
 qtbase5.15-CVE-2023-51714.patch | 37 +++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+), 3 deletions(-)
 create mode 100644 qtbase5.15-CVE-2023-51714.patch

diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec
index cf7e00e..8628fa2 100644
--- a/qt5-qtbase.spec
+++ b/qt5-qtbase.spec
@@ -36,7 +36,7 @@
 Name:             qt5-qtbase
 Summary:          Qt5 - QtBase components
 Version:          5.15.10
-Release:          6
+Release:          7
 
 # See LGPL_EXCEPTIONS.txt, for exception details
 License:          LGPL-3.0-only OR GPL-3.0-only WITH Qt-GPL-exception-1.0
@@ -132,6 +132,7 @@ Patch0026:        qtbase5.15.10-CVE-2023-38197.patch
 # https://codereview.qt-project.org/c/qt/qtbase/+/503026
 Patch0027:        qtbase5.15.10-CVE-2023-43114.patch
 Patch0028:        fix-build-error-of-libxkbcommon-1.6.0.patch
+Patch0029:        qtbase5.15-CVE-2023-51714.patch
 # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires.
 # Those themes are there for platform integration. If the required libraries are
 # not there, the platform to integrate with isn't either. Then Qt will just
@@ -400,6 +401,7 @@ Qt5 libraries used for drawing widgets and OpenGL items.
 %patch -P0026 -p1
 %patch -P0027 -p1
 %patch -P0028 -p1
+%patch -P0029 -p1
 # move some bundled libs to ensure they're not accidentally used
 pushd src/3rdparty
 mkdir UNUSED
@@ -1057,13 +1059,16 @@ fi
 
 
 %changelog
+* Wed Jan 31 2024 douyan <douyan@kylinos.cn> - 5.15.10-7
+- add qtbase5.15-CVE-2023-51714.patch
+
 * Wed Jan 31 2024 douyan <douyan@kylinos.cn> - 5.15.10-6
 - fix build error of libxkbcommon-1.6.0
 
-* Fri Nov 24 2023 hua_yadong <huayadong@kylinos.cn> - 5.15.10-5
+* Sat Nov 25 2023 hua_yadong <huayadong@kylinos.cn> - 5.15.10-5
 - fix qtbase5.15.10-CVE-2023-43114.patch
 
-* Sat Nov 25 2023 hua_yadong <huayadong@kylinos.cn> - 5.15.10-4
+* Fri Nov 24 2023 hua_yadong <huayadong@kylinos.cn> - 5.15.10-4
 - fix qtbase5.15.10-CVE-2023-38197.patch
 
 * Wed Sep 13 2023 yoo <sunyuechi@iscas.ac.cn> - 5.15.10-3
diff --git a/qtbase5.15-CVE-2023-51714.patch b/qtbase5.15-CVE-2023-51714.patch
new file mode 100644
index 0000000..142dfc2
--- /dev/null
+++ b/qtbase5.15-CVE-2023-51714.patch
@@ -0,0 +1,37 @@
+From 061cbe5796a9ff1e998bd5753bb5b44e4481df11 Mon Sep 17 00:00:00 2001
+From: peijiankang <peijiankang@kylinos.cn>
+Date: Wed, 31 Jan 2024 13:38:10 +0800
+Subject: [PATCH] qtbase5.15-CVE-2023-51714
+
+---
+ src/network/access/http2/hpacktable.cpp | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp
+index fddb5fec..315f3e23 100644
+--- a/src/network/access/http2/hpacktable.cpp
++++ b/src/network/access/http2/hpacktable.cpp
+@@ -40,6 +40,7 @@
+ #include "hpacktable_p.h"
+ 
+ #include <QtCore/qdebug.h>
++#include <QtCore/private/qnumeric_p.h>
+ 
+ #include <algorithm>
+ #include <cstddef>
+@@ -62,8 +63,10 @@ HeaderSize entry_size(const QByteArray &name, const QByteArray &value)
+     // for counting the number of references to the name and value would have
+     // 32 octets of overhead."
+ 
+-    const unsigned sum = unsigned(name.size() + value.size());
+-    if (std::numeric_limits<unsigned>::max() - 32 < sum)
++    size_t sum;
++    if (add_overflow(size_t(name.size()), size_t(value.size()), &sum))
++        return HeaderSize();
++    if (sum > (std::numeric_limits<unsigned>::max() - 32))
+         return HeaderSize();
+     return HeaderSize(true, quint32(sum + 32));
+ }
+-- 
+2.41.0
+