diff options
Diffstat (limited to 'dev-qt/qtgui/files/qtgui-5.14.2-CVE-2020-17507.patch')
| -rw-r--r-- | dev-qt/qtgui/files/qtgui-5.14.2-CVE-2020-17507.patch | 39 |
1 files changed, 0 insertions, 39 deletions
diff --git a/dev-qt/qtgui/files/qtgui-5.14.2-CVE-2020-17507.patch b/dev-qt/qtgui/files/qtgui-5.14.2-CVE-2020-17507.patch deleted file mode 100644 index cad9aa4..0000000 --- a/dev-qt/qtgui/files/qtgui-5.14.2-CVE-2020-17507.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 1616c71921b73b227f56ccb3f2c49a994ec23440 Mon Sep 17 00:00:00 2001 -From: Allan Sandfeld Jensen <allan.jensen@qt.io> -Date: Thu, 23 Jul 2020 11:48:48 +0200 -Subject: Fix buffer overflow in XBM parser - -Avoid parsing over the buffer limit, or interpreting non-hex -as hex. - -This still leaves parsing of lines longer than 300 chars -unreliable - -Change-Id: I1c57a7e530c4380f6f9040b2ec729ccd7dc7a5fb -Reviewed-by: Robert Loehning <robert.loehning@qt.io> -Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io> -(cherry picked from commit c562c1fc19629fb505acd0f6380604840b634211) -Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> ---- - src/gui/image/qxbmhandler.cpp | 4 ++- - .../gui/image/qimagereader/tst_qimagereader.cpp | 38 ++++++++++++++++++++++ - 2 files changed, 41 insertions(+), 1 deletion(-) - -diff --git a/src/gui/image/qxbmhandler.cpp b/src/gui/image/qxbmhandler.cpp -index f06561690c..72ce7f7ecd 100644 ---- a/src/gui/image/qxbmhandler.cpp -+++ b/src/gui/image/qxbmhandler.cpp -@@ -159,7 +159,9 @@ static bool read_xbm_body(QIODevice *device, int w, int h, QImage *outImage) - w = (w+7)/8; // byte width - - while (y < h) { // for all encoded bytes... -- if (p) { // p = "0x.." -+ if (p && p < (buf + readBytes - 3)) { // p = "0x.." -+ if (!isxdigit(p[2]) || !isxdigit(p[3])) -+ return false; - *b++ = hex2byte(p+2); - p += 2; - if (++x == w && ++y < h) { --- -cgit v1.2.1 - |