package/qt6/qt6svg: backport fix for CVE-2023-32573
This commit backports an upstream patch fixing CVE-2023-32573. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Thomas Petazzoni
Peter Korsgaard
parent
d9b046e634
commit
a9aa11544a
@ -0,0 +1,62 @@
|
||||
From 3497a6b81f561f61ab784b2847f718e912b4d80c Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Robert=20L=C3=B6hning?= <robert.loehning@qt.io>
|
||||
Date: Mon, 24 Apr 2023 15:27:17 +0200
|
||||
Subject: [PATCH] QSvgFont: Initialize used member, remove unused
|
||||
|
||||
Credit to OSS-Fuzz
|
||||
|
||||
[ChangeLog][QtSvg] Fixed undefined behavior from using uninitialized
|
||||
variable.
|
||||
|
||||
Pick-to: 6.5 6.2 5.15
|
||||
Coverity-Id: 22618
|
||||
Change-Id: Id52277bb0e2845f4d342e187dbb8093e9276b70c
|
||||
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
|
||||
|
||||
Fixes: https://security-tracker.debian.org/tracker/CVE-2023-32573
|
||||
Upstream: https://codereview.qt-project.org/gitweb?p=qt%2Fqtsvg.git;a=commit;h=ff22c3ccf8ccf813fdcfda23f7740ba73ba5ce0a
|
||||
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
||||
---
|
||||
src/svg/qsvgfont_p.h | 5 ++---
|
||||
src/svg/qsvghandler.cpp | 2 +-
|
||||
2 files changed, 3 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/svg/qsvgfont_p.h b/src/svg/qsvgfont_p.h
|
||||
index a7cc98b1..9cf3dfe3 100644
|
||||
--- a/src/svg/qsvgfont_p.h
|
||||
+++ b/src/svg/qsvgfont_p.h
|
||||
@@ -38,6 +38,7 @@ public:
|
||||
class Q_SVG_PRIVATE_EXPORT QSvgFont : public QSvgRefCounted
|
||||
{
|
||||
public:
|
||||
+ static constexpr qreal DEFAULT_UNITS_PER_EM = 1000;
|
||||
QSvgFont(qreal horizAdvX);
|
||||
|
||||
void setFamilyName(const QString &name);
|
||||
@@ -50,9 +51,7 @@ public:
|
||||
void draw(QPainter *p, const QPointF &point, const QString &str, qreal pixelSize, Qt::Alignment alignment) const;
|
||||
public:
|
||||
QString m_familyName;
|
||||
- qreal m_unitsPerEm;
|
||||
- qreal m_ascent;
|
||||
- qreal m_descent;
|
||||
+ qreal m_unitsPerEm = DEFAULT_UNITS_PER_EM;
|
||||
qreal m_horizAdvX;
|
||||
QHash<QChar, QSvgGlyph> m_glyphs;
|
||||
};
|
||||
diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
|
||||
index 29ca7332..a8918489 100644
|
||||
--- a/src/svg/qsvghandler.cpp
|
||||
+++ b/src/svg/qsvghandler.cpp
|
||||
@@ -2622,7 +2622,7 @@ static bool parseFontFaceNode(QSvgStyleProperty *parent,
|
||||
|
||||
qreal unitsPerEm = toDouble(unitsPerEmStr);
|
||||
if (!unitsPerEm)
|
||||
- unitsPerEm = 1000;
|
||||
+ unitsPerEm = QSvgFont::DEFAULT_UNITS_PER_EM;
|
||||
|
||||
if (!name.isEmpty())
|
||||
font->setFamilyName(name);
|
||||
--
|
||||
2.46.0
|
||||
|
||||
@ -9,6 +9,8 @@ QT6SVG_SITE = $(QT6_SITE)
|
||||
QT6SVG_SOURCE = qtsvg-$(QT6_SOURCE_TARBALL_PREFIX)-$(QT6SVG_VERSION).tar.xz
|
||||
QT6SVG_INSTALL_STAGING = YES
|
||||
QT6SVG_SUPPORTS_IN_SOURCE_BUILD = NO
|
||||
# 0001-QSvgFont-Initialize-used-member-remove-unused.patch
|
||||
QT6SVG_IGNORE_CVES += CVE-2023-32573
|
||||
|
||||
QT6SVG_CMAKE_BACKEND = ninja
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user