[kdelibs] better fix

Than Ngo than at fedoraproject.org
Wed Nov 9 15:11:12 UTC 2011 

commit c816e01003a8ea434b21801c898e4d68c44cc99f
Author: Than Ngo <than at redhat.com>
Date:   Wed Nov 9 16:10:59 2011 +0100

    better fix

 kdelibs-4.7.3-CVE-0046.patch |   20 ++++++++++++--------
 1 files changed, 12 insertions(+), 8 deletions(-)
---
diff --git a/kdelibs-4.7.3-CVE-0046.patch b/kdelibs-4.7.3-CVE-0046.patch
index f89eb6d..9108d7a 100644
--- a/kdelibs-4.7.3-CVE-0046.patch
+++ b/kdelibs-4.7.3-CVE-0046.patch
@@ -1,12 +1,16 @@
 diff -up kdelibs-4.7.3/khtml/css/cssparser.cpp.orig kdelibs-4.7.3/khtml/css/cssparser.cpp
 --- kdelibs-4.7.3/khtml/css/cssparser.cpp.orig	2011-11-07 19:14:53.000000000 +0100
-+++ kdelibs-4.7.3/khtml/css/cssparser.cpp	2011-11-07 19:15:21.000000000 +0100
-@@ -2283,7 +2283,7 @@ bool CSSParser::parseFontFaceSrc()
-                     Value* a = args->current();
-                     uriValue = 0;
-                     parsedValue = new CSSFontFaceSrcValueImpl( domString( a->string ), true /*local src*/ );
--                } else if (!strcasecmp(domString(val->function->name), "format(") && allowFormat && uriValue) {
-+                } else if (!strcasecmp(domString(val->function->name), "format(") && allowFormat && uriValue && (args->current()->unit == CSSPrimitiveValue::CSS_STRING || args->current()->unit == CSSPrimitiveValue::CSS_IDENT)) {
++++ kdelibs-4.7.3/khtml/css/cssparser.cpp	2011-11-09 16:02:11.000000000 +0100
+@@ -2275,8 +2275,11 @@ bool CSSParser::parseFontFaceSrc()
+             expectComma = true;
+         } else if (val->unit == Value::Function) {
+             // There are two allowed functions: local() and format().
++            // For both we expect a string argument
+             ValueList *args = val->function->args;
+-            if (args && args->size() == 1) {
++            if (args && args->size() == 1 &&
++                (args->current()->unit == CSSPrimitiveValue::CSS_STRING ||
++                 args->current()->unit == CSSPrimitiveValue::CSS_IDENT)) {
+                 if (!strcasecmp(domString(val->function->name), "local(") && !expectComma) {
                      expectComma = true;
                      allowFormat = false;
-                     uriValue->setFormat( domString( args->current()->string ) );

More information about the scm-commits mailing list