[qt] Fix a crash in cursorToX() when new block is added (QTBUG-24718)
Jaroslav Reznik
jreznik at fedoraproject.org
Tue Apr 3 09:00:48 UTC 2012
commit 20e8a011830cabec2fbe218562b8dcb4a3907254
Author: Jaroslav Reznik <jreznik at redhat.com>
Date: Tue Apr 3 11:00:17 2012 +0200
Fix a crash in cursorToX() when new block is added (QTBUG-24718)
...erywhere-opensource-src-4.8.1-QTBUG-24718.patch | 14 ++++++++++++++
qt.spec | 9 ++++++++-
2 files changed, 22 insertions(+), 1 deletions(-)
---
diff --git a/qt-everywhere-opensource-src-4.8.1-QTBUG-24718.patch b/qt-everywhere-opensource-src-4.8.1-QTBUG-24718.patch
new file mode 100644
index 0000000..003a0a6
--- /dev/null
+++ b/qt-everywhere-opensource-src-4.8.1-QTBUG-24718.patch
@@ -0,0 +1,14 @@
+diff -up qt-everywhere-opensource-src-4.8.1/src/gui/text/qtextlayout.cpp.QTBUG-24718 qt-everywhere-opensource-src-4.8.1/src/gui/text/qtextlayout.cpp
+--- qt-everywhere-opensource-src-4.8.1/src/gui/text/qtextlayout.cpp.QTBUG-24718 2012-03-14 15:01:14.000000000 +0100
++++ qt-everywhere-opensource-src-4.8.1/src/gui/text/qtextlayout.cpp 2012-04-03 10:53:12.973058622 +0200
+@@ -2508,6 +2508,10 @@ qreal QTextLine::cursorToX(int *cursorPo
+ int pos = *cursorPos;
+ int itm;
+ const HB_CharAttributes *attributes = eng->attributes();
++ if (!attributes) {
++ *cursorPos = 0;
++ return x.toReal();
++ }
+ while (pos < line.from + line.length && !attributes[pos].charStop)
+ pos++;
+ if (pos == line.from + (int)line.length) {
diff --git a/qt.spec b/qt.spec
index d5b7950..5a89451 100644
--- a/qt.spec
+++ b/qt.spec
@@ -11,7 +11,7 @@ Summary: Qt toolkit
Name: qt
Epoch: 1
Version: 4.8.1
-Release: 4%{?dist}
+Release: 5%{?dist}
# See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
@@ -108,6 +108,9 @@ Patch81: qt-everywhere-opensource-src-4.8.0-gcc-4.7.patch
# upstream patches
# http://codereview.qt-project.org/#change,22006
Patch100: qt-everywhere-opensource-src-4.8.1-qtgahandle.patch
+# Fix a crash in cursorToX() when new block is added
+# http://codereview.qt-project.org/22142
+Patch101: qt-everywhere-opensource-src-4.8.1-QTBUG-24718.patch
# security patches
# CVE-2011-3922 qt: Stack-based buffer overflow in embedded harfbuzz code
@@ -439,6 +442,7 @@ rm -fv mkspecs/linux-g++*/qmake.conf.multilib-optflags
# upstream patches
%patch100 -p1 -b .QTgaHandler
+%patch101 -p1 -b .QTBUG-24718
# security fixes
%patch200 -p1 -b .CVE-2011-3922
@@ -1063,6 +1067,9 @@ fi
%changelog
+* Tue Apr 03 2012 Jaroslav Reznik <jreznik at redhat.com> - 4.8.1-5
+- Fix a crash in cursorToX() when new block is added (QTBUG-24718)
+
* Fri Mar 30 2012 Than Ngo <than at redhat.com> - 4.8.1-4
- Fix QTgaHandler::canRead() not obeying image plugin specs
More information about the scm-commits
mailing list