[mingw-qt5-qtbase] Fix DoS vulnerability in the GIF image handler (QTBUG-38367, RHBZ #1092837)
Erik van Pienbroek
epienbro at fedoraproject.org
Sat May 3 22:57:51 UTC 2014
commit 2b4c1de6589881c16e57f4ba3c10af4dbcfd9c95
Author: Erik van Pienbroek <epienbro at fedoraproject.org>
Date: Sun May 4 00:57:55 2014 +0200
Fix DoS vulnerability in the GIF image handler (QTBUG-38367, RHBZ #1092837)
mingw-qt5-qtbase.spec | 7 ++++++-
qtbase-opensource-src-5.2.1-QTBUG-38367.patch | 17 +++++++++++++++++
2 files changed, 23 insertions(+), 1 deletions(-)
---
diff --git a/mingw-qt5-qtbase.spec b/mingw-qt5-qtbase.spec
index f749394..7ee3d13 100644
--- a/mingw-qt5-qtbase.spec
+++ b/mingw-qt5-qtbase.spec
@@ -75,6 +75,9 @@ Patch3: qt5-prevent-debug-library-names-in-pkgconfig-files.patch
# Fix qmake to create implibs with .dll.a extension for MinGW
Patch4: qt5-qmake-implib-dll-a.patch
+# https://bugreports.qt-project.org/browse/QTBUG-38367
+Patch5: qtbase-opensource-src-5.2.1-QTBUG-38367.patch
+
###########################
# Fedora specific patches #
###########################
@@ -269,6 +272,7 @@ Static version of the mingw64-qt5-qtbase library.
%patch2 -p1 -b .res
%patch3 -p1 -b .pkgconfig_debug
%patch4 -p1 -b .qmake_implib
+%patch5 -p1 -b .QTBUG-38367
%patch100 -p0
%patch101 -p0
@@ -761,8 +765,9 @@ ln -s %{mingw64_target}-qmake-qt5 $RPM_BUILD_ROOT%{_bindir}/mingw64-qmake-qt5
%changelog
-* Tue Apr 29 2014 Erik van Pienbroek <epienbro at fedoraproject.org> - 5.2.1-3
+* Sat May 3 2014 Erik van Pienbroek <epienbro at fedoraproject.org> - 5.2.1-3
- Fix invalid reference to qtmain when using CMake (RHBZ #1092465)
+- Fix DoS vulnerability in the GIF image handler (QTBUG-38367, RHBZ #1092837)
* Sun Apr 13 2014 Erik van Pienbroek <epienbro at fedoraproject.org> - 5.2.1-2
- Rebuild against gcc 4.9 (to fix paths mentioned in mkspecs/qconfig.pri)
diff --git a/qtbase-opensource-src-5.2.1-QTBUG-38367.patch b/qtbase-opensource-src-5.2.1-QTBUG-38367.patch
new file mode 100644
index 0000000..b85d74d
--- /dev/null
+++ b/qtbase-opensource-src-5.2.1-QTBUG-38367.patch
@@ -0,0 +1,17 @@
+diff -up qtbase-opensource-src-5.2.1/src/gui/image/qgifhandler.cpp.QTBUG-38367 qtbase-opensource-src-5.2.1/src/gui/image/qgifhandler.cpp
+--- qtbase-opensource-src-5.2.1/src/gui/image/qgifhandler.cpp.QTBUG-38367 2014-02-01 14:37:35.000000000 -0600
++++ qtbase-opensource-src-5.2.1/src/gui/image/qgifhandler.cpp 2014-04-24 16:28:10.952100278 -0500
+@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage *image, co
+ memset(bits, 0, image->byteCount());
+ }
+
++ // Check if the previous attempt to create the image failed. If it
++ // did then the image is broken and we should give up.
++ if (image->isNull()) {
++ state = Error;
++ return -1;
++ }
++
+ disposePrevious(image);
+ disposed = false;
+
More information about the scm-commits
mailing list