[mingw-qt5-qtbase] Fix DoS vulnerability in the GIF image handler (QTBUG-38367, RHBZ #1092837)

Erik van Pienbroek epienbro at fedoraproject.org
Sat May 3 22:57:51 UTC 2014 

commit 2b4c1de6589881c16e57f4ba3c10af4dbcfd9c95
Author: Erik van Pienbroek <epienbro at fedoraproject.org>
Date:   Sun May 4 00:57:55 2014 +0200

    Fix DoS vulnerability in the GIF image handler (QTBUG-38367, RHBZ #1092837)

 mingw-qt5-qtbase.spec                         |    7 ++++++-
 qtbase-opensource-src-5.2.1-QTBUG-38367.patch |   17 +++++++++++++++++
 2 files changed, 23 insertions(+), 1 deletions(-)
---
diff --git a/mingw-qt5-qtbase.spec b/mingw-qt5-qtbase.spec
index f749394..7ee3d13 100644
--- a/mingw-qt5-qtbase.spec
+++ b/mingw-qt5-qtbase.spec
@@ -75,6 +75,9 @@ Patch3:         qt5-prevent-debug-library-names-in-pkgconfig-files.patch
 # Fix qmake to create implibs with .dll.a extension for MinGW
 Patch4:         qt5-qmake-implib-dll-a.patch
 
+# https://bugreports.qt-project.org/browse/QTBUG-38367
+Patch5:         qtbase-opensource-src-5.2.1-QTBUG-38367.patch
+
 ###########################
 # Fedora specific patches #
 ###########################
@@ -269,6 +272,7 @@ Static version of the mingw64-qt5-qtbase library.
 %patch2 -p1 -b .res
 %patch3 -p1 -b .pkgconfig_debug
 %patch4 -p1 -b .qmake_implib
+%patch5 -p1 -b .QTBUG-38367
 
 %patch100 -p0
 %patch101 -p0
@@ -761,8 +765,9 @@ ln -s %{mingw64_target}-qmake-qt5 $RPM_BUILD_ROOT%{_bindir}/mingw64-qmake-qt5
 
 
 %changelog
-* Tue Apr 29 2014 Erik van Pienbroek <epienbro at fedoraproject.org> - 5.2.1-3
+* Sat May  3 2014 Erik van Pienbroek <epienbro at fedoraproject.org> - 5.2.1-3
 - Fix invalid reference to qtmain when using CMake (RHBZ #1092465)
+- Fix DoS vulnerability in the GIF image handler (QTBUG-38367, RHBZ #1092837)
 
 * Sun Apr 13 2014 Erik van Pienbroek <epienbro at fedoraproject.org> - 5.2.1-2
 - Rebuild against gcc 4.9 (to fix paths mentioned in mkspecs/qconfig.pri)
diff --git a/qtbase-opensource-src-5.2.1-QTBUG-38367.patch b/qtbase-opensource-src-5.2.1-QTBUG-38367.patch
new file mode 100644
index 0000000..b85d74d
--- /dev/null
+++ b/qtbase-opensource-src-5.2.1-QTBUG-38367.patch
@@ -0,0 +1,17 @@
+diff -up qtbase-opensource-src-5.2.1/src/gui/image/qgifhandler.cpp.QTBUG-38367 qtbase-opensource-src-5.2.1/src/gui/image/qgifhandler.cpp
+--- qtbase-opensource-src-5.2.1/src/gui/image/qgifhandler.cpp.QTBUG-38367	2014-02-01 14:37:35.000000000 -0600
++++ qtbase-opensource-src-5.2.1/src/gui/image/qgifhandler.cpp	2014-04-24 16:28:10.952100278 -0500
+@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage *image, co
+                     memset(bits, 0, image->byteCount());
+                 }
+ 
++                // Check if the previous attempt to create the image failed. If it
++                // did then the image is broken and we should give up.
++                if (image->isNull()) {
++                    state = Error;
++                    return -1;
++                }
++
+                 disposePrevious(image);
+                 disposed = false;
+

More information about the scm-commits mailing list