From 1a53e519d24dbf84f547303deb6465ad03debbd6 Mon Sep 17 00:00:00 2001
From: Rex Dieter <rdieter@math.unl.edu>
Date: Thu, 24 Apr 2014 16:13:19 -0500
Subject: [PATCH] DoS vulnerability in the GIF image handler (QTBUG-38367)

---
 ...where-opensource-src-4.8.6-QTBUG-38367.patch | 17 +++++++++++++++++
 qt.spec                                         |  8 +++++++-
 2 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 qt-everywhere-opensource-src-4.8.6-QTBUG-38367.patch

diff --git a/qt-everywhere-opensource-src-4.8.6-QTBUG-38367.patch b/qt-everywhere-opensource-src-4.8.6-QTBUG-38367.patch
new file mode 100644
index 0000000..1dad10e
--- /dev/null
+++ b/qt-everywhere-opensource-src-4.8.6-QTBUG-38367.patch
@@ -0,0 +1,17 @@
+diff -up qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp.QTBUG-38367 qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp
+--- qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp.QTBUG-38367	2014-04-10 13:37:12.000000000 -0500
++++ qt-everywhere-opensource-src-4.8.6/src/gui/image/qgifhandler.cpp	2014-04-24 15:58:54.515862458 -0500
+@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage *image, co
+                     memset(bits, 0, image->byteCount());
+                 }
+ 
++                // Check if the previous attempt to create the image failed. If it
++                // did then the image is broken and we should give up.
++                if (image->isNull()) {
++                    state = Error;
++                    return -1;
++                }
++
+                 disposePrevious(image);
+                 disposed = false;
+ 
diff --git a/qt.spec b/qt.spec
index 49b2cea..213baab 100644
--- a/qt.spec
+++ b/qt.spec
@@ -25,7 +25,7 @@ Summary: Qt toolkit
 Name:    qt
 Epoch:   1
 Version: 4.8.6
-Release: 1%{?dist}
+Release: 2%{?dist}
 
 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
 License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
@@ -158,6 +158,8 @@ Patch185: qt-everywhere-opensource-src-4.8-ppc64le_support.patch
 ## upstream git
 
 ## security patches
+# https://bugreports.qt-project.org/browse/QTBUG-38367
+Patch200: qt-everywhere-opensource-src-4.8.6-QTBUG-38367.patch
 
 # desktop files
 Source20: assistant.desktop
@@ -526,6 +528,7 @@ rm -fv mkspecs/linux-g++*/qmake.conf.multilib-optflags
 # regression fixes for the security fixes
 %patch84 -p1 -b .QTBUG-35459
 %patch86 -p1 -b .systemtrayicon
+%patch200 -p1 -b .QTBUG-38367
 
 # drop -fexceptions from $RPM_OPT_FLAGS
 RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed 's|-fexceptions||g'`
@@ -1218,6 +1221,9 @@ fi
 
 
 %changelog
+* Thu Apr 24 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.6-2
+- DoS vulnerability in the GIF image handler (QTBUG-38367)
+
 * Thu Apr 24 2014 Rex Dieter <rdieter@fedoraproject.org> 4.8.6-1
 - 4.8.6 (final)