From 20e8a011830cabec2fbe218562b8dcb4a3907254 Mon Sep 17 00:00:00 2001
From: Jaroslav Reznik <jreznik@redhat.com>
Date: Tue, 3 Apr 2012 11:00:17 +0200
Subject: [PATCH] Fix a crash in cursorToX() when new block is added
 (QTBUG-24718)

---
 ...erywhere-opensource-src-4.8.1-QTBUG-24718.patch | 14 ++++++++++++++
 qt.spec                                            |  9 ++++++++-
 2 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 qt-everywhere-opensource-src-4.8.1-QTBUG-24718.patch

diff --git a/qt-everywhere-opensource-src-4.8.1-QTBUG-24718.patch b/qt-everywhere-opensource-src-4.8.1-QTBUG-24718.patch
new file mode 100644
index 0000000..003a0a6
--- /dev/null
+++ b/qt-everywhere-opensource-src-4.8.1-QTBUG-24718.patch
@@ -0,0 +1,14 @@
+diff -up qt-everywhere-opensource-src-4.8.1/src/gui/text/qtextlayout.cpp.QTBUG-24718 qt-everywhere-opensource-src-4.8.1/src/gui/text/qtextlayout.cpp
+--- qt-everywhere-opensource-src-4.8.1/src/gui/text/qtextlayout.cpp.QTBUG-24718	2012-03-14 15:01:14.000000000 +0100
++++ qt-everywhere-opensource-src-4.8.1/src/gui/text/qtextlayout.cpp	2012-04-03 10:53:12.973058622 +0200
+@@ -2508,6 +2508,10 @@ qreal QTextLine::cursorToX(int *cursorPo
+     int pos = *cursorPos;
+     int itm;
+     const HB_CharAttributes *attributes = eng->attributes();
++    if (!attributes) {
++        *cursorPos = 0;
++        return x.toReal();
++    }
+     while (pos < line.from + line.length && !attributes[pos].charStop)
+         pos++;
+     if (pos == line.from + (int)line.length) {
diff --git a/qt.spec b/qt.spec
index d5b7950..5a89451 100644
--- a/qt.spec
+++ b/qt.spec
@@ -11,7 +11,7 @@ Summary: Qt toolkit
 Name:    qt
 Epoch:   1
 Version: 4.8.1
-Release: 4%{?dist}
+Release: 5%{?dist}
 
 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
 License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
@@ -108,6 +108,9 @@ Patch81: qt-everywhere-opensource-src-4.8.0-gcc-4.7.patch
 # upstream patches
 # http://codereview.qt-project.org/#change,22006
 Patch100: qt-everywhere-opensource-src-4.8.1-qtgahandle.patch
+# Fix a crash in cursorToX() when new block is added
+# http://codereview.qt-project.org/22142
+Patch101: qt-everywhere-opensource-src-4.8.1-QTBUG-24718.patch
 
 # security patches
 # CVE-2011-3922 qt: Stack-based buffer overflow in embedded harfbuzz code
@@ -439,6 +442,7 @@ rm -fv mkspecs/linux-g++*/qmake.conf.multilib-optflags
 
 # upstream patches
 %patch100 -p1 -b .QTgaHandler
+%patch101 -p1 -b .QTBUG-24718
 
 # security fixes
 %patch200 -p1 -b .CVE-2011-3922
@@ -1063,6 +1067,9 @@ fi
 
 
 %changelog
+* Tue Apr 03 2012 Jaroslav Reznik <jreznik@redhat.com> - 4.8.1-5
+- Fix a crash in cursorToX() when new block is added (QTBUG-24718)
+
 * Fri Mar 30 2012 Than Ngo <than@redhat.com> - 4.8.1-4
 - Fix QTgaHandler::canRead() not obeying image plugin specs