Resolves: #1931444, Clamp parsed doubles to float representable values

2021-03-10 09:02:38 +01:00 · 2021-03-10 09:02:38 +01:00 · fb8373871e
parent 544460f7bb
commit fb8373871e
2 changed files with 48 additions and 1 deletions
--- a/qt-everywhere-opensource-src-4.8.7-clamp-parsed-doubles-to-float-representtable-values.patch
+++ b/qt-everywhere-opensource-src-4.8.7-clamp-parsed-doubles-to-float-representtable-values.patch
@ -0,0 +1,40 @@
+diff -up qt-everywhere-opensource-src-4.8.7/src/svg/qsvghandler.cpp.me qt-everywhere-opensource-src-4.8.7/src/svg/qsvghandler.cpp
+--- qt-everywhere-opensource-src-4.8.7/src/svg/qsvghandler.cpp.me	2021-03-09 14:23:00.636840796 +0100
+++ qt-everywhere-opensource-src-4.8.7/src/svg/qsvghandler.cpp	2021-03-09 21:34:46.240482104 +0100
+@@ -68,6 +68,7 @@
+ #include "private/qmath_p.h"
+ 
+ #include "float.h"
+#include <cmath>
+ 
+ QT_BEGIN_NAMESPACE
+ 
+@@ -630,15 +631,10 @@ static qreal toDouble(const QChar *&str)
+         if (neg)
+             val = -val;
+     } else {
+-#if defined(Q_WS_QWS) && !defined(Q_OS_VXWORKS)
+-        if(sizeof(qreal) == sizeof(float))
+-            val = strtof(temp, 0);
+-        else
+-#endif
+-        {
+-            bool ok = false;
+-            val = qstrtod(temp, 0, &ok);
+-        }
+        val = QByteArray::fromRawData(temp, pos).toDouble();
+        // Do not tolerate values too wild to be represented normally by floats
+        if (std::fpclassify(float(val)) != FP_NORMAL)
+            val = 0;
+     }
+     return val;
+ 
+@@ -2945,6 +2941,8 @@ static QSvgStyleProperty *createRadialGr
+         ncy = toDouble(cy);
+     if (!r.isEmpty())
+         nr = toDouble(r);
+    if (nr < 0.5)
+        nr = 0.5;
+ 
+     qreal nfx = ncx;
+     if (!fx.isEmpty())
--- a/qt.spec
+++ b/qt.spec
@ -43,7 +43,7 @@ Summary: Qt toolkit
 Name:    qt
 Epoch:   1
 Version: 4.8.7
-Release: 59%{?dist}
+Release: 60%{?dist}

 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
 License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
@ -234,6 +234,9 @@ Patch500: qt-everywhere-opensource-src-4.8.7-crash-in-qppmhandler.patch
 # CVE-2020-17507 qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp
 Patch501: qt-CVE-2020-17507.patch

+# no CVE qt: Clamp parsed doubles to float representable values
+Patch502: qt-everywhere-opensource-src-4.8.7-clamp-parsed-doubles-to-float-representtable-values.patch
+
 # desktop files
 Source20: assistant.desktop
 Source21: designer.desktop
@ -669,6 +672,7 @@ rm -rf src/3rdparty/clucene
 # security fixes
 %patch500 -p1 -b .malformed-ppb-image-causing-crash
 %patch501 -p1 -b .buffer-over-read-in-read_xbm_body
+%patch502 -p1 -b .clamp-parsed-doubles-to-float-representtable-values

 # regression fixes for the security fixes
 %patch84 -p1 -b .QTBUG-35459
@ -1391,6 +1395,9 @@ fi


 %changelog
+* Tue Mar 09 2021 Than Ngo <than@redhat.com> - 4.8.7-60
+- Resolves: #1931444, Clamp parsed doubles to float representable values 
+
 * Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 1:4.8.7-59
 - rebuild for libpq ABI fix rhbz#1908268