Resolves: #1931444, Clamp parsed doubles to float representable values
This commit is contained in:
parent
544460f7bb
commit
fb8373871e
@ -0,0 +1,40 @@
|
|||||||
|
diff -up qt-everywhere-opensource-src-4.8.7/src/svg/qsvghandler.cpp.me qt-everywhere-opensource-src-4.8.7/src/svg/qsvghandler.cpp
|
||||||
|
--- qt-everywhere-opensource-src-4.8.7/src/svg/qsvghandler.cpp.me 2021-03-09 14:23:00.636840796 +0100
|
||||||
|
+++ qt-everywhere-opensource-src-4.8.7/src/svg/qsvghandler.cpp 2021-03-09 21:34:46.240482104 +0100
|
||||||
|
@@ -68,6 +68,7 @@
|
||||||
|
#include "private/qmath_p.h"
|
||||||
|
|
||||||
|
#include "float.h"
|
||||||
|
+#include <cmath>
|
||||||
|
|
||||||
|
QT_BEGIN_NAMESPACE
|
||||||
|
|
||||||
|
@@ -630,15 +631,10 @@ static qreal toDouble(const QChar *&str)
|
||||||
|
if (neg)
|
||||||
|
val = -val;
|
||||||
|
} else {
|
||||||
|
-#if defined(Q_WS_QWS) && !defined(Q_OS_VXWORKS)
|
||||||
|
- if(sizeof(qreal) == sizeof(float))
|
||||||
|
- val = strtof(temp, 0);
|
||||||
|
- else
|
||||||
|
-#endif
|
||||||
|
- {
|
||||||
|
- bool ok = false;
|
||||||
|
- val = qstrtod(temp, 0, &ok);
|
||||||
|
- }
|
||||||
|
+ val = QByteArray::fromRawData(temp, pos).toDouble();
|
||||||
|
+ // Do not tolerate values too wild to be represented normally by floats
|
||||||
|
+ if (std::fpclassify(float(val)) != FP_NORMAL)
|
||||||
|
+ val = 0;
|
||||||
|
}
|
||||||
|
return val;
|
||||||
|
|
||||||
|
@@ -2945,6 +2941,8 @@ static QSvgStyleProperty *createRadialGr
|
||||||
|
ncy = toDouble(cy);
|
||||||
|
if (!r.isEmpty())
|
||||||
|
nr = toDouble(r);
|
||||||
|
+ if (nr < 0.5)
|
||||||
|
+ nr = 0.5;
|
||||||
|
|
||||||
|
qreal nfx = ncx;
|
||||||
|
if (!fx.isEmpty())
|
9
qt.spec
9
qt.spec
@ -43,7 +43,7 @@ Summary: Qt toolkit
|
|||||||
Name: qt
|
Name: qt
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 4.8.7
|
Version: 4.8.7
|
||||||
Release: 59%{?dist}
|
Release: 60%{?dist}
|
||||||
|
|
||||||
# See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
|
# See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
|
||||||
License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
|
License: (LGPLv2 with exceptions or GPLv3 with exceptions) and ASL 2.0 and BSD and FTL and MIT
|
||||||
@ -234,6 +234,9 @@ Patch500: qt-everywhere-opensource-src-4.8.7-crash-in-qppmhandler.patch
|
|||||||
# CVE-2020-17507 qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp
|
# CVE-2020-17507 qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp
|
||||||
Patch501: qt-CVE-2020-17507.patch
|
Patch501: qt-CVE-2020-17507.patch
|
||||||
|
|
||||||
|
# no CVE qt: Clamp parsed doubles to float representable values
|
||||||
|
Patch502: qt-everywhere-opensource-src-4.8.7-clamp-parsed-doubles-to-float-representtable-values.patch
|
||||||
|
|
||||||
# desktop files
|
# desktop files
|
||||||
Source20: assistant.desktop
|
Source20: assistant.desktop
|
||||||
Source21: designer.desktop
|
Source21: designer.desktop
|
||||||
@ -669,6 +672,7 @@ rm -rf src/3rdparty/clucene
|
|||||||
# security fixes
|
# security fixes
|
||||||
%patch500 -p1 -b .malformed-ppb-image-causing-crash
|
%patch500 -p1 -b .malformed-ppb-image-causing-crash
|
||||||
%patch501 -p1 -b .buffer-over-read-in-read_xbm_body
|
%patch501 -p1 -b .buffer-over-read-in-read_xbm_body
|
||||||
|
%patch502 -p1 -b .clamp-parsed-doubles-to-float-representtable-values
|
||||||
|
|
||||||
# regression fixes for the security fixes
|
# regression fixes for the security fixes
|
||||||
%patch84 -p1 -b .QTBUG-35459
|
%patch84 -p1 -b .QTBUG-35459
|
||||||
@ -1391,6 +1395,9 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Mar 09 2021 Than Ngo <than@redhat.com> - 4.8.7-60
|
||||||
|
- Resolves: #1931444, Clamp parsed doubles to float representable values
|
||||||
|
|
||||||
* Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 1:4.8.7-59
|
* Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 1:4.8.7-59
|
||||||
- rebuild for libpq ABI fix rhbz#1908268
|
- rebuild for libpq ABI fix rhbz#1908268
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user