rpms
/
qt5-qtbase
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

DoS vulnerability in the GIF image handler (QTBUG-38367)

This commit is contained in:
Rex Dieter 2014-04-24 16:29:59 -05:00
parent 73a3797332
commit 86ce10d90f
2 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
qt5-qtbase.spec
View File

@ -22,7 +22,7 @@
Summary: Qt5 - QtBase components
Name: qt5-qtbase
Version: 5.2.1
Release: 7%{?dist}
Release: 8%{?dist}
# See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
License: LGPLv2 with exceptions or GPLv3 with exceptions
@ -72,6 +72,10 @@ Patch50: qt5-poll.patch
##upstream patches
## security patches
# https://bugreports.qt-project.org/browse/QTBUG-38367
Patch200: qtbase-opensource-src-5.2.1-QTBUG-38367.patch
# macros
%define _qt5 %{name}
%define _qt5_prefix %{_libdir}/qt5
@ -265,6 +269,8 @@ rm -fv mkspecs/linux-g++*/qmake.conf.multilib-optflags
#patch50 -p1 -b .poll
%patch200 -p1 -b .QTBUG-38367
# drop -fexceptions from $RPM_OPT_FLAGS
RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed 's|-fexceptions||g'`
@ -688,6 +694,9 @@ popd
%changelog
* Thu Apr 24 2014 Rex Dieter <rdieter@fedoraproject.org> 5.2.1-8
- DoS vulnerability in the GIF image handler (QTBUG-38367)
* Wed Mar 26 2014 Rex Dieter <rdieter@fedoraproject.org> 5.2.1-7
- support ppc64le multilib (#1080629)

17
qtbase-opensource-src-5.2.1-QTBUG-38367.patch Normal file
View File

@ -0,0 +1,17 @@
diff -up qtbase-opensource-src-5.2.1/src/gui/image/qgifhandler.cpp.QTBUG-38367 qtbase-opensource-src-5.2.1/src/gui/image/qgifhandler.cpp
--- qtbase-opensource-src-5.2.1/src/gui/image/qgifhandler.cpp.QTBUG-38367 2014-02-01 14:37:35.000000000 -0600
+++ qtbase-opensource-src-5.2.1/src/gui/image/qgifhandler.cpp 2014-04-24 16:28:10.952100278 -0500
@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage *image, co
memset(bits, 0, image->byteCount());
}
+ // Check if the previous attempt to create the image failed. If it
+ // did then the image is broken and we should give up.
+ if (image->isNull()) {
+ state = Error;
+ return -1;
+ }
+
disposePrevious(image);
disposed = false;