From 10f297832bfe458406ee3a244e1093883bd021d2 Mon Sep 17 00:00:00 2001
From: Jan Grulich <jgrulich@redhat.com>
Date: Thu, 18 May 2023 10:16:01 +0200
Subject: [PATCH] Fix uninitialized variable usage in m_unitsPerEm
 (CVE-2023-32573)

---
 .qt5-qtsvg.metadata        |  1 +
 qt5-qtsvg.spec             |  8 +++++++-
 qtsvg-CVE-2023-32573.patch | 34 ++++++++++++++++++++++++++++++++++
 3 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 .qt5-qtsvg.metadata
 create mode 100644 qtsvg-CVE-2023-32573.patch

diff --git a/.qt5-qtsvg.metadata b/.qt5-qtsvg.metadata
new file mode 100644
index 0000000..4d19c3a
--- /dev/null
+++ b/.qt5-qtsvg.metadata
@@ -0,0 +1 @@
+0e2402a26d18744ef2479bda008ad620a6f45f37 qtsvg-everywhere-opensource-src-5.15.9.tar.xz
diff --git a/qt5-qtsvg.spec b/qt5-qtsvg.spec
index 8289c54..20da649 100644
--- a/qt5-qtsvg.spec
+++ b/qt5-qtsvg.spec
@@ -5,7 +5,7 @@
 Summary: Qt5 - Support for rendering and displaying SVG
 Name:    qt5-%{qt_module}
 Version: 5.15.9
-Release: 1%{?dist}
+Release: 2%{?dist}
 
 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
 License: LGPLv2 with exceptions or GPLv3 with exceptions
@@ -13,6 +13,8 @@ Url:     http://www.qt.io
 %global majmin %(echo %{version} | cut -d. -f1-2)
 Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-opensource-src-%{version}.tar.xz
 
+Patch0:  qtsvg-CVE-2023-32573.patch
+
 BuildRequires: make
 BuildRequires: qt5-qtbase-devel >= %{version}
 BuildRequires: pkgconfig(zlib)
@@ -107,6 +109,10 @@ popd
 %endif
 
 %changelog
+* Thu May 18 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-2
+- Fix uninitialized variable usage in m_unitsPerEm (CVE-2023-32573)
+  Resolves: bz#2208140
+
 * Tue Apr 18 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-1
 - 5.15.9
   Resolves: bz#2175742
diff --git a/qtsvg-CVE-2023-32573.patch b/qtsvg-CVE-2023-32573.patch
new file mode 100644
index 0000000..0554756
--- /dev/null
+++ b/qtsvg-CVE-2023-32573.patch
@@ -0,0 +1,34 @@
+--- a/src/svg/qsvgfont_p.h
++++ b/src/svg/qsvgfont_p.h
+@@ -74,6 +74,7 @@ public:
+ class Q_SVG_PRIVATE_EXPORT QSvgFont : public QSvgRefCounted
+ {
+ public:
++    static constexpr qreal DEFAULT_UNITS_PER_EM = 1000;
+     QSvgFont(qreal horizAdvX);
+
+     void setFamilyName(const QString &name);
+@@ -86,9 +87,7 @@ public:
+     void draw(QPainter *p, const QPointF &point, const QString &str, qreal pixelSize, Qt::Alignment alignment) const;
+ public:
+     QString m_familyName;
+-    qreal m_unitsPerEm;
+-    qreal m_ascent;
+-    qreal m_descent;
++    qreal m_unitsPerEm = DEFAULT_UNITS_PER_EM;
+     qreal m_horizAdvX;
+     QHash<QChar, QSvgGlyph> m_glyphs;
+ };
+
+
+--- a/src/svg/qsvghandler.cpp
++++ b/src/svg/qsvghandler.cpp
+@@ -2668,7 +2668,7 @@ static bool parseFontFaceNode(QSvgStyleProperty *parent,
+
+     qreal unitsPerEm = toDouble(unitsPerEmStr);
+     if (!unitsPerEm)
+-        unitsPerEm = 1000;
++        unitsPerEm = QSvgFont::DEFAULT_UNITS_PER_EM;
+
+     if (!name.isEmpty())
+         font->setFamilyName(name);