rpms/qt5-qtsvg
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix uninitialized variable usage in m_unitsPerEm (CVE-2023-32573)

Browse Source
This commit is contained in:
Jan Grulich 2023-05-18 10:16:01 +02:00 committed by Stepan Oksanichenko
parent 660162554a
commit 10f297832b
3 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.qt5-qtsvg.metadata Normal file
View File

@ -0,0 +1 @@
0e2402a26d18744ef2479bda008ad620a6f45f37 qtsvg-everywhere-opensource-src-5.15.9.tar.xz

8
qt5-qtsvg.spec
View File

@ -5,7 +5,7 @@
Summary: Qt5 - Support for rendering and displaying SVG Summary: Qt5 - Support for rendering and displaying SVG
Name: qt5-%{qt_module} Name: qt5-%{qt_module}
Version: 5.15.9 Version: 5.15.9
Release: 1%{?dist} Release: 2%{?dist}
# See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
License: LGPLv2 with exceptions or GPLv3 with exceptions License: LGPLv2 with exceptions or GPLv3 with exceptions
@ -13,6 +13,8 @@ Url: http://www.qt.io
%global majmin %(echo %{version} | cut -d. -f1-2) %global majmin %(echo %{version} | cut -d. -f1-2)
Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-opensource-src-%{version}.tar.xz Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-opensource-src-%{version}.tar.xz
Patch0: qtsvg-CVE-2023-32573.patch
BuildRequires: make BuildRequires: make
BuildRequires: qt5-qtbase-devel >= %{version} BuildRequires: qt5-qtbase-devel >= %{version}
BuildRequires: pkgconfig(zlib) BuildRequires: pkgconfig(zlib)
@ -107,6 +109,10 @@ popd
%endif %endif
%changelog %changelog
* Thu May 18 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-2
- Fix uninitialized variable usage in m_unitsPerEm (CVE-2023-32573)
Resolves: bz#2208140
* Tue Apr 18 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-1 * Tue Apr 18 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-1
- 5.15.9 - 5.15.9
Resolves: bz#2175742 Resolves: bz#2175742

34
qtsvg-CVE-2023-32573.patch Normal file
View File

@ -0,0 +1,34 @@
--- a/src/svg/qsvgfont_p.h
+++ b/src/svg/qsvgfont_p.h
@@ -74,6 +74,7 @@ public:
class Q_SVG_PRIVATE_EXPORT QSvgFont : public QSvgRefCounted
{
public:
+ static constexpr qreal DEFAULT_UNITS_PER_EM = 1000;
QSvgFont(qreal horizAdvX);
void setFamilyName(const QString &name);
@@ -86,9 +87,7 @@ public:
void draw(QPainter *p, const QPointF &point, const QString &str, qreal pixelSize, Qt::Alignment alignment) const;
public:
QString m_familyName;
- qreal m_unitsPerEm;
- qreal m_ascent;
- qreal m_descent;
+ qreal m_unitsPerEm = DEFAULT_UNITS_PER_EM;
qreal m_horizAdvX;
QHash<QChar, QSvgGlyph> m_glyphs;
};
--- a/src/svg/qsvghandler.cpp
+++ b/src/svg/qsvghandler.cpp
@@ -2668,7 +2668,7 @@ static bool parseFontFaceNode(QSvgStyleProperty *parent,
qreal unitsPerEm = toDouble(unitsPerEmStr);
if (!unitsPerEm)
- unitsPerEm = 1000;
+ unitsPerEm = QSvgFont::DEFAULT_UNITS_PER_EM;
if (!name.isEmpty())
font->setFamilyName(name);