From 26cb75e93d3974b0918968be643c8f3d6213c481 Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Thu, 18 May 2023 10:16:01 +0200 Subject: [PATCH] Fix uninitialized variable usage in m_unitsPerEm (CVE-2023-32573) Resolves: bz#2208141 --- qt5-qtsvg.spec | 8 ++++++-- qtsvg-CVE-2023-32573.patch | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 qtsvg-CVE-2023-32573.patch diff --git a/qt5-qtsvg.spec b/qt5-qtsvg.spec index f6c178e..980cb8b 100644 --- a/qt5-qtsvg.spec +++ b/qt5-qtsvg.spec @@ -5,7 +5,7 @@ Summary: Qt5 - Support for rendering and displaying SVG Name: qt5-%{qt_module} Version: 5.15.3 -Release: 1%{?dist} +Release: 2%{?dist} # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -16,7 +16,7 @@ Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submod # upstream fix Patch0: qtsvg-5.15.2-clamp-parsed-doubles-to-float-representtable-values.patch Patch1: qtsvg-5.15.2-do-strict-error-checking-when-parsing-path-nodes.patch - +Patch2: qtsvg-CVE-2023-32573.patch BuildRequires: qt5-qtbase-devel >= %{version} BuildRequires: pkgconfig(zlib) @@ -124,6 +124,10 @@ popd %changelog +* Thu May 18 2023 Jan Grulich - 5.15.3-2 +- Fix uninitialized variable usage in m_unitsPerEm (CVE-2023-32573) + Resolves: bz#2208141 + * Mon Mar 28 2022 Jan Grulich - 5.15.3-1 - 5.15.3 Resolves: bz#2061405 diff --git a/qtsvg-CVE-2023-32573.patch b/qtsvg-CVE-2023-32573.patch new file mode 100644 index 0000000..0554756 --- /dev/null +++ b/qtsvg-CVE-2023-32573.patch @@ -0,0 +1,34 @@ +--- a/src/svg/qsvgfont_p.h ++++ b/src/svg/qsvgfont_p.h +@@ -74,6 +74,7 @@ public: + class Q_SVG_PRIVATE_EXPORT QSvgFont : public QSvgRefCounted + { + public: ++ static constexpr qreal DEFAULT_UNITS_PER_EM = 1000; + QSvgFont(qreal horizAdvX); + + void setFamilyName(const QString &name); +@@ -86,9 +87,7 @@ public: + void draw(QPainter *p, const QPointF &point, const QString &str, qreal pixelSize, Qt::Alignment alignment) const; + public: + QString m_familyName; +- qreal m_unitsPerEm; +- qreal m_ascent; +- qreal m_descent; ++ qreal m_unitsPerEm = DEFAULT_UNITS_PER_EM; + qreal m_horizAdvX; + QHash m_glyphs; + }; + + +--- a/src/svg/qsvghandler.cpp ++++ b/src/svg/qsvghandler.cpp +@@ -2668,7 +2668,7 @@ static bool parseFontFaceNode(QSvgStyleProperty *parent, + + qreal unitsPerEm = toDouble(unitsPerEmStr); + if (!unitsPerEm) +- unitsPerEm = 1000; ++ unitsPerEm = QSvgFont::DEFAULT_UNITS_PER_EM; + + if (!name.isEmpty()) + font->setFamilyName(name);