Fix uninitialized variable usage in m_unitsPerEm (CVE-2023-32573)
Resolves: bz#2208141
This commit is contained in:
parent
a498a9257d
commit
26cb75e93d
@ -5,7 +5,7 @@
|
||||
Summary: Qt5 - Support for rendering and displaying SVG
|
||||
Name: qt5-%{qt_module}
|
||||
Version: 5.15.3
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
|
||||
# See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
|
||||
License: LGPLv2 with exceptions or GPLv3 with exceptions
|
||||
@ -16,7 +16,7 @@ Source0: https://download.qt.io/official_releases/qt/%{majmin}/%{version}/submod
|
||||
# upstream fix
|
||||
Patch0: qtsvg-5.15.2-clamp-parsed-doubles-to-float-representtable-values.patch
|
||||
Patch1: qtsvg-5.15.2-do-strict-error-checking-when-parsing-path-nodes.patch
|
||||
|
||||
Patch2: qtsvg-CVE-2023-32573.patch
|
||||
|
||||
BuildRequires: qt5-qtbase-devel >= %{version}
|
||||
BuildRequires: pkgconfig(zlib)
|
||||
@ -124,6 +124,10 @@ popd
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu May 18 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.3-2
|
||||
- Fix uninitialized variable usage in m_unitsPerEm (CVE-2023-32573)
|
||||
Resolves: bz#2208141
|
||||
|
||||
* Mon Mar 28 2022 Jan Grulich <jgrulich@redhat.com> - 5.15.3-1
|
||||
- 5.15.3
|
||||
Resolves: bz#2061405
|
||||
|
34
qtsvg-CVE-2023-32573.patch
Normal file
34
qtsvg-CVE-2023-32573.patch
Normal file
@ -0,0 +1,34 @@
|
||||
--- a/src/svg/qsvgfont_p.h
|
||||
+++ b/src/svg/qsvgfont_p.h
|
||||
@@ -74,6 +74,7 @@ public:
|
||||
class Q_SVG_PRIVATE_EXPORT QSvgFont : public QSvgRefCounted
|
||||
{
|
||||
public:
|
||||
+ static constexpr qreal DEFAULT_UNITS_PER_EM = 1000;
|
||||
QSvgFont(qreal horizAdvX);
|
||||
|
||||
void setFamilyName(const QString &name);
|
||||
@@ -86,9 +87,7 @@ public:
|
||||
void draw(QPainter *p, const QPointF &point, const QString &str, qreal pixelSize, Qt::Alignment alignment) const;
|
||||
public:
|
||||
QString m_familyName;
|
||||
- qreal m_unitsPerEm;
|
||||
- qreal m_ascent;
|
||||
- qreal m_descent;
|
||||
+ qreal m_unitsPerEm = DEFAULT_UNITS_PER_EM;
|
||||
qreal m_horizAdvX;
|
||||
QHash<QChar, QSvgGlyph> m_glyphs;
|
||||
};
|
||||
|
||||
|
||||
--- a/src/svg/qsvghandler.cpp
|
||||
+++ b/src/svg/qsvghandler.cpp
|
||||
@@ -2668,7 +2668,7 @@ static bool parseFontFaceNode(QSvgStyleProperty *parent,
|
||||
|
||||
qreal unitsPerEm = toDouble(unitsPerEmStr);
|
||||
if (!unitsPerEm)
|
||||
- unitsPerEm = 1000;
|
||||
+ unitsPerEm = QSvgFont::DEFAULT_UNITS_PER_EM;
|
||||
|
||||
if (!name.isEmpty())
|
||||
font->setFamilyName(name);
|
Loading…
Reference in New Issue
Block a user