Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
libqt4
CVE-2021-3481.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2021-3481.patch of Package libqt4
From: Fabian Vogt <fvogt@suse.de> Subject: Clamp parsed doubles to float representable values Fixes: QTBUG-91507, CVE-2021-3481, boo#1184783 Backport of two upstream patches: From fbe87464350f8bd66ddef5653280fac6bfadab3b Mon Sep 17 00:00:00 2001 From: Eirik Aavitsland <eirik.aavitsland@qt.io> Date: Tue, 1 Dec 2020 14:39:59 +0100 Subject: [PATCH] Improve handling of malformed numeric values in svg files Catch cases where the input is not containable in a qreal, and avoid passing on inf values. Change-Id: I1ab8932d94473916815385240c29e03afb0e0c9e Reviewed-by: Robert Loehning <robert.loehning@qt.io> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> (cherry picked from commit 428d56da9d5ed9bda51f7cc3c144996fb3a6a285) From 9311a42677db244cd1c584f27270fa73f69d90d7 Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen <allan.jensen@qt.io> Date: Thu, 4 Mar 2021 14:28:48 +0100 Subject: [PATCH] Clamp parsed doubles to float representable values MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Parts of our rendering assumes incoming doubles can still be sane floats. Fixes: QTBUG-91507 Change-Id: I7086a121e1b5ed47695a1251ea90e774dd8f148d Reviewed-by: Robert Löhning <robert.loehning@qt.io> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> (cherry picked from commit bfd6ee0d8cf34b63d32adf10ed93daa0086b359f Index: qt-everywhere-opensource-src-4.8.7/src/svg/qsvghandler.cpp =================================================================== --- qt-everywhere-opensource-src-4.8.7.orig/src/svg/qsvghandler.cpp +++ qt-everywhere-opensource-src-4.8.7/src/svg/qsvghandler.cpp @@ -638,6 +638,9 @@ static qreal toDouble(const QChar *&str) { bool ok = false; val = qstrtod(temp, 0, &ok); + // Do not tolerate values too wild to be represented normally by floats + if (fpclassify(float(val)) != FP_NORMAL) + val = 0; } } return val; @@ -2946,6 +2949,8 @@ static QSvgStyleProperty *createRadialGr ncy = toDouble(cy); if (!r.isEmpty()) nr = toDouble(r); + if (nr < 0.5) + nr = 0.5; qreal nfx = ncx; if (!fx.isEmpty())
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor