Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
libqt4-sql-plugins.31633
CVE-2023-32763.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2023-32763.patch of Package libqt4-sql-plugins.31633
--- src/corelib/global/qnumeric_p.h | 24 ++++++++++++++++++++++++ src/gui/painting/qfixed_p.h | 9 +++++++++ src/gui/text/qtextlayout.cpp | 9 ++++++--- 3 files changed, 39 insertions(+), 3 deletions(-) --- a/src/gui/painting/qfixed_p.h +++ b/src/gui/painting/qfixed_p.h @@ -55,6 +55,7 @@ #include "QtCore/qdebug.h" #include "QtCore/qpoint.h" +#include <QtCore/private/qnumeric_p.h> #include "QtCore/qsize.h" QT_BEGIN_NAMESPACE @@ -181,6 +182,14 @@ inline bool operator>(const QFixed &f, int i) { return f.value() > (i<<6); } inline bool operator>(int i, const QFixed &f) { return (i<<6) > f.value(); } +inline bool qAddOverflow(QFixed v1, QFixed v2, QFixed *r) +{ + int val; + bool result = add_overflow(v1.value(), v2.value(), &val); + r->setValue(val); + return result; +} + #ifndef QT_NO_DEBUG_STREAM inline QDebug &operator<<(QDebug &dbg, const QFixed &f) { return dbg << f.toReal(); } --- a/src/gui/text/qtextlayout.cpp +++ b/src/gui/text/qtextlayout.cpp @@ -1933,11 +1933,14 @@ eng->maxWidth = qMax(eng->maxWidth, line.textWidth); } else { eng->minWidth = qMax(eng->minWidth, lbh.minw); - eng->maxWidth += line.textWidth; + if (qAddOverflow(eng->maxWidth, line.textWidth, &eng->maxWidth)) + eng->maxWidth = QFIXED_MAX; } - if (line.textWidth > 0 && item < eng->layoutData->items.size()) - eng->maxWidth += lbh.spaceData.textWidth; + if (line.textWidth > 0 && item < eng->layoutData->items.size()) { + if (qAddOverflow(eng->maxWidth, lbh.spaceData.textWidth, &eng->maxWidth)) + eng->maxWidth = QFIXED_MAX; + } if (eng->option.flags() & QTextOption::IncludeTrailingSpaces) line.textWidth += lbh.spaceData.textWidth; if (lbh.spaceData.length) { --- a/src/corelib/global/qnumeric_p.h +++ b/src/corelib/global/qnumeric_p.h @@ -238,6 +238,30 @@ } } +/* + * The section that follows, i.e., the add_overflow() implementation, was taken + * from ./src/corelib/global/qnumeric_p.h in an older (i.e., pre-c++11) version + * (as of commit 5ff7a3d96e0ce0dcb3d388b53d038cdd40c7a975) of the upstream code: + * https://code.qt.io/cgit/qt/qtbase.git/tree/src/corelib/global/qnumeric_p.h?id=5ff7a3d96e0ce0dcb3d388b53d038cdd40c7a975 + * + * These functions are needed to support part of the patch for CVE-2023-32763. + * The older versions are needed because enabling c++11 in this older version is + * not possible, as it breaks other parts of the build. Additionally, while the + * code from which this originates includes add_overflow implementations for + * both unsigned and signed operations, the specific implementation that is + * required for this patch is for signed addition, so that is the only method + * which has been backported. + */ +#include <limits> +// Signed overflow math + +inline bool add_overflow(int v1, int v2, int *r) +{ + qint64 t = qint64(v1) + v2; + *r = static_cast<int>(t); + return t > std::numeric_limits<int>::max() || t < std::numeric_limits<int>::min(); +} + QT_END_NAMESPACE #endif // QNUMERIC_P_H
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor