Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP2
libqt5-qtsvg.21342
0003-Fix-oom-in-QSvgTinyDocument-load.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0003-Fix-oom-in-QSvgTinyDocument-load.patch of Package libqt5-qtsvg.21342
From 25aef2d0f6bc1c0337309505eab78f98c54a40e8 Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen <allan.jensen@qt.io> Date: Tue, 23 Jun 2020 11:24:47 +0200 Subject: [PATCH 03/21] Fix oom in QSvgTinyDocument::load Avoid overflowing the size integer. Fixes ozz-fuzz 23606 Change-Id: Iaae2c1e78e59737bba0e34791de4a3a92677f319 Reviewed-by: Robert Loehning <robert.loehning@qt.io> Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io> (cherry picked from commit 99a86c1bc347092d76f1288d901b30643b8eea6c) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit 44d3c3535038d3a90142d718ff833f5f1ac2720a) --- src/svg/qsvgtinydocument.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/svg/qsvgtinydocument.cpp b/src/svg/qsvgtinydocument.cpp index 6889f7b..695e7c6 100644 --- a/src/svg/qsvgtinydocument.cpp +++ b/src/svg/qsvgtinydocument.cpp @@ -125,6 +125,12 @@ QByteArray qt_inflateGZipDataFrom(QIODevice *device) do { // Prepare the destination buffer int oldSize = destination.size(); + if (oldSize > INT_MAX - CHUNK_SIZE) { + inflateEnd(&zlibStream); + qCWarning(lcSvgHandler, "Error while inflating gzip file: integer size overflow"); + return destination; + } + destination.resize(oldSize + CHUNK_SIZE); zlibStream.next_out = reinterpret_cast<Bytef*>( destination.data() + oldSize - zlibStream.avail_out); -- 2.20.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor