qt4: add patch for GIF denial-of-service vulnerability

For further details, see: https://bugreports.qt-project.org/browse/QTBUG-38367 (From OE-Core rev: c322f67808bb36c5fea3fbabd30aa242e408fc50) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-05-28 11:49:30 +01:00 · 2014-05-28 11:49:30 +01:00 · 1380d51659
parent 5bd29501ad
commit 1380d51659
2 changed files with 48 additions and 0 deletions
--- a/meta/recipes-qt/qt4/qt4-4.8.6.inc
+++ b/meta/recipes-qt/qt4/qt4-4.8.6.inc
@ -21,6 +21,7 @@ SRC_URI = "http://download.qt-project.org/official_releases/qt/4.8/${PV}/qt-ever
           file://0018-configure-make-pulseaudio-a-configurable-option.patch \
           file://0019-Fixes-for-gcc-4.7.0-particularly-on-qemux86.patch \
           file://0027-tools.pro-disable-qmeegographicssystemhelper.patch \
+           file://0028-Don-t-crash-on-broken-GIF-images.patch \
           file://g++.conf \
           file://linux.conf \
           "
--- a/meta/recipes-qt/qt4/qt4-4.8.6/0028-Don-t-crash-on-broken-GIF-images.patch
+++ b/meta/recipes-qt/qt4/qt4-4.8.6/0028-Don-t-crash-on-broken-GIF-images.patch
@ -0,0 +1,47 @@
+From f1b76c126c476c155af8c404b97c42cd1a709333 Mon Sep 17 00:00:00 2001
+From: Lars Knoll <lars.knoll@digia.com>
+Date: Thu, 24 Apr 2014 15:33:27 +0200
+Subject: [PATCH] Don't crash on broken GIF images
+
+Broken GIF images could set invalid width and height
+values inside the image, leading to Qt creating a null
+QImage for it. In that case we need to abort decoding
+the image and return an error.
+
+Initial patch by Rich Moore.
+
+Backport of Id82a4036f478bd6e49c402d6598f57e7e5bb5e1e from Qt 5
+
+Task-number: QTBUG-38367
+Change-Id: I0680740018aaa8356d267b7af3f01fac3697312a
+Security-advisory: CVE-2014-0190
+Reviewed-by: Richard J. Moore <rich@kde.org>
+
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+---
+ src/gui/image/qgifhandler.cpp | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp
+index 3324f04..5199dd3 100644
+--- a/src/gui/image/qgifhandler.cpp
+++ b/src/gui/image/qgifhandler.cpp
+@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage *image, const uchar *buffer, int length,
+                     memset(bits, 0, image->byteCount());
+                 }
+ 
+                // Check if the previous attempt to create the image failed. If it
+                // did then the image is broken and we should give up.
+                if (image->isNull()) {
+                    state = Error;
+                    return -1;
+                }
+
+                 disposePrevious(image);
+                 disposed = false;
+ 
+-- 
+1.9.3
+