diff options
Diffstat (limited to 'recipes-qt/qt5/qtsvg/CVE-2021-3481.patch')
| -rw-r--r-- | recipes-qt/qt5/qtsvg/CVE-2021-3481.patch | 73 |
1 files changed, 0 insertions, 73 deletions
diff --git a/recipes-qt/qt5/qtsvg/CVE-2021-3481.patch b/recipes-qt/qt5/qtsvg/CVE-2021-3481.patch deleted file mode 100644 index 1b67914c..00000000 --- a/recipes-qt/qt5/qtsvg/CVE-2021-3481.patch +++ /dev/null @@ -1,73 +0,0 @@ -CVE: CVE-2021-3481 -Upstream-Status: Backport [https://codereview.qt-project.org/gitweb?p=qt%2Fqtsvg.git;a=commit;h=bfd6ee0] - -Backport and squash commits 85b70a721695991e8a5bbe4aa52e5320e170e90c and -bfd6ee0d8cf34b63d32adf10ed93daa0086b359f to fix CVE-2021-3481. - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From 6c40fd492eafabe67177c0e84839beec5be298b8 Mon Sep 17 00:00:00 2001 -From: Eirik Aavitsland <eirik.aavitsland@qt.io> -Date: Tue, 1 Dec 2020 14:39:59 +0100 -Subject: [PATCH] Improve handling of malformed numeric values in svg files -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Catch cases where the input is not containable in a qreal, and avoid -passing on inf values. - -Pick-to: 6.0 5.15 5.12 -Change-Id: I1ab8932d94473916815385240c29e03afb0e0c9e -Reviewed-by: Robert Loehning <robert.loehning@qt.io> -Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> - -Clamp parsed doubles to float representable values - -Parts of our rendering assumes incoming doubles can still be sane -floats. - -Pick-to: 6.1 6.0 5.15 5.12 -Fixes: QTBUG-91507 -Change-Id: I7086a121e1b5ed47695a1251ea90e774dd8f148d -Reviewed-by: Robert Löhning <robert.loehning@qt.io> -Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> -Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> ---- - src/svg/qsvghandler.cpp | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp -index c937254..9dac05c 100644 ---- a/src/svg/qsvghandler.cpp -+++ b/src/svg/qsvghandler.cpp -@@ -65,6 +65,7 @@ - #include "private/qmath_p.h" - - #include "float.h" -+#include <cmath> - - QT_BEGIN_NAMESPACE - -@@ -672,6 +673,9 @@ static qreal toDouble(const QChar *&str) - val = -val; - } else { - val = QByteArray::fromRawData(temp, pos).toDouble(); -+ // Do not tolerate values too wild to be represented normally by floats -+ if (qFpClassify(float(val)) != FP_NORMAL) -+ val = 0; - } - return val; - -@@ -3043,6 +3047,8 @@ static QSvgStyleProperty *createRadialGradientNode(QSvgNode *node, - ncy = toDouble(cy); - if (!r.isEmpty()) - nr = toDouble(r); -+ if (nr < 0.5) -+ nr = 0.5; - - qreal nfx = ncx; - if (!fx.isEmpty()) --- -2.29.2 - |