ALT Linux repos
S: | 4.8.7-alt25 |
5.0: | 4.5.2-alt1.M50.1 |
4.1: | 4.4.3-alt1.M41.1 |
4.0: | 4.3.4-alt5.M40.1 |
3.0: | 4.0.1-alt1 |
+updates: | 4.0.1-alt2 |
+backports: | 4.2.3-alt7.1.M30 |
Group :: System/Libraries
RPM: qt4
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
Patch: CVE-2020-17507.patch
Download
Download
Description: fix buffer overflow in XBM parser
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=1616c71921b73b22
Last-Update: 2020-08-18
---
src/gui/image/qxbmhandler.cpp | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/src/gui/image/qxbmhandler.cpp
+++ b/src/gui/image/qxbmhandler.cpp
@@ -154,7 +154,9 @@ static bool read_xbm_body(QIODevice *dev
w = (w+7)/8; // byte width
while (y < h) { // for all encoded bytes...
- if (p) { // p = "0x.."
+ if (p && p < (buf + readBytes - 3)) { // p = "0x.."
+ if (!isxdigit(p[2]) || !isxdigit(p[3]))
+ return false;
*b++ = hex2byte(p+2);
p += 2;
if (++x == w && ++y < h) {