ALT Linux repos
| S: | 4.8.7-alt25 |
| 5.0: | 4.5.2-alt1.M50.1 |
| 4.1: | 4.4.3-alt1.M41.1 |
| 4.0: | 4.3.4-alt5.M40.1 |
| 3.0: | 4.0.1-alt1 |
| +updates: | 4.0.1-alt2 |
| +backports: | 4.2.3-alt7.1.M30 |
Group :: System/Libraries
RPM: qt4
Navigation
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
Patch: CVE-2018-19869.patch
Download
Download
From 8c199714e9bc638fb3f6ec747fb7a23373e49335 Mon Sep 17 00:00:00 2001
From: Eirik Aavitsland <eirik.aavitsland@qt.io>
Date: Mon, 9 Jul 2018 10:45:22 +0200
Subject: [PATCH] Fix crash when parsing malformed url reference
The parsing did not check for end of input.
Change-Id: I56a478877d242146395977b767511425d2b8ced1
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
---
src/svg/qsvghandler.cpp | 11 +++++----
tests/auto/qsvgrenderer/tst_qsvgrenderer.cpp | 26 ++++++++++++++++++++
2 files changed, 32 insertions(+), 5 deletions(-)
--- a/src/svg/qsvghandler.cpp
+++ b/src/svg/qsvghandler.cpp
@@ -746,16 +746,17 @@
static QString idFromUrl(const QString &url)
{QString::const_iterator itr = url.constBegin();
- while ((*itr).isSpace())
+ QString::const_iterator end = url.constEnd();
+ while (itr != end && (*itr).isSpace())
++itr;
- if ((*itr) == QLatin1Char('('))+ if (itr != end && (*itr) == QLatin1Char('('))++itr;
- while ((*itr).isSpace())
+ while (itr != end && (*itr).isSpace())
++itr;
- if ((*itr) == QLatin1Char('#'))+ if (itr != end && (*itr) == QLatin1Char('#'))++itr;
QString id;
- while ((*itr) != QLatin1Char(')')) {+ while (itr != end && (*itr) != QLatin1Char(')')) {id += *itr;
++itr;
}