Репозитории ALT
| S: | 4.8.7-alt25 |
| 5.1: | 4.6.3-alt1.M51.1 |
| 4.1: | 4.4.3-alt1.M41.1 |
| 4.0: | 4.3.4-alt5.M40.1 |
| 3.0: | 4.0.1-alt1 |
| +updates: | 4.0.1-alt2 |
| +backports: | 4.2.3-alt7.1.M30 |
Группа :: Система/Библиотеки
Пакет: qt4
навигация по пакетам
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: CVE-2018-19872.patch
Скачать
Скачать
From 8c4207dddf9b2af0767de2ef0a10652612d462a5 Mon Sep 17 00:00:00 2001
From: Eirik Aavitsland <eirik.aavitsland@qt.io>
Date: Thu, 2 Aug 2018 13:11:20 +0200
Subject: [PATCH] Fix crash in qppmhandler for certain malformed image files
The ppm format specifies that the maximum color value field must be
less than 65536. The handler did not enforce this, leading to
potentional overflow when the value was used in 16 bits context.
Task-number: QTBUG-69449
Change-Id: Iea7a7e0f8953ec1ea8571e215687d12a9d77e11c
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
---
src/gui/image/qppmhandler.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/src/gui/image/qppmhandler.cpp
+++ b/src/gui/image/qppmhandler.cpp
@@ -108,7 +108,7 @@
else
mcc = read_pbm_int(device); // get max color component
- if (w <= 0 || w > 32767 || h <= 0 || h > 32767 || mcc <= 0)
+ if (w <= 0 || w > 32767 || h <= 0 || h > 32767 || mcc <= 0 || mcc > 0xffff)
return false; // weird P.M image
return true;