master

分支 (9)

标签 (3)

管理

管理

master

1

openEuler-20.03-LTS

openEuler-21.03

openEuler-20.03-LTS-Next

openEuler-20.03-LTS-SP1

openEuler-20.09

openEuler1.0

openEuler1.0-base

openEuler-20.09-20200929

openEuler-20.03-LTS-20200606

openEuler-20.03-LTS-tag

qt
/
CVE-2020-17507.patch

From 1a27a6cefbb457f2fb74159267835aaefb7c992d Mon Sep 17 00:00:00 2001
From: Dmitry Shachnev <[email protected]>
Date: Tue, 18 Aug 2020 16:16:57 +0300
Subject: [PATCH] Backport upstream patch to fix buffer overflow in XBMparser.

Closes: #968444, CVE-2020-17507.
---
 src/gui/image/qxbmhandler.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/gui/image/qxbmhandler.cpp b/src/gui/image/qxbmhandler.cpp
index 414e8233..7483b245 100644
--- a/src/gui/image/qxbmhandler.cpp
+++ b/src/gui/image/qxbmhandler.cpp
@@ -154,7 +154,9 @@ static bool read_xbm_body(QIODevice *device, int w, int h, QImage *outImage)
     w = (w+7)/8;                                // byte width

     while (y < h) {                                // for all encoded bytes...
-        if (p) {                                // p = "0x.."
+        if (p && p < (buf + readBytes - 3)) {                                // p = "0x.."
+	    if (!isxdigit(p[2]) || !isxdigit(p[3]))
+		return false;
             *b++ = hex2byte(p+2);
             p += 2;
             if (++x == w && ++y < h) {
--
2.23.0