[gentoo-commits] proj/qt:master commit in: dev-qt/qtgui/, dev-qt/qtgui/files/

Mon, 16 Mar 2015 09:28:56 -0700 

commit:     04813ef4c2153cb4e91af61b48561f15909527c8
Author:     Michael Palimaka <kensington <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 16 16:28:02 2015 +0000
Commit:     Michael Palimaka <kensington <AT> gentoo <DOT> org>
CommitDate: Mon Mar 16 16:28:02 2015 +0000
URL:        https://gitweb.gentoo.org/proj/qt.git/commit/?id=04813ef4

[dev-qt/qtgui] Backport patch from upstream to solve CVE-2015-0295 wrt bug 
#541972.

Package-Manager: portage-2.2.17

 dev-qt/qtgui/files/qtgui-5.4.1-CVE-2015-0295.patch | 43 ++++++++++++++++++++++
 dev-qt/qtgui/qtgui-5.4.9999.ebuild                 |  2 +
 2 files changed, 45 insertions(+)

diff --git a/dev-qt/qtgui/files/qtgui-5.4.1-CVE-2015-0295.patch 
b/dev-qt/qtgui/files/qtgui-5.4.1-CVE-2015-0295.patch
new file mode 100644
index 0000000..35c4538
--- /dev/null
+++ b/dev-qt/qtgui/files/qtgui-5.4.1-CVE-2015-0295.patch
@@ -0,0 +1,43 @@
+From 661f6bfd032dacc62841037732816a583640e187 Mon Sep 17 00:00:00 2001
+From: "Richard J. Moore" <r...@kde.org>
+Date: Sat, 21 Feb 2015 17:43:21 +0000
+Subject: [PATCH] Fix a division by zero when processing malformed BMP files.
+
+This fixes a division by 0 when processing a maliciously crafted BMP
+file. No impact beyond DoS.
+
+Task-number: QTBUG-44547
+Change-Id: Ifcded2c0aa712e90d23e6b3969af0ec3add53973
+Reviewed-by: Thiago Macieira <thiago.macie...@intel.com>
+Reviewed-by: Oswald Buddenhagen <oswald.buddenha...@theqtcompany.com>
+---
+ src/gui/image/qbmphandler.cpp | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/gui/image/qbmphandler.cpp b/src/gui/image/qbmphandler.cpp
+index 21c1a2f..df66499 100644
+--- a/src/gui/image/qbmphandler.cpp
++++ b/src/gui/image/qbmphandler.cpp
+@@ -314,12 +314,20 @@ static bool read_dib_body(QDataStream &s, const 
BMP_INFOHDR &bi, int offset, int
+         }
+     } else if (comp == BMP_BITFIELDS && (nbits == 16 || nbits == 32)) {
+         red_shift = calc_shift(red_mask);
++        if (((red_mask >> red_shift) + 1) == 0)
++            return false;
+         red_scale = 256 / ((red_mask >> red_shift) + 1);
+         green_shift = calc_shift(green_mask);
++        if (((green_mask >> green_shift) + 1) == 0)
++            return false;
+         green_scale = 256 / ((green_mask >> green_shift) + 1);
+         blue_shift = calc_shift(blue_mask);
++        if (((blue_mask >> blue_shift) + 1) == 0)
++            return false;
+         blue_scale = 256 / ((blue_mask >> blue_shift) + 1);
+         alpha_shift = calc_shift(alpha_mask);
++        if (((alpha_mask >> alpha_shift) + 1) == 0)
++            return false;
+         alpha_scale = 256 / ((alpha_mask >> alpha_shift) + 1);
+     } else if (comp == BMP_RGB && (nbits == 24 || nbits == 32)) {
+         blue_mask = 0x000000ff;
+-- 
+2.0.5
\ No newline at end of file

diff --git a/dev-qt/qtgui/qtgui-5.4.9999.ebuild 
b/dev-qt/qtgui/qtgui-5.4.9999.ebuild
index 2f62794..0618208 100644
--- a/dev-qt/qtgui/qtgui-5.4.9999.ebuild
+++ b/dev-qt/qtgui/qtgui-5.4.9999.ebuild
@@ -69,6 +69,8 @@ PDEPEND="
        ibus? ( app-i18n/ibus )
 "
 
+PATCHES=( "${FILESDIR}/${PN}-5.4.1-CVE-2015-0295.patch" )
+
 QT5_TARGET_SUBDIRS=(
        src/gui
        src/platformheaders

Reply via email to