> -----Original Message----- > From: Paul Eggleton [mailto:paul.eggle...@linux.intel.com] > Sent: Wednesday, June 18, 2014 6:06 PM > To: Huang, Jie (Jackie) > Cc: Zhu, Yanjun; openembedded-core@lists.openembedded.org > Subject: Re: [OE-core] [PATCH 2/2] qt4-4.8.6: fix CVE-2014-0190 > > Hi Jackie, > > On Wednesday 18 June 2014 05:41:31 jackie.hu...@windriver.com wrote: > > From: yzhu1 <yanjun....@windriver.com> > > > > The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to > > cause a denial of service (NULL pointer dereference) via invalid width > > and height values in a GIF image. > > Per: http://cwe.mitre.org/data/definitions/476.html > > > > CWE-476: NULL Pointer Dereference > > > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0190 > > Signed-off-by: yzhu1 <yanjun....@windriver.com> > > Signed-off-by: Jackie Huang <jackie.hu...@windriver.com> > > --- > > meta/recipes-qt/qt4/qt4-4.8.6.inc | 1 + > > .../qt4-4.8.6/qt4-4.8.6-fix-CVE-2014-0190.patch | 31 > > ++++++++++++++++++++++ 2 files changed, 32 insertions(+) > > create mode 100644 > > meta/recipes-qt/qt4/qt4-4.8.6/qt4-4.8.6-fix-CVE-2014-0190.patch > > > > diff --git a/meta/recipes-qt/qt4/qt4-4.8.6.inc > > b/meta/recipes-qt/qt4/qt4-4.8.6.inc index ae6692b..9db77c9 100644 > > --- a/meta/recipes-qt/qt4/qt4-4.8.6.inc > > +++ b/meta/recipes-qt/qt4/qt4-4.8.6.inc > > @@ -24,6 +24,7 @@ SRC_URI = > > "http://download.qt-project.org/official_releases/qt/4.8/${PV}/qt-ever > > file://0028-Don-t-crash-on-broken-GIF-images.patch \ > > file://g++.conf \ > > file://linux.conf \ > > + file://qt4-4.8.6-fix-CVE-2014-0190.patch \ > > " > > > > SRC_URI[md5sum] = "2edbe4d6c2eff33ef91732602f3518eb" > > diff --git > > a/meta/recipes-qt/qt4/qt4-4.8.6/qt4-4.8.6-fix-CVE-2014-0190.patch > > b/meta/recipes-qt/qt4/qt4-4.8.6/qt4-4.8.6-fix-CVE-2014-0190.patch new > > file mode 100644 index 0000000..b8baea8 > > --- /dev/null > > +++ b/meta/recipes-qt/qt4/qt4-4.8.6/qt4-4.8.6-fix-CVE-2014-0190.patch > > @@ -0,0 +1,31 @@ > > +Upstream-status: Pending > > +Don't crash on broken GIF images > > + > > +Broken GIF images could set invalid width and height values inside > > +the image, leading to Qt creating a null QImage for it. In that case > > +we need to abort decoding the image and return an error. > > + > > +Initial patch by Rich Moore. > > + > > +Task-number: QTBUG-38367 > > +Change-Id: Id82a4036f478bd6e49c402d6598f57e7e5bb5e1e > > +Security-advisory: CVE-2014-0190 > > +Reviewed-by: Richard J. Moore <r...@kde.org> > > + > > +--- a/src/gui/image/qgifhandler.cpp > > ++++ b/src/gui/image/qgifhandler.cpp > > +@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage *image, co > > + memset(bits, 0, image->byteCount()); > > + } > > + > > ++ // Check if the previous attempt to create the image > > failed. If it ++ // did then the image is broken and we > > should give up. ++ if (image->isNull()) { > > ++ state = Error; > > ++ return -1; > > ++ } > > ++ > > + disposePrevious(image); > > + disposed = false; > > + > > This upstream patch is already being applied within the recipe - see > 0028-Don-t-crash-on-broken-GIF- > images.patch.
Sorry I didn't notice it, thanks for pointing out and please ignore this. Thanks, Jackie > > Cheers, > Paul > > -- > > Paul Eggleton > Intel Open Source Technology Centre -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
