pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/x11/qt5-qtbase SECURITY: Fix a division by zero when p...
details: https://anonhg.NetBSD.org/pkgsrc/rev/7adaad0750fc
branches: trunk
changeset: 649026:7adaad0750fc
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Sat Mar 28 17:04:50 2015 +0000
description:
SECURITY: Fix a division by zero when processing malformed BMP files.
This fixes a division by 0 when processing a maliciously crafted BMP
file. No impact beyond DoS.
PKGREVISION++.
diffstat:
x11/qt5-qtbase/Makefile | 3 +-
x11/qt5-qtbase/distinfo | 3 +-
x11/qt5-qtbase/patches/patch-src_gui_image_qbmphandler.cpp | 30 ++++++++++++++
3 files changed, 34 insertions(+), 2 deletions(-)
diffs (64 lines):
diff -r 8690ee593688 -r 7adaad0750fc x11/qt5-qtbase/Makefile
--- a/x11/qt5-qtbase/Makefile Sat Mar 28 15:23:14 2015 +0000
+++ b/x11/qt5-qtbase/Makefile Sat Mar 28 17:04:50 2015 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.17 2015/02/19 14:26:21 joerg Exp $
+# $NetBSD: Makefile,v 1.18 2015/03/28 17:04:50 bsiegert Exp $
DISTNAME= qtbase-opensource-src-${QTVERSION}
PKGNAME= qt5-qtbase-${QTVERSION}
+PKGREVISION= 1
COMMENT= C++ X GUI toolkit
.include "../../x11/qt5-qtbase/Makefile.common"
diff -r 8690ee593688 -r 7adaad0750fc x11/qt5-qtbase/distinfo
--- a/x11/qt5-qtbase/distinfo Sat Mar 28 15:23:14 2015 +0000
+++ b/x11/qt5-qtbase/distinfo Sat Mar 28 17:04:50 2015 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.16 2015/02/14 22:12:34 nros Exp $
+$NetBSD: distinfo,v 1.17 2015/03/28 17:04:50 bsiegert Exp $
SHA1 (qtbase-opensource-src-5.4.0.tar.xz) = 2e3d32f32e36a92782ca66c260940824746900bd
RMD160 (qtbase-opensource-src-5.4.0.tar.xz) = 0df3e024b331c705e895fb5bb76cacd71c6e4909
@@ -19,6 +19,7 @@
SHA1 (patch-src_corelib_io_io.pri) = c4bb37370849bfbc994809825ff94090d71a7116
SHA1 (patch-src_corelib_io_qfilesystemwatcher.cpp) = 7732cae95975af17e0618667b979c3b84d51adae
SHA1 (patch-src_corelib_io_qstorageinfo_unix.cpp) = 271f12fc32ffea7c72e62e8add20abf6939b275a
+SHA1 (patch-src_gui_image_qbmphandler.cpp) = 1e540711365f056657100ec84b22789e60443c98
SHA1 (patch-src_network_kernel_qhostinfo__unix.cpp) = 0335273353daa7c980ccb4febb6eed11b452e50d
SHA1 (patch-src_platformsupport_platformsupport.pro) = 2aa60936578458cf241ca893771897f7d34fe081
SHA1 (patch-src_plugins_platforminputcontexts_compose_compose.pro) = 86f828bd545fe53c626fde0a645213077b88ef64
diff -r 8690ee593688 -r 7adaad0750fc x11/qt5-qtbase/patches/patch-src_gui_image_qbmphandler.cpp
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/qt5-qtbase/patches/patch-src_gui_image_qbmphandler.cpp Sat Mar 28 17:04:50 2015 +0000
@@ -0,0 +1,30 @@
+$NetBSD: patch-src_gui_image_qbmphandler.cpp,v 1.1 2015/03/28 17:04:50 bsiegert Exp $
+https://codereview.qt-project.org/#/c/106929/4
+
+Fix a division by zero when processing malformed BMP files.
+
+This fixes a division by 0 when processing a maliciously crafted BMP
+file. No impact beyond DoS.
+--- src/gui/image/qbmphandler.cpp.orig 2015-03-24 21:58:44.000000000 +0000
++++ src/gui/image/qbmphandler.cpp
+@@ -314,12 +314,20 @@ static bool read_dib_body(QDataStream &s
+ }
+ } else if (comp == BMP_BITFIELDS && (nbits == 16 || nbits == 32)) {
+ red_shift = calc_shift(red_mask);
++ if (((red_mask >> red_shift) + 1) == 0)
++ return false;
+ red_scale = 256 / ((red_mask >> red_shift) + 1);
+ green_shift = calc_shift(green_mask);
++ if (((green_mask >> green_shift) + 1) == 0)
++ return false;
+ green_scale = 256 / ((green_mask >> green_shift) + 1);
+ blue_shift = calc_shift(blue_mask);
++ if (((blue_mask >> blue_shift) + 1) == 0)
++ return false;
+ blue_scale = 256 / ((blue_mask >> blue_shift) + 1);
+ alpha_shift = calc_shift(alpha_mask);
++ if (((alpha_mask >> alpha_shift) + 1) == 0)
++ return false;
+ alpha_scale = 256 / ((alpha_mask >> alpha_shift) + 1);
+ } else if (comp == BMP_RGB && (nbits == 24 || nbits == 32)) {
+ blue_mask = 0x000000ff;
Home |
Main Index |
Thread Index |
Old Index