diff options
| author | Raphael Kubo da Costa <rakuco@FreeBSD.org> | 2014-07-20 17:09:20 +0000 |
|---|---|---|
| committer | Raphael Kubo da Costa <rakuco@FreeBSD.org> | 2014-07-20 17:09:20 +0000 |
| commit | 1808f72dc448d7767e0e20e99eb378082cf4e44c (patch) | |
| tree | b315f095391324b767802077e731ef7ee294a4a5 /graphics/qt4-imageformats | |
| parent | 37219f17a8ab0a6981b0e90ceb3ccd995913f051 (diff) | |
Notes
Diffstat (limited to 'graphics/qt4-imageformats')
| -rw-r--r-- | graphics/qt4-imageformats/Makefile | 1 | ||||
| -rw-r--r-- | graphics/qt4-imageformats/files/patch-CVE-2014-0190 | 38 |
2 files changed, 39 insertions, 0 deletions
diff --git a/graphics/qt4-imageformats/Makefile b/graphics/qt4-imageformats/Makefile index 8088c2eea1d6..fc1ebdde1c61 100644 --- a/graphics/qt4-imageformats/Makefile +++ b/graphics/qt4-imageformats/Makefile @@ -3,6 +3,7 @@ PORTNAME= imageformats DISTVERSION= ${QT4_VERSION} +PORTREVISION= 1 CATEGORIES= graphics PKGNAMEPREFIX= qt4- diff --git a/graphics/qt4-imageformats/files/patch-CVE-2014-0190 b/graphics/qt4-imageformats/files/patch-CVE-2014-0190 new file mode 100644 index 000000000000..46e2e0e104c2 --- /dev/null +++ b/graphics/qt4-imageformats/files/patch-CVE-2014-0190 @@ -0,0 +1,38 @@ +commit f1b76c126c476c155af8c404b97c42cd1a709333 +Author: Lars Knoll <lars.knoll@digia.com> +Date: Thu Apr 24 15:33:27 2014 +0200 + + Don't crash on broken GIF images + + Broken GIF images could set invalid width and height + values inside the image, leading to Qt creating a null + QImage for it. In that case we need to abort decoding + the image and return an error. + + Initial patch by Rich Moore. + + Backport of Id82a4036f478bd6e49c402d6598f57e7e5bb5e1e from Qt 5 + + Task-number: QTBUG-38367 + Change-Id: I0680740018aaa8356d267b7af3f01fac3697312a + Security-advisory: CVE-2014-0190 + Reviewed-by: Richard J. Moore <rich@kde.org> + +diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp +index 3324f04..5199dd3 100644 +--- src/gui/image/qgifhandler.cpp ++++ src/gui/image/qgifhandler.cpp +@@ -359,6 +359,13 @@ int QGIFFormat::decode(QImage *image, const uchar *buffer, int length, + memset(bits, 0, image->byteCount()); + } + ++ // Check if the previous attempt to create the image failed. If it ++ // did then the image is broken and we should give up. ++ if (image->isNull()) { ++ state = Error; ++ return -1; ++ } ++ + disposePrevious(image); + disposed = false; + |