package/qt/qt5/CVE-2021-3481.patch

   1 # --- T2-COPYRIGHT-NOTE-BEGIN ---
   2 # T2 SDE: package/*/qt5/CVE-2021-3481.patch
   3 # Copyright (C) 2021 - 2022 The T2 SDE Project
   4 #
   5 # This Copyright note is generated by scripts/Create-CopyPatch,
   6 # more information can be found in the files COPYING and README.
   7 #
   8 # This patch file is dual-licensed. It is available under the license the
   9 # patched project is licensed under, as long as it is an OpenSource license
  10 # as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
  11 # of the GNU General Public License version 2 as used by the T2 SDE.
  12 # --- T2-COPYRIGHT-NOTE-END ---
  13
  14 diff -Naur a/qtsvg/src/svg/qsvghandler.cpp b/qtsvg/src/svg/qsvghandler.cpp
  15 --- a/qtsvg/src/svg/qsvghandler.cpp     2020-10-27 08:02:11.000000000 +0000
  16 +++ b/qtsvg/src/svg/qsvghandler.cpp     2021-06-18 23:16:47.263564883 +0100
  17 @@ -65,6 +65,7 @@
  18  #include "private/qmath_p.h"
  19
  20  #include "float.h"
  21 +#include <cmath>
  22
  23  QT_BEGIN_NAMESPACE
  24
  25 @@ -672,6 +673,9 @@
  26              val = -val;
  27      } else {
  28          val = QByteArray::fromRawData(temp, pos).toDouble();
  29 +        // Do not tolerate values too wild to be represented normally by floats
  30 +        if (qFpClassify(float(val)) != FP_NORMAL)
  31 +            val = 0;
  32      }
  33      return val;
  34
  35 @@ -3043,6 +3047,8 @@
  36          ncy = toDouble(cy);
  37      if (!r.isEmpty())
  38          nr = toDouble(r);
  39 +    if (nr < 0.5)
  40 +        nr = 0.5;
  41
  42      qreal nfx = ncx;
  43      if (!fx.isEmpty())