qt5-qtsvg: add a security fix from upstream

This doesn't have a CVE assigned (yet); it's listed as a security fix
in Red Hat errata, etc. (https://bugzilla.redhat.com/show_bug.cgi?id=1931444)

3 files changed, 30 insertions, 3 deletions

diff --git a/x11/qt5-qtsvg/Makefile b/x11/qt5-qtsvg/Makefile
index e81dd74949f..8a77492e251 100644
--- a/x11/qt5-qtsvg/Makefile
+++ b/x11/qt5-qtsvg/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.49 2020/11/29 22:33:23 dbj Exp $
+# $NetBSD: Makefile,v 1.50 2021/03/20 00:44:01 gutteridge Exp $
 
 DISTNAME=	qtsvg-everywhere-src-${QTVERSION}
 PKGNAME=	qt5-qtsvg-${QTVERSION}
-PKGREVISION=	1
+PKGREVISION=	2
 COMMENT=	Qt5 module for SVG
 
 BUILD_TARGET=		sub-src
diff --git a/x11/qt5-qtsvg/distinfo b/x11/qt5-qtsvg/distinfo
index d9330e779cb..08c26ae4f23 100644
--- a/x11/qt5-qtsvg/distinfo
+++ b/x11/qt5-qtsvg/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.20 2020/11/21 11:22:34 adam Exp $
+$NetBSD: distinfo,v 1.21 2021/03/20 00:44:01 gutteridge Exp $
 
 SHA1 (qtsvg-everywhere-src-5.15.2.tar.xz) = 08531b47924078cbde6dfbf56da83651d58f6a13
 RMD160 (qtsvg-everywhere-src-5.15.2.tar.xz) = 39c8cf9d5a9de89a46b5fd41c0416504cf32478c
 SHA512 (qtsvg-everywhere-src-5.15.2.tar.xz) = 101e9c8fc05b1bb9c4e869564bff8e5723dd35f0ef557185e56e9dc12fdce74c531522c9642cdff639900eccf7ed0e04bfa48142741259697dded990fb481730
 Size (qtsvg-everywhere-src-5.15.2.tar.xz) = 1886268 bytes
+SHA1 (patch-src_svg_qsvghandler.cpp) = a5148ae6caf1b2db9cc4a6f4de9967747c0a3932
diff --git a/x11/qt5-qtsvg/patches/patch-src_svg_qsvghandler.cpp b/x11/qt5-qtsvg/patches/patch-src_svg_qsvghandler.cpp
new file mode 100644
index 00000000000..8a191cb4de5
--- /dev/null
+++ b/x11/qt5-qtsvg/patches/patch-src_svg_qsvghandler.cpp
@@ -0,0 +1,26 @@
+$NetBSD: patch-src_svg_qsvghandler.cpp,v 1.1 2021/03/20 00:44:01 gutteridge Exp $
+
+Fix out of bounds read in function QRadialFetchSimd from crafted svg file.
+https://bugreports.qt.io/browse/QTBUG-91507
+
+--- src/svg/qsvghandler.cpp.orig	2020-10-27 08:02:11.000000000 +0000
++++ src/svg/qsvghandler.cpp
+@@ -672,6 +672,9 @@ static qreal toDouble(const QChar *&str)
+             val = -val;
+     } else {
+         val = QByteArray::fromRawData(temp, pos).toDouble();
++        // Do not tolerate values too wild to be represented normally by floats
++        if (std::fpclassify(float(val)) != FP_NORMAL)
++            val = 0;
+     }
+     return val;
+ 
+@@ -3043,6 +3046,8 @@ static QSvgStyleProperty *createRadialGr
+         ncy = toDouble(cy);
+     if (!r.isEmpty())
+         nr = toDouble(r);
++    if (nr < 0.5)
++        nr = 0.5;
+ 
+     qreal nfx = ncx;
+     if (!fx.isEmpty())