diff options
author | Fathi Boudra <fabo@debian.org> | 2011-09-16 01:00:47 +0300 |
---|---|---|
committer | Fathi Boudra <fabo@debian.org> | 2011-09-16 01:00:47 +0300 |
commit | 3bb88ab986d7ed8e1857fdf80d59e77d2663ab59 (patch) | |
tree | e82d12c83dd150ea9d8df82e4644d45221bcbfd8 | |
parent | f49fe52f44aa57e9af45920cd6f541d50db210da (diff) | |
download | qt4-x11-3bb88ab986d7ed8e1857fdf80d59e77d2663ab59.tar.gz |
Add Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch
-rw-r--r-- | debian/changelog | 2 | ||||
-rw-r--r-- | debian/patches/Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch | 26 | ||||
-rw-r--r-- | debian/patches/series | 1 |
3 files changed, 29 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index af3b165..047447c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -15,6 +15,8 @@ qt4-x11 (4:4.7.4-1) UNRELEASED; urgency=low * Add patches: - qt-multiarch-plugin-path-compat.diff - include legacy pre-multiarch plugin path. + - Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch + (Closes: #641738) * Break qdbus out into a separate 'qdbus' package and make it a dependency of libqt4-dbus, because some things will use this at runtime. It makes libqt4-dbus genuinely multiarch-installable. diff --git a/debian/patches/Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch b/debian/patches/Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch new file mode 100644 index 0000000..433cb1e --- /dev/null +++ b/debian/patches/Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch @@ -0,0 +1,26 @@ +From 9ae6f2f9a57f0c3096d5785913e437953fa6775c Mon Sep 17 00:00:00 2001 +From: Jiang Jiang <jiang.jiang@nokia.com> +Date: Mon, 18 Jul 2011 08:49:32 +0200 +Subject: [PATCH] Check for buffer overflow in Lookup_MarkMarkPos + +That may cause crash in this function with certain fonts. + +Task-number: QTBUG-17238 +Done-by: Alberto Garcia <agarcia@igalia.com> +Reviewed-by: Jiang Jiang +--- + src/3rdparty/harfbuzz/src/harfbuzz-gpos.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/src/3rdparty/harfbuzz/src/harfbuzz-gpos.c ++++ b/src/3rdparty/harfbuzz/src/harfbuzz-gpos.c +@@ -3015,6 +3015,9 @@ static HB_Error Lookup_MarkMarkPos( GPO + if ( i > buffer->in_pos ) + return HB_Err_Not_Covered; + ++ if ( i > buffer->in_pos ) ++ return HB_Err_Not_Covered; ++ + error = _HB_OPEN_Coverage_Index( &mmp->Mark2Coverage, IN_GLYPH( j ), + &mark2_index ); + if ( error ) diff --git a/debian/patches/series b/debian/patches/series index 861f066..5594f33 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -10,6 +10,7 @@ Add_support_for_QT_USE_DRAG_DISTANCE_env_var.patch Fixed_bug_in_X11_backend_when_creating_translucent_windows.patch Take_Xft.hintstyle_by_default_to_match_the_behavior_of_GTK+.patch Fix_fontconfig_usage_in_X11_font_database.patch +Check_for_buffer_overflow_in_Lookup_MarkMarkPos_CVE-2011-3193.patch # qt-copy patches 0195-compositing-properties.diff |