head 1.3; access; symbols pkgsrc-2022Q1:1.1.0.10 pkgsrc-2022Q1-base:1.1 pkgsrc-2021Q4:1.1.0.8 pkgsrc-2021Q4-base:1.1 pkgsrc-2021Q3:1.1.0.6 pkgsrc-2021Q3-base:1.1 pkgsrc-2021Q2:1.1.0.4 pkgsrc-2021Q2-base:1.1 pkgsrc-2021Q1:1.1.0.2 pkgsrc-2021Q1-base:1.1; locks; strict; comment @// @; 1.3 date 2022.06.04.06.07.27; author adam; state dead; branches; next 1.2; commitid C1lyqqAH3BtxzGGD; 1.2 date 2022.04.18.11.18.17; author adam; state Exp; branches; next 1.1; commitid ZUHidazvMzjhNFAD; 1.1 date 2021.03.20.00.44.01; author gutteridge; state Exp; branches; next ; commitid e5FsJyYIGHQDXYLC; desc @@ 1.3 log @qt5: updated to 5.15.4 5.15.4 Bug fixes @ text @$NetBSD: patch-src_svg_qsvghandler.cpp,v 1.2 2022/04/18 11:18:17 adam Exp $ Fix out of bounds read in function QRadialFetchSimd from crafted svg file. https://bugreports.qt.io/browse/QTBUG-91507 --- src/svg/qsvghandler.cpp.orig 2021-03-18 12:54:01.000000000 +0000 +++ src/svg/qsvghandler.cpp @@@@ -3046,6 +3046,8 @@@@ static QSvgStyleProperty *createRadialGr ncy = toDouble(cy); if (!r.isEmpty()) nr = toDouble(r); + if (nr < 0.5) + nr = 0.5; qreal nfx = ncx; if (!fx.isEmpty()) @ 1.2 log @qt5: updated to 5.15.3 5.15.3: Bug fix, LTS, release. qt5-qtwebengine patches courtesy of @@markd. @ text @d1 1 a1 1 $NetBSD: patch-src_svg_qsvghandler.cpp,v 1.1 2021/03/20 00:44:01 gutteridge Exp $ @ 1.1 log @qt5-qtsvg: add a security fix from upstream This doesn't have a CVE assigned (yet); it's listed as a security fix in Red Hat errata, etc. (https://bugzilla.redhat.com/show_bug.cgi?id=1931444) @ text @d1 1 a1 1 $NetBSD$ d6 1 a6 1 --- src/svg/qsvghandler.cpp.orig 2020-10-27 08:02:11.000000000 +0000 d8 1 a8 11 @@@@ -672,6 +672,9 @@@@ static qreal toDouble(const QChar *&str) val = -val; } else { val = QByteArray::fromRawData(temp, pos).toDouble(); + // Do not tolerate values too wild to be represented normally by floats + if (std::fpclassify(float(val)) != FP_NORMAL) + val = 0; } return val; @@@@ -3043,6 +3046,8 @@@@ static QSvgStyleProperty *createRadialGr @