1 files changed, 27 insertions, 0 deletions

diff --git a/x11-libs/qt/files/qt-3.3.6-CVE-2006-4811.patch b/x11-libs/qt/files/qt-3.3.6-CVE-2006-4811.patch
new file mode 100644
index 000000000000..19c084023b16
--- /dev/null
+++ b/x11-libs/qt/files/qt-3.3.6-CVE-2006-4811.patch
@@ -0,0 +1,27 @@
+--- src/kernel/qpixmap_x11.cpp.josh	2006-10-13 23:30:27.000000000 -0400
++++ src/kernel/qpixmap_x11.cpp	2006-10-14 00:31:01.000000000 -0400
+@@ -1758,6 +1758,12 @@ QPixmap QPixmap::xForm( const QWMatrix &
+ 	dbpl = ((w*bpp+31)/32)*4;
+     dbytes = dbpl*h;
+ 
++    if (dbytes != (long long) dbpl*h) { // Integer overflow detection
++        QPixmap pm;
++        pm.data->bitmap = data->bitmap;
++        return pm;
++    }
++
+ #if defined(QT_MITSHM)
+     if ( use_mitshm ) {
+ 	dptr = (uchar *)xshmimg->data;
+@@ -1867,6 +1873,11 @@ QPixmap QPixmap::xForm( const QWMatrix &
+ 		sptr = (uchar *) axi->data;
+ 		bpp  = axi->bits_per_pixel;
+ 		dbytes = dbpl * h;
++                if (dbytes != (long long) dbpl*h) { // Integer overflow detection
++                    QPixmap pm;
++                    pm.data->bitmap = data->bitmap;
++                    return pm;
++                }
+ 		dptr = (uchar *) malloc(dbytes);
+ 		Q_CHECK_PTR( dptr );
+ 		memset(dptr, 0, dbytes);