diff options
Diffstat (limited to 'x11-libs/qt/files/qt-3.3.6-CVE-2006-4811.patch')
-rw-r--r-- | x11-libs/qt/files/qt-3.3.6-CVE-2006-4811.patch | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/x11-libs/qt/files/qt-3.3.6-CVE-2006-4811.patch b/x11-libs/qt/files/qt-3.3.6-CVE-2006-4811.patch new file mode 100644 index 000000000000..19c084023b16 --- /dev/null +++ b/x11-libs/qt/files/qt-3.3.6-CVE-2006-4811.patch @@ -0,0 +1,27 @@ +--- src/kernel/qpixmap_x11.cpp.josh 2006-10-13 23:30:27.000000000 -0400 ++++ src/kernel/qpixmap_x11.cpp 2006-10-14 00:31:01.000000000 -0400 +@@ -1758,6 +1758,12 @@ QPixmap QPixmap::xForm( const QWMatrix & + dbpl = ((w*bpp+31)/32)*4; + dbytes = dbpl*h; + ++ if (dbytes != (long long) dbpl*h) { // Integer overflow detection ++ QPixmap pm; ++ pm.data->bitmap = data->bitmap; ++ return pm; ++ } ++ + #if defined(QT_MITSHM) + if ( use_mitshm ) { + dptr = (uchar *)xshmimg->data; +@@ -1867,6 +1873,11 @@ QPixmap QPixmap::xForm( const QWMatrix & + sptr = (uchar *) axi->data; + bpp = axi->bits_per_pixel; + dbytes = dbpl * h; ++ if (dbytes != (long long) dbpl*h) { // Integer overflow detection ++ QPixmap pm; ++ pm.data->bitmap = data->bitmap; ++ return pm; ++ } + dptr = (uchar *) malloc(dbytes); + Q_CHECK_PTR( dptr ); + memset(dptr, 0, dbytes); |