Package: qtbase-opensource-src / 5.14.2+dfsg-6

CVE-2020-17507.diff Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Description: fix buffer overflow in XBM parser
Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=1616c71921b73b22
Last-Update: 2020-08-18

--- a/src/gui/image/qxbmhandler.cpp
+++ b/src/gui/image/qxbmhandler.cpp
@@ -159,7 +159,9 @@ static bool read_xbm_body(QIODevice *dev
     w = (w+7)/8;                                // byte width
 
     while (y < h) {                                // for all encoded bytes...
-        if (p) {                                // p = "0x.."
+        if (p && p < (buf + readBytes - 3)) {      // p = "0x.."
+            if (!isxdigit(p[2]) || !isxdigit(p[3]))
+                return false;
             *b++ = hex2byte(p+2);
             p += 2;
             if (++x == w && ++y < h) {