Hello community, here is the log from the commit of package libqt4 for openSUSE:Factory checked in at 2015-05-10 10:44:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libqt4 (Old) and /work/SRC/openSUSE:Factory/.libqt4.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libqt4" Changes: -------- --- /work/SRC/openSUSE:Factory/libqt4/libqt4-devel-doc.changes 2015-05-07 09:21:14.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libqt4.new/libqt4-devel-doc.changes 2015-05-10 10:44:25.000000000 +0200 @@ -1,0 +2,17 @@ +Thu May 7 10:50:00 UTC 2015 - [email protected] + +- add 0001-Fixes-crash-in-gif-image-decoder.patch, + 0002-Fixes-crash-in-bmp-and-ico-image-decoding.patch + (bnc#927806, bnc#927807, bnc#927808, + CVE-2015-1858, CVE-2015-1859, CVE-2015-1860) +- add 0001-Don-t-leak-RENDER-Pictures-in-QPixmap-paintEngine.patch +- add 0001-Fix-DateTime-with-recent-versions-of-tzdata.patch +- add 0001-Fix-crash-when-deleting-top-level-windows-embedded-i.patch +- add 0001-Ignore-expired-certificate-during-certificate-valida.patch +- add 0001-Memory-and-file-descriptor-leak-in-QFontCache.patch +- add 0001-QDbus-Fix-a-b-comparison.patch +- add 0001-QDeclarativeTextEdit-fix-use-of-uninitialised-value.patch +- add 0001-QPdf-addImage-avoid-a-QImage-detach-when-it-s-in-an-.patch +- add 0001-QSslCertificate-blacklist-NIC-certificates-from-Indi.patch + +------------------------------------------------------------------- libqt4-sql-plugins.changes: same change libqt4.changes: same change New: ---- 0001-Don-t-leak-RENDER-Pictures-in-QPixmap-paintEngine.patch 0001-Fix-DateTime-with-recent-versions-of-tzdata.patch 0001-Fix-crash-when-deleting-top-level-windows-embedded-i.patch 0001-Fixes-crash-in-gif-image-decoder.patch 0001-Ignore-expired-certificate-during-certificate-valida.patch 0001-Memory-and-file-descriptor-leak-in-QFontCache.patch 0001-QDbus-Fix-a-b-comparison.patch 0001-QDeclarativeTextEdit-fix-use-of-uninitialised-value.patch 0001-QPdf-addImage-avoid-a-QImage-detach-when-it-s-in-an-.patch 0001-QSslCertificate-blacklist-NIC-certificates-from-Indi.patch 0002-Fixes-crash-in-bmp-and-ico-image-decoding.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libqt4-devel-doc.spec ++++++ --- /var/tmp/diff_new_pack.xmJBlO/_old 2015-05-10 10:44:29.000000000 +0200 +++ /var/tmp/diff_new_pack.xmJBlO/_new 2015-05-10 10:44:29.000000000 +0200 @@ -119,6 +119,17 @@ Patch166: fix-detection-of-GCC5.patch Patch167: fix-a-division-by-zero.patch Patch168: fix-upload-corruptions-when-server-closes-connection.patch +Patch169: 0001-Fixes-crash-in-gif-image-decoder.patch +Patch170: 0002-Fixes-crash-in-bmp-and-ico-image-decoding.patch +Patch171: 0001-Don-t-leak-RENDER-Pictures-in-QPixmap-paintEngine.patch +Patch172: 0001-Fix-crash-when-deleting-top-level-windows-embedded-i.patch +Patch173: 0001-QDbus-Fix-a-b-comparison.patch +Patch174: 0001-Memory-and-file-descriptor-leak-in-QFontCache.patch +Patch175: 0001-QSslCertificate-blacklist-NIC-certificates-from-Indi.patch +Patch176: 0001-QPdf-addImage-avoid-a-QImage-detach-when-it-s-in-an-.patch +Patch177: 0001-Fix-DateTime-with-recent-versions-of-tzdata.patch +Patch178: 0001-QDeclarativeTextEdit-fix-use-of-uninitialised-value.patch +Patch179: 0001-Ignore-expired-certificate-during-certificate-valida.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %define common_options --opensource -fast -no-separate-debug-info -shared -xkb -openssl-linked -xrender -xcursor -dbus-linked -xfixes -xrandr -xinerama -sm -no-nas-sound -no-rpath -system-libjpeg -system-libpng -accessibility -cups -stl -nis -system-zlib -prefix /usr -L %{_libdir} -libdir %{_libdir} -docdir %_docdir/%{base_name} -examplesdir %{_libdir}/qt4/examples -demosdir %{_libdir}/qt4/demos -plugindir %plugindir -translationdir %{_datadir}/qt4/translations -iconv -sysconfdir /etc/settings -datadir %{_datadir}/qt4/ -no-pch -reduce-relocations -exceptions -system-libtiff -glib -optimized-qmake -no-webkit -no-xmlpatterns -system-sqlite -qt3support -no-sql-mysql -importdir %plugindir/imports -xsync -xinput -gtkstyle @@ -206,6 +217,17 @@ %patch166 -p1 %patch167 -p1 %patch168 -p1 +%patch169 -p1 +%patch170 -p1 +%patch171 -p1 +%patch172 -p1 +%patch173 -p1 +%patch174 -p1 +%patch175 -p1 +%patch176 -p1 +%patch177 -p1 +%patch178 -p1 +%patch179 -p1 # be sure not to use them rm -rf src/3rdparty/{libjpeg,freetype,libpng,zlib,libtiff,fonts} libqt4-sql-plugins.spec: same change libqt4.spec: same change ++++++ 0001-Don-t-leak-RENDER-Pictures-in-QPixmap-paintEngine.patch ++++++ >From 2b7758a8763a8fe6ca13a2f04e0137df79c849d2 Mon Sep 17 00:00:00 2001 From: "Pierre-Loup A. Griffais" <[email protected]> Date: Fri, 17 May 2013 20:18:01 -0700 Subject: [PATCH] Don't leak RENDER Pictures in QPixmap::paintEngine(). Qt 5 doesn't use serverside pixmaps, so doesn't need this patch. Change-Id: I5ad456679efd3706582dd1e6ca8e6b4404298739 Reviewed-by: Laszlo Agocs <[email protected]> Reviewed-by: Shawn Rutledge <[email protected]> --- src/gui/image/qpixmap_x11.cpp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/gui/image/qpixmap_x11.cpp b/src/gui/image/qpixmap_x11.cpp index 45cf31f..b3bdf65 100644 --- a/src/gui/image/qpixmap_x11.cpp +++ b/src/gui/image/qpixmap_x11.cpp @@ -2207,10 +2207,12 @@ QPaintEngine* QX11PixmapData::paintEngine() const ::Pixmap hd_copy = XCreatePixmap(X11->display, RootWindow(X11->display, xinfo.screen()), w, h, d); #if !defined(QT_NO_XRENDER) - XRenderPictFormat *format = qt_renderformat_for_depth(xinfo, d); - ::Picture picture_copy = XRenderCreatePicture(X11->display, hd_copy, format, 0, 0); - if (picture && d == 32) { + XRenderPictFormat *format = qt_renderformat_for_depth(xinfo, d); + ::Picture picture_copy = XRenderCreatePicture(X11->display, + hd_copy, format, + 0, 0); + XRenderComposite(X11->display, PictOpSrc, picture, 0, picture_copy, 0, 0, 0, 0, 0, 0, w, h); XRenderFreePicture(X11->display, picture); -- 2.0.4 ++++++ 0001-Fix-DateTime-with-recent-versions-of-tzdata.patch ++++++ ++++ 947 lines (skipped) ++++++ 0001-Fix-crash-when-deleting-top-level-windows-embedded-i.patch ++++++ >From 01fd1edbb074b26a054bb545ffed979100f6be12 Mon Sep 17 00:00:00 2001 From: Friedemann Kleint <[email protected]> Date: Mon, 14 Apr 2014 17:02:42 +0200 Subject: [PATCH] Fix crash when deleting top level windows embedded into QGraphicsProxyWidget. Clear proxyWidget pointer in slot QGraphicsProxyWidgetPrivate::_q_removeWidgetSlot(). Task-number: QTBUG-29684 Task-number: QTBUG-33213 Change-Id: Ibdbd52aa810ca908e3d98daa00954345e7a93a48 Reviewed-by: Andreas Aardal Hanssen <[email protected]> (cherry picked from qtbase/ff2dbe609ef4482d66d1ecd135b4f53f6aff7e60) --- src/gui/graphicsview/qgraphicsproxywidget.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/gui/graphicsview/qgraphicsproxywidget.cpp b/src/gui/graphicsview/qgraphicsproxywidget.cpp index e9bbf04..b3ea09c 100644 --- a/src/gui/graphicsview/qgraphicsproxywidget.cpp +++ b/src/gui/graphicsview/qgraphicsproxywidget.cpp @@ -412,6 +412,10 @@ QWidget *QGraphicsProxyWidgetPrivate::findFocusChild(QWidget *child, bool next) void QGraphicsProxyWidgetPrivate::_q_removeWidgetSlot() { Q_Q(QGraphicsProxyWidget); + if (!widget.isNull()) { + if (QWExtra *extra = widget->d_func()->extra) + extra->proxyWidget = 0; + } widget = 0; delete q; } -- 2.0.4 ++++++ 0001-Fixes-crash-in-gif-image-decoder.patch ++++++ >From a1cf194c54be57d6ab55dfd26b9562a60532208e Mon Sep 17 00:00:00 2001 From: Eirik Aavitsland <[email protected]> Date: Wed, 11 Mar 2015 09:00:41 +0100 Subject: [PATCH] Fixes crash in gif image decoder Fuzzing test revealed that for certain malformed gif files, qgifhandler would segfault. Change-Id: I5bb6f60e1c61849e0d8c735edc3869945e5331c1 (cherry picked from qtbase/ea2c5417fcd374302f5019e67f72af5facbd29f6) Reviewed-by: Richard J. Moore <[email protected]> --- src/gui/image/qgifhandler.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp index 5199dd3..49aa2a6 100644 --- a/src/gui/image/qgifhandler.cpp +++ b/src/gui/image/qgifhandler.cpp @@ -944,6 +944,8 @@ void QGIFFormat::fillRect(QImage *image, int col, int row, int w, int h, QRgb co void QGIFFormat::nextY(unsigned char *bits, int bpl) { + if (out_of_bounds) + return; int my; switch (interlace) { case 0: // Non-interlaced -- 2.0.4 ++++++ 0001-Ignore-expired-certificate-during-certificate-valida.patch ++++++ >From 7fcb100bbf6e8482039f915a9df93d951f7d52e6 Mon Sep 17 00:00:00 2001 From: Andy Shaw <[email protected]> Date: Wed, 14 Jan 2015 22:47:55 +0100 Subject: [PATCH] Ignore expired certificate during certificate validation OpenSSL has a bug when validating a chain with two certificates. If a certificate exists twice (which is a valid use case for renewed CAs), and the first one it hits is expired (which depends on the order on data structure internal to OpenSSL), it will fail to validate the chain. This is only a bandaid fix, which trades improved chain validation for error reporting accuracy. However given that reissuing of CA certs is a real problem that is only getting worse, this fix is needed. See also: https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html#WARNINGS [ChangeLog][QtNetwork][QSslSocket] Added a workaround to an OpenSSL problem that may cause errors when the trust store contains two certificates of the issuing CA, one of which is expired. Task-number: QTBUG-38896 (cherry picked and adapted from qtbase/0065b55da42b8c6ee0095264b5275fb708887c9d) Change-Id: I2515d79a442bec96734ea88ea850e6e8c2123a6c Reviewed-by: Richard J. Moore <[email protected]> --- src/network/ssl/qsslsocket_openssl.cpp | 31 ++++++++++++------------------- 1 file changed, 12 insertions(+), 19 deletions(-) diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 0ea174e..5fe55d5 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -350,26 +350,19 @@ init_context: } // Add all our CAs to this store. - QList<QSslCertificate> expiredCerts; foreach (const QSslCertificate &caCertificate, q->caCertificates()) { - // add expired certs later, so that the - // valid ones are used before the expired ones - if (! caCertificate.isValid()) { - expiredCerts.append(caCertificate); - } else { - q_X509_STORE_add_cert(ctx->cert_store, (X509 *)caCertificate.handle()); - } - } - - bool addExpiredCerts = true; -#if defined(Q_OS_MAC) && (MAC_OS_X_VERSION_MAX_ALLOWED == MAC_OS_X_VERSION_10_5) - //On Leopard SSL does not work if we add the expired certificates. - if (QSysInfo::MacintoshVersion == QSysInfo::MV_10_5) - addExpiredCerts = false; -#endif - // now add the expired certs - if (addExpiredCerts) { - foreach (const QSslCertificate &caCertificate, expiredCerts) { + // From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: + // + // If several CA certificates matching the name, key identifier, and + // serial number condition are available, only the first one will be + // examined. This may lead to unexpected results if the same CA + // certificate is available with different expiration dates. If a + // ``certificate expired'' verification error occurs, no other + // certificate will be searched. Make sure to not have expired + // certificates mixed with valid ones. + // + // See also: QSslContext::fromConfiguration() + if (caCertificate.expiryDate() >= QDateTime::currentDateTime()) { q_X509_STORE_add_cert(ctx->cert_store, (X509 *)caCertificate.handle()); } } -- 2.0.4 ++++++ 0001-Memory-and-file-descriptor-leak-in-QFontCache.patch ++++++ >From 45693cc638d10890f2816a38d38de6ddaf04ffd3 Mon Sep 17 00:00:00 2001 From: Simon Yuan <[email protected]> Date: Wed, 2 Apr 2014 16:02:04 +1300 Subject: [PATCH] Memory and file descriptor leak in QFontCache Make the cache also use the ref counts Make everyone who decrements a ref count check for 0 and delete Move all cache logic to the cache Same idea as 36cb3f3 and b3dae68 in Qt 5 without the extra stuff Task-number: QTBUG-38035 Change-Id: I27bea376f4ec0888463b4ec3ed1a6bef00d041f8 Reviewed-by: Konstantin Ritt <[email protected]> Reviewed-by: Eskil Abrahamsen Blomfeldt <[email protected]> --- src/gui/text/qfont.cpp | 102 +++++++++++++++++------------------------- src/gui/text/qfontengine.cpp | 7 +-- src/gui/text/qrawfont.cpp | 13 +++--- src/gui/text/qrawfont_win.cpp | 4 +- src/gui/text/qstatictext.cpp | 6 +-- src/gui/text/qtextengine.cpp | 7 +-- 6 files changed, 55 insertions(+), 84 deletions(-) diff --git a/src/gui/text/qfont.cpp b/src/gui/text/qfont.cpp index 7e94c1e..fa9bb70 100644 --- a/src/gui/text/qfont.cpp +++ b/src/gui/text/qfont.cpp @@ -275,8 +275,8 @@ QFontPrivate::QFontPrivate(const QFontPrivate &other) QFontPrivate::~QFontPrivate() { - if (engineData) - engineData->ref.deref(); + if (engineData && !engineData->ref.deref()) + delete engineData; engineData = 0; if (scFont && scFont != this) scFont->ref.deref(); @@ -298,7 +298,8 @@ QFontEngine *QFontPrivate::engineForScript(int script) const script = QUnicodeTables::Common; if (engineData && engineData->fontCache != QFontCache::instance()) { // throw out engineData that came from a different thread - engineData->ref.deref(); + if (!engineData->ref.deref()) + delete engineData; engineData = 0; } if (!engineData || !QT_FONT_ENGINE_FROM_DATA(engineData, script)) @@ -417,13 +418,13 @@ QFontEngineData::~QFontEngineData() { #if !defined(Q_WS_MAC) for (int i = 0; i < QUnicodeTables::ScriptCount; ++i) { - if (engines[i]) - engines[i]->ref.deref(); + if (engines[i] && !engines[i]->ref.deref()) + delete engines[i]; engines[i] = 0; } #else - if (engine) - engine->ref.deref(); + if (engine && !engine->ref.deref()) + delete engine; engine = 0; #endif // Q_WS_X11 || Q_WS_WIN || Q_WS_MAC } @@ -770,8 +771,8 @@ QFont::QFont(QFontPrivate *data) void QFont::detach() { if (d->ref == 1) { - if (d->engineData) - d->engineData->ref.deref(); + if (d->engineData && !d->engineData->ref.deref()) + delete d->engineData; d->engineData = 0; if (d->scFont && d->scFont != d.data()) d->scFont->ref.deref(); @@ -2819,7 +2820,7 @@ QFontCache::~QFontCache() EngineDataCache::ConstIterator it = engineDataCache.constBegin(), end = engineDataCache.constEnd(); while (it != end) { - if (it.value()->ref == 0) + if (it.value()->ref.deref() == 0) delete it.value(); else FC_DEBUG("QFontCache::~QFontCache: engineData %p still has refcount %d", @@ -2827,24 +2828,6 @@ QFontCache::~QFontCache() ++it; } } - EngineCache::ConstIterator it = engineCache.constBegin(), - end = engineCache.constEnd(); - while (it != end) { - if (--it.value().data->cache_count == 0) { - if (it.value().data->ref == 0) { - FC_DEBUG("QFontCache::~QFontCache: deleting engine %p key=(%d / %g %g %d %d %d)", - it.value().data, it.key().script, it.key().def.pointSize, - it.key().def.pixelSize, it.key().def.weight, it.key().def.style, - it.key().def.fixedPitch); - - delete it.value().data; - } else { - FC_DEBUG("QFontCache::~QFontCache: engine = %p still has refcount %d", - it.value().data, int(it.value().data->ref)); - } - } - ++it; - } } void QFontCache::clear() @@ -2856,16 +2839,14 @@ void QFontCache::clear() QFontEngineData *data = it.value(); #if !defined(Q_WS_MAC) for (int i = 0; i < QUnicodeTables::ScriptCount; ++i) { - if (data->engines[i]) { - data->engines[i]->ref.deref(); - data->engines[i] = 0; - } + if (data->engines[i] && !data->engines[i]->ref.deref()) + delete data->engines[i]; + data->engines[i] = 0; } #else - if (data->engine) { - data->engine->ref.deref(); - data->engine = 0; - } + if (data->engine && !data->engine->ref.deref()) + delete data->engine; + data->engine = 0; #endif ++it; } @@ -2873,15 +2854,7 @@ void QFontCache::clear() for (EngineCache::Iterator it = engineCache.begin(), end = engineCache.end(); it != end; ++it) { - if (it->data->ref == 0) { - delete it->data; - it->data = 0; - } - } - - for (EngineCache::Iterator it = engineCache.begin(), end = engineCache.end(); - it != end; ++it) { - if (it->data && it->data->ref == 0) { + if (it->data->ref.deref() == 0) { delete it->data; it->data = 0; } @@ -2916,6 +2889,8 @@ void QFontCache::insertEngineData(const Key &key, QFontEngineData *engineData) { FC_DEBUG("QFontCache: inserting new engine data %p", engineData); + Q_ASSERT(!engineDataCache.contains(key)); + engineData->ref.ref(); // the cache has a reference engineDataCache.insert(key, engineData); increaseCost(sizeof(QFontEngineData)); } @@ -2946,6 +2921,11 @@ void QFontCache::insertEngine(const Key &key, QFontEngine *engine) Engine data(engine); data.timestamp = ++current_timestamp; + QFontEngine *oldEngine = engineCache.value(key).data; + engine->ref.ref(); // the cache has a reference + if (oldEngine && !oldEngine->ref.deref()) + delete oldEngine; + engineCache.insert(key, data); // only increase the cost if this is the first time we insert the engine @@ -3005,12 +2985,11 @@ void QFontCache::cleanupPrinterFonts() continue; } - if(it.value()->ref != 0) { - for(int i = 0; i < QUnicodeTables::ScriptCount; ++i) { - if(it.value()->engines[i]) { - it.value()->engines[i]->ref.deref(); - it.value()->engines[i] = 0; - } + if (it.value()->ref > 1) { + for (int i = 0; i < QUnicodeTables::ScriptCount; ++i) { + if (it.value()->engines[i] && !it.value()->engines[i]->ref.deref()) + delete it.value()->engines[i]; + it.value()->engines[i] = 0; } ++it; } else { @@ -3021,7 +3000,8 @@ void QFontCache::cleanupPrinterFonts() FC_DEBUG(" %p", rem.value()); - delete rem.value(); + if (!rem.value()->ref.deref()) + delete rem.value(); engineDataCache.erase(rem); } } @@ -3030,7 +3010,7 @@ void QFontCache::cleanupPrinterFonts() EngineCache::Iterator it = engineCache.begin(), end = engineCache.end(); while(it != end) { - if (it.value().data->ref != 0 || it.key().screen == 0) { + if (it.value().data->ref != 1 || it.key().screen == 0) { ++it; continue; } @@ -3044,7 +3024,8 @@ void QFontCache::cleanupPrinterFonts() FC_DEBUG(" DELETE: last occurrence in cache"); decreaseCost(it.value().data->cache_cost); - delete it.value().data; + if (!it.value().data->ref.deref()) + delete it.value().data; } engineCache.erase(it++); @@ -3093,7 +3074,7 @@ void QFontCache::timerEvent(QTimerEvent *) # endif // Q_WS_X11 || Q_WS_WIN #endif // QFONTCACHE_DEBUG - if (it.value()->ref != 0) + if (it.value()->ref > 1) in_use_cost += engine_data_cost; } } @@ -3109,7 +3090,7 @@ void QFontCache::timerEvent(QTimerEvent *) int(it.value().data->ref), it.value().data->cache_count, it.value().data->cache_cost); - if (it.value().data->ref != 0) + if (it.value().data->ref > 1) in_use_cost += it.value().data->cache_cost / it.value().data->cache_count; } @@ -3159,7 +3140,7 @@ void QFontCache::timerEvent(QTimerEvent *) EngineDataCache::Iterator it = engineDataCache.begin(), end = engineDataCache.end(); while (it != end) { - if (it.value()->ref != 0) { + if (it.value()->ref > 1) { ++it; continue; } @@ -3187,7 +3168,7 @@ void QFontCache::timerEvent(QTimerEvent *) uint least_popular = ~0u; for (; it != end; ++it) { - if (it.value().data->ref != 0) + if (it.value().data->ref > 1) continue; if (it.value().timestamp < oldest && @@ -3200,7 +3181,7 @@ void QFontCache::timerEvent(QTimerEvent *) FC_DEBUG(" oldest %u least popular %u", oldest, least_popular); for (it = engineCache.begin(); it != end; ++it) { - if (it.value().data->ref == 0 && + if (it.value().data->ref == 1 && it.value().timestamp == oldest && it.value().hits == least_popular) break; @@ -3216,7 +3197,8 @@ void QFontCache::timerEvent(QTimerEvent *) FC_DEBUG(" DELETE: last occurrence in cache"); decreaseCost(it.value().data->cache_cost); - delete it.value().data; + if (!it.value().data->ref.deref()) + delete it.value().data; } else { /* this particular font engine is in the cache multiple diff --git a/src/gui/text/qfontengine.cpp b/src/gui/text/qfontengine.cpp index 9de475c..bf108c4 100644 --- a/src/gui/text/qfontengine.cpp +++ b/src/gui/text/qfontengine.cpp @@ -1325,11 +1325,8 @@ QFontEngineMulti::~QFontEngineMulti() { for (int i = 0; i < engines.size(); ++i) { QFontEngine *fontEngine = engines.at(i); - if (fontEngine) { - fontEngine->ref.deref(); - if (fontEngine->cache_count == 0 && fontEngine->ref == 0) - delete fontEngine; - } + if (fontEngine && !fontEngine->ref.deref()) + delete fontEngine; } } diff --git a/src/gui/text/qrawfont.cpp b/src/gui/text/qrawfont.cpp index 2b7554a..cb2bcb3 100644 --- a/src/gui/text/qrawfont.cpp +++ b/src/gui/text/qrawfont.cpp @@ -682,8 +682,7 @@ void QRawFont::setPixelSize(qreal pixelSize) if (d->fontEngine != 0) d->fontEngine->ref.ref(); - oldFontEngine->ref.deref(); - if (oldFontEngine->cache_count == 0 && oldFontEngine->ref == 0) + if (!oldFontEngine->ref.deref()) delete oldFontEngine; } @@ -693,12 +692,10 @@ void QRawFont::setPixelSize(qreal pixelSize) void QRawFontPrivate::cleanUp() { platformCleanUp(); - if (fontEngine != 0) { - fontEngine->ref.deref(); - if (fontEngine->cache_count == 0 && fontEngine->ref == 0) - delete fontEngine; - fontEngine = 0; - } + if (fontEngine != 0 && !fontEngine->ref.deref()) + delete fontEngine; + fontEngine = 0; + hintingPreference = QFont::PreferDefaultHinting; } diff --git a/src/gui/text/qrawfont_win.cpp b/src/gui/text/qrawfont_win.cpp index 6923aae..9b66886 100644 --- a/src/gui/text/qrawfont_win.cpp +++ b/src/gui/text/qrawfont_win.cpp @@ -600,11 +600,11 @@ void QRawFontPrivate::platformLoadFromData(const QByteArray &fontData, if (request.family != fontEngine->fontDef.family) { qWarning("QRawFont::platformLoadFromData: Failed to load font. " "Got fallback instead: %s", qPrintable(fontEngine->fontDef.family)); - if (fontEngine->cache_count == 0 && fontEngine->ref == 0) + if (fontEngine->ref == 0) delete fontEngine; fontEngine = 0; } else { - Q_ASSERT(fontEngine->cache_count == 0 && fontEngine->ref == 0); + Q_ASSERT(fontEngine->ref == 0); // Override the generated font name static_cast<QFontEngineWin *>(fontEngine)->uniqueFamilyName = uniqueFamilyName; diff --git a/src/gui/text/qstatictext.cpp b/src/gui/text/qstatictext.cpp index 657da33..b111200 100644 --- a/src/gui/text/qstatictext.cpp +++ b/src/gui/text/qstatictext.cpp @@ -724,10 +724,8 @@ QStaticTextItem::~QStaticTextItem() void QStaticTextItem::setFontEngine(QFontEngine *fe) { - if (m_fontEngine != 0) { - if (!m_fontEngine->ref.deref()) - delete m_fontEngine; - } + if (m_fontEngine != 0 && !m_fontEngine->ref.deref()) + delete m_fontEngine; m_fontEngine = fe; if (m_fontEngine != 0) diff --git a/src/gui/text/qtextengine.cpp b/src/gui/text/qtextengine.cpp index b371237..f4b86b0 100644 --- a/src/gui/text/qtextengine.cpp +++ b/src/gui/text/qtextengine.cpp @@ -1453,11 +1453,8 @@ void QTextEngine::shape(int item) const static inline void releaseCachedFontEngine(QFontEngine *fontEngine) { - if (fontEngine) { - fontEngine->ref.deref(); - if (fontEngine->cache_count == 0 && fontEngine->ref == 0) - delete fontEngine; - } + if (fontEngine && !fontEngine->ref.deref()) + delete fontEngine; } void QTextEngine::resetFontEngineCache() -- 2.0.4 ++++++ 0001-QDbus-Fix-a-b-comparison.patch ++++++ >From d0b790dcd02da959cbdfc83d606906cead9e8375 Mon Sep 17 00:00:00 2001 From: David Faure <[email protected]> Date: Sat, 12 Apr 2014 11:25:28 +0200 Subject: [PATCH] QDbus: Fix (!a == b) comparison ! binds to a, and that is wrong here. (cherry picked from qtbase/4b7cd57719a637189696d673b014ae785df669bf) Change-Id: I75542a0c27f39fb6e684dedd9925a1f3748d4919 Reviewed-by: Thiago Macieira <[email protected]> --- src/dbus/qdbuspendingcall.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/dbus/qdbuspendingcall.cpp b/src/dbus/qdbuspendingcall.cpp index 06597a6..b7def2e 100644 --- a/src/dbus/qdbuspendingcall.cpp +++ b/src/dbus/qdbuspendingcall.cpp @@ -225,7 +225,7 @@ void QDBusPendingCallPrivate::checkReceivedSignature() return; // no signature to validate against // can't use startsWith here because a null string doesn't start or end with an empty string - if (!replyMessage.signature().indexOf(expectedReplySignature) == 0) { + if (replyMessage.signature().indexOf(expectedReplySignature) != 0) { QString errorMsg = QLatin1String("Unexpected reply signature: got \"%1\", " "expected \"%2\""); replyMessage = QDBusMessage::createError( -- 2.0.4 ++++++ 0001-QDeclarativeTextEdit-fix-use-of-uninitialised-value.patch ++++++ >From 30aec2948a9bf322c45addb6afd66247572587b8 Mon Sep 17 00:00:00 2001 From: David Faure <[email protected]> Date: Mon, 2 Feb 2015 14:34:00 +0100 Subject: [PATCH] QDeclarativeTextEdit: fix use of uninitialised value. Detected by valgrind: ==27068== Conditional jump or move depends on uninitialised value(s) ==27068== at 0x70C7289: QDeclarativeTextEdit::updateTotalLines() (qdeclarativetextedit.cpp:1742) Backport from qtquick1 Change-Id: Iafc0c0072e6ab318fd4643e8ac7531edf5ec7ad0 Reviewed-by: Simon Hausmann <[email protected]> --- src/declarative/graphicsitems/qdeclarativetextedit_p_p.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/declarative/graphicsitems/qdeclarativetextedit_p_p.h b/src/declarative/graphicsitems/qdeclarativetextedit_p_p.h index ab5b0ed..ca4bdfa 100644 --- a/src/declarative/graphicsitems/qdeclarativetextedit_p_p.h +++ b/src/declarative/graphicsitems/qdeclarativetextedit_p_p.h @@ -73,7 +73,7 @@ public: showInputPanelOnFocus(true), clickCausedFocus(false), persistentSelection(true), requireImplicitWidth(false), hAlignImplicit(true), rightToLeftText(false), textMargin(0.0), lastSelectionStart(0), lastSelectionEnd(0), cursorComponent(0), cursor(0), format(QDeclarativeTextEdit::AutoText), document(0), wrapMode(QDeclarativeTextEdit::NoWrap), - mouseSelectionMode(QDeclarativeTextEdit::SelectCharacters), selectByMouse(false), canPaste(false), + mouseSelectionMode(QDeclarativeTextEdit::SelectCharacters), lineCount(0), selectByMouse(false), canPaste(false), yoff(0) { #ifdef Q_OS_SYMBIAN -- 2.0.4 ++++++ 0001-QPdf-addImage-avoid-a-QImage-detach-when-it-s-in-an-.patch ++++++ >From 5f0f5dd371cb5fbd1ae1cb8f7b6f03c0109d2d6c Mon Sep 17 00:00:00 2001 From: Martin Pley <[email protected]> Date: Tue, 10 Jun 2014 12:53:59 +0200 Subject: [PATCH] QPdf::addImage(): avoid a QImage detach when it's in an acceptable Format Don't detach QImage, when it's in Format_Mono or Format_ARG32. Use QImage::constScanLine() instead of QImage::scanLine(). Change-Id: I30fcafb576aea3189637a40fd75f77c70017ba46 Reviewed-by: John Layt <[email protected]> Reviewed-by: Gunnar Sletta <[email protected]> (cherry picked from qtbase/1a32cc0ae42a4a49f2d45b8ad8251ec40a30bf76) Reviewed-by: Gunnar Sletta <[email protected]> --- src/gui/painting/qprintengine_pdf.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/gui/painting/qprintengine_pdf.cpp b/src/gui/painting/qprintengine_pdf.cpp index b622611..57dc162 100644 --- a/src/gui/painting/qprintengine_pdf.cpp +++ b/src/gui/painting/qprintengine_pdf.cpp @@ -559,7 +559,7 @@ int QPdfEnginePrivate::addImage(const QImage &img, bool *bitmap, qint64 serial_n data.resize(bytesPerLine * h); char *rawdata = data.data(); for (int y = 0; y < h; ++y) { - memcpy(rawdata, image.scanLine(y), bytesPerLine); + memcpy(rawdata, image.constScanLine(y), bytesPerLine); rawdata += bytesPerLine; } object = writeImage(data, w, h, d, 0, 0); @@ -581,7 +581,7 @@ int QPdfEnginePrivate::addImage(const QImage &img, bool *bitmap, qint64 serial_n softMaskData.resize(w * h); uchar *sdata = (uchar *)softMaskData.data(); for (int y = 0; y < h; ++y) { - const QRgb *rgb = (const QRgb *)image.scanLine(y); + const QRgb *rgb = (const QRgb *)image.constScanLine(y); for (int x = 0; x < w; ++x) { uchar alpha = qAlpha(*rgb); *sdata++ = alpha; @@ -597,7 +597,7 @@ int QPdfEnginePrivate::addImage(const QImage &img, bool *bitmap, qint64 serial_n softMaskData.resize(w * h); uchar *sdata = (uchar *)softMaskData.data(); for (int y = 0; y < h; ++y) { - const QRgb *rgb = (const QRgb *)image.scanLine(y); + const QRgb *rgb = (const QRgb *)image.constScanLine(y); if (colorMode == QPrinter::GrayScale) { for (int x = 0; x < w; ++x) { *(data++) = qGray(*rgb); -- 2.0.4 ++++++ 0001-QSslCertificate-blacklist-NIC-certificates-from-Indi.patch ++++++ >From 59eb561989f7a7b65c3e9b11d0ac062479013bf2 Mon Sep 17 00:00:00 2001 From: Peter Hartmann <[email protected]> Date: Wed, 9 Jul 2014 16:22:44 +0200 Subject: [PATCH] QSslCertificate: blacklist NIC certificates from India Those intermediate certificates were used to issue "unauthorized" certificates according to http://googleonlinesecurity.blogspot.de/2014/07/maintaining-digital-certificate-security.html , and are by default trusted on Windows, so to be safe we blacklist them here. (backport of commit 916c9d469bd0df227dc3be97fcca27e3cf58144f) Change-Id: I22c6637895dcd21b1f7af73fdd5ca39d4747cf9e Reviewed-by: Richard J. Moore <[email protected]> --- src/network/ssl/qsslcertificate.cpp | 4 ++++ .../blacklisted-nic-india-2007.pem | 25 +++++++++++++++++++++ .../blacklisted-nic-india-2011.pem | 26 ++++++++++++++++++++++ .../blacklisted-nic-india-2014.pem | 26 ++++++++++++++++++++++ 4 files changed, 81 insertions(+) create mode 100644 tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2007.pem create mode 100644 tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2011.pem create mode 100644 tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2014.pem diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp index 254f45b..a015880 100644 --- a/src/network/ssl/qsslcertificate.cpp +++ b/src/network/ssl/qsslcertificate.cpp @@ -832,6 +832,10 @@ static const char *certificate_blacklist[] = { "2148", "e-islem.kktcmerkezbankasi.org", // Turktrust mis-issued intermediate certificate "204199", "AC DG Tr\xC3\xA9sor SSL", // intermediate certificate linking back to ANSSI French National Security Agency + + "10115", "NIC Certifying Authority", // intermediate certificate from NIC India (2007) + "10130", "NIC CA 2011", // intermediate certificate from NIC India (2011) + "10161", "NIC CA 2014", // intermediate certificate from NIC India (2014) 0 }; diff --git a/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2007.pem b/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2007.pem new file mode 100644 index 0000000..2106f66 --- /dev/null +++ b/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2007.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgICJ4MwDQYJKoZIhvcNAQEFBQAwOjELMAkGA1UEBhMCSU4x +EjAQBgNVBAoTCUluZGlhIFBLSTEXMBUGA1UEAxMOQ0NBIEluZGlhIDIwMDcwHhcN +MDcwNzAyMDY0MTU5WhcNMTUwNzA0MDYzMDAwWjCBsDELMAkGA1UEBhMCSU4xJDAi +BgNVBAoTG05hdGlvbmFsIEluZm9ybWF0aWNzIENlbnRyZTEOMAwGA1UECxMFTklD +Q0ExITAfBgNVBAMTGE5JQyBDZXJ0aWZ5aW5nIEF1dGhvcml0eTESMBAGA1UEBxMJ +TmV3IERlbGhpMSQwIgYJKoZIhvcNAQkBFhVzdXBwb3J0QGNhbWFpbC5uaWMuaW4x +DjAMBgNVBAgTBURlbGhpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +wLRKDEWWC1iWcxpVgA7GJEjQVjGIMx9XPLoaMKXiEQdajHgmjKdOhlFkSWiHgiCS +Uo39U0/UoC4rAYzBCcfHWdAGjXNs7dt/cz+muK2aMoPoAgXWLF2A48CJMrTcyNFE +HryIYJeCiK8DTlEhBxL8II9VBx8qKSquizh4MQTmpqvfjHNqd6qCHF6q8W439io5 +kVIFnGNd/p0V5HFv0OpWeF/IpKJA1m1lb729FwfsVpqipf7DLVQUKtSjK/32RDtB +hnAmkDlW6IZRPs2F896A5COPSDjJlAeUX8JqDnBOr64bPRgUy0VDnW/soRB3knkn +5w5ueXj3DrgONtjGcBSwVwIDAQABo4HOMIHLMA8GA1UdEwEB/wQFMAMBAf8wEQYD +VR0OBAoECEwne24Nsv9UMBMGA1UdIwQMMAqACE8ewFgn2LjkMAsGA1UdDwQEAwIB +BjCBggYDVR0fBHsweTB3oHWgc4ZxbGRhcDovL25yZGMuY2NhLmdvdi5pbjozODkv +Y249Q0NBIEluZGlhIDIwMDcsb3U9Q0NBIEluZGlhIDIwMDcsbz1JbmRpYSBQS0ks +Yz1JTj9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0O2JpbmFyeT8wDQYJKoZIhvcN +AQEFBQADggEBAKx6RkVgMGQADgl4jTy3qBDq8nvkegDaDnviTUsGzsR6RpooT0xd +wuKiRU0I7p2gAo6uBTMEZtS+XWJz+7xlfo4fao5XIU4e1fxkQuxddM23/J7M4+Uz +3pL7ziK5RcVizhQqz3IjSH440/OoFhUBT5d5WWN0hliEcr7+6nLPAOcAX/qR509a +Djd/aonfyQFCMyfiPpYLx5ElTuqUZeHApJ58+Iprwbu3EIux+C+mfS8QCMY+WYje +aocCIwIutrmoxIXxGy9yV5OKIe2+4wsCT8aNin+6AV7qNTmFVhp+MF50v69ONTO7 +w2Sa+ire2N5FgklMW2WTCi8d8rwLzaWuse4= +-----END CERTIFICATE----- diff --git a/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2011.pem b/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2011.pem new file mode 100644 index 0000000..d3a8c10 --- /dev/null +++ b/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2011.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEWzCCA0OgAwIBAgICJ5IwDQYJKoZIhvcNAQELBQAwOjELMAkGA1UEBhMCSU4x +EjAQBgNVBAoTCUluZGlhIFBLSTEXMBUGA1UEAxMOQ0NBIEluZGlhIDIwMTEwHhcN +MTEwMzExMDgxNTExWhcNMTYwMzExMDYzMDAwWjCByDELMAkGA1UEBhMCSU4xJDAi +BgNVBAoTG05hdGlvbmFsIEluZm9ybWF0aWNzIENlbnRyZTEdMBsGA1UECxMUQ2Vy +dGlmeWluZyBBdXRob3JpdHkxDzANBgNVBBETBjExMDAwMzEOMAwGA1UECBMFRGVs +aGkxHjAcBgNVBAkTFUxvZGhpIFJvYWQsIE5ldyBEZWxoaTEdMBsGA1UEMwwUQS1C +bG9jaywgQ0dPIENvbXBsZXgxFDASBgNVBAMTC05JQyBDQSAyMDExMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7J/N88MoXcCHTz4A5DKF59+8kvSnriGr +TEowLSa5NCvH+o89+Mf7V260kKZJ/hQox5RG/F8/gY7u9ziLeypbedeG8EIl88HC +4x9hT0SNLsrj9qo90waDuGYB4/KQ8q5E6ivVxxV0epzQfFA5A5biKltPBbku/M4D +iZ+TqBbHxo6nRUEZoukJi0+JLykGI4VpJlQBzow04omxQUZHzvCffo6QvN6FdzZ0 +MopwqaggyfHDFu9o4elCR9Kd/obYlgXAHLYwJlN0pybbe2WpKj81/pxDhKgxrVN+ +OZaI5OMBBkjDRQG+ZyEnQb8XYMNPJbOgQGYgsRdPPjIn7poTzxe7SQIDAQABo4Hb +MIHYMBIGA1UdEwEB/wQIMAYBAf8CAQEwEQYDVR0OBAoECE5VT66z36FmMBIGA1Ud +IAQLMAkwBwYFYIJkZAIwEwYDVR0jBAwwCoAITQeoY/LbHN8wLgYIKwYBBQUHAQEE +IjAgMB4GCCsGAQUFBzABhhJodHRwOi8vb2N2cy5nb3YuaW4wDgYDVR0PAQH/BAQD +AgEGMEYGA1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly9jY2EuZ292LmluL3J3L3Jlc291 +cmNlcy9DQ0FJbmRpYTIwMTFMYXRlc3QuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5 +LCqtHbxfO72KRWJbW9dAHNh2xh8n7wstNgSPHLbjL5B0l7RZlCFauy4fjc2faMiB +xnOq5oEXeIZBrT2NkuEymQ8f0Pzm3pcXrMkFrj78SiA07/cPQShBKKpw39t6puJV +8ykiVZMZvSCjCzzZZlVO12b2ChADkf6wtseftx5O/zBsqP3Y2+3+KvEeDVtuseKu +FV2OxSsqSfffJq7IYTwpRPOVzHGJnjV3Igtj3zAzZm8CWxRM/yhnkGyVc+xz/T7o +WY0870eciR+bmLjZ9j0opudZR6e+lCsMHH2Lxc8C/0XRcCzcganxfWCb/fb0gx44 +iY0a+wWCVebjuyKU/BXk +-----END CERTIFICATE----- diff --git a/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2014.pem b/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2014.pem new file mode 100644 index 0000000..5467086 --- /dev/null +++ b/tests/auto/qsslcertificate/more-certificates/blacklisted-nic-india-2014.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEWzCCA0OgAwIBAgICJ7EwDQYJKoZIhvcNAQELBQAwOjELMAkGA1UEBhMCSU4x +EjAQBgNVBAoTCUluZGlhIFBLSTEXMBUGA1UEAxMOQ0NBIEluZGlhIDIwMTQwHhcN +MTQwMzA1MTExNTI0WhcNMjQwMzA1MDYzMDAwWjCByDELMAkGA1UEBhMCSU4xJDAi +BgNVBAoTG05hdGlvbmFsIEluZm9ybWF0aWNzIENlbnRyZTEdMBsGA1UECxMUQ2Vy +dGlmeWluZyBBdXRob3JpdHkxDzANBgNVBBETBjExMDAwMzEOMAwGA1UECBMFRGVs +aGkxHjAcBgNVBAkTFUxvZGhpIFJvYWQsIE5ldyBEZWxoaTEdMBsGA1UEMxMUQS1C +bG9jaywgQ0dPIENvbXBsZXgxFDASBgNVBAMTC05JQyBDQSAyMDE0MIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/OQ56Ge9MhJiBwtOlCJP4p5gjcCuqkQ2 +6BCSQgfAsxyNxAwtL1f0h3d5KNFIInIG2Y9PwBgUrgavOWy2cZICxgXIGaOzK5bI +TyGhxYMPUzkazGppfj0ScW7Ed/kjeDnic3WlYkPwtNaV1qwTElr8zqPUtT27ZDqd +6upor9MICngXAC1tHjhPuGrGtu4i6FMPrmkofwdh8dkuRzU/OPjf9lA+E9Qu0Nvq +soI9grJA0etgRfn9juR4X3KTG21qHnza50PpMYC4+vh8jAnIT7Kcz8Ggr4eghkvP ++iz2yEtIcV9M1xeo98XU/jxuYS7LeWtO79jkiqCIqgI8T3x7LHuCaQIDAQABo4Hb +MIHYMBIGA1UdEwEB/wQIMAYBAf8CAQEwEQYDVR0OBAoECEZwyi8lTsNHMBIGA1Ud +IAQLMAkwBwYFYIJkZAIwEwYDVR0jBAwwCoAIQrjFz22zV+EwLgYIKwYBBQUHAQEE +IjAgMB4GCCsGAQUFBzABhhJodHRwOi8vb2N2cy5nb3YuaW4wDgYDVR0PAQH/BAQD +AgEGMEYGA1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly9jY2EuZ292LmluL3J3L3Jlc291 +cmNlcy9DQ0FJbmRpYTIwMTRMYXRlc3QuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCB +i3iJeUlkfjY96HgfBIUEsLi+knO3VUrxDmwps1YyhgRSt22NQLZ4jksSWLI2EQbn +9k5tH8rwSbsOWf+TZH7jpaKAVSYi1GhEbGR/C2ZeFiWATwtPWKoVGwx/ksUO9YPM +zf0wh6fDIuyBJIs/nuN93+L2ib+TS5viNky+HrR3XyqE0z43W5bbzMbido3lbwgr +drMWD6hCNSZs888L0Se4rn2ei0aPmHmxjDjbExF3NF6m2uYC/wAR4cVIzMvvptFY +n+SAdG/pwkKHaMVncB/cxxEWiKzOxVpjBsM4N19lpxp2RU/n+x7xRK3WTQvNAZdU +7pcAYmZIXPu/ES9qpK4f +-----END CERTIFICATE----- -- 2.0.4 ++++++ 0002-Fixes-crash-in-bmp-and-ico-image-decoding.patch ++++++ >From 3e55cd6dc467303a3c35312e9fcb255c2c048b32 Mon Sep 17 00:00:00 2001 From: Eirik Aavitsland <[email protected]> Date: Wed, 11 Mar 2015 13:34:01 +0100 Subject: [PATCH 2/2] Fixes crash in bmp and ico image decoding Fuzzing test revealed that for certain malformed bmp and ico files, the handler would segfault. Change-Id: I19d45145f31e7f808f7f6a1a1610270ea4159cbe (cherry picked from qtbase/2adbbae5432aa9d8cc41c6fcf55c2e310d2d4078) Reviewed-by: Richard J. Moore <[email protected]> --- src/gui/image/qbmphandler.cpp | 13 +++++++------ src/plugins/imageformats/ico/qicohandler.cpp | 2 +- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/src/gui/image/qbmphandler.cpp b/src/gui/image/qbmphandler.cpp index 30fa9e0..17a880b 100644 --- a/src/gui/image/qbmphandler.cpp +++ b/src/gui/image/qbmphandler.cpp @@ -478,12 +478,6 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int p = data + (h-y-1)*bpl; break; case 2: // delta (jump) - // Protection - if ((uint)x >= (uint)w) - x = w-1; - if ((uint)y >= (uint)h) - y = h-1; - { quint8 tmp; d->getChar((char *)&tmp); @@ -491,6 +485,13 @@ static bool read_dib_body(QDataStream &s, const BMP_INFOHDR &bi, int offset, int d->getChar((char *)&tmp); y += tmp; } + + // Protection + if ((uint)x >= (uint)w) + x = w-1; + if ((uint)y >= (uint)h) + y = h-1; + p = data + (h-y-1)*bpl + x; break; default: // absolute mode diff --git a/src/plugins/imageformats/ico/qicohandler.cpp b/src/plugins/imageformats/ico/qicohandler.cpp index 1a88605..3c34765 100644 --- a/src/plugins/imageformats/ico/qicohandler.cpp +++ b/src/plugins/imageformats/ico/qicohandler.cpp @@ -571,7 +571,7 @@ QImage ICOReader::iconAt(int index) QImage::Format format = QImage::Format_ARGB32; if (icoAttrib.nbits == 24) format = QImage::Format_RGB32; - else if (icoAttrib.ncolors == 2) + else if (icoAttrib.ncolors == 2 && icoAttrib.depth == 1) format = QImage::Format_Mono; else if (icoAttrib.ncolors > 0) format = QImage::Format_Indexed8; -- 2.0.4
