Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package qt6-svg for openSUSE:Factory checked in at 2023-10-17 20:24:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/qt6-svg (Old) and /work/SRC/openSUSE:Factory/.qt6-svg.new.20540 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "qt6-svg" Tue Oct 17 20:24:34 2023 rev:27 rq:1118069 version:6.6.0 Changes: -------- --- /work/SRC/openSUSE:Factory/qt6-svg/qt6-svg.changes 2023-10-13 23:15:20.976491947 +0200 +++ /work/SRC/openSUSE:Factory/.qt6-svg.new.20540/qt6-svg.changes 2023-10-17 20:24:36.762472020 +0200 @@ -1,0 +2,7 @@ +Mon Oct 16 14:40:42 UTC 2023 - Manfred Hollstein <[email protected]> + +- Add patches (boo#1216269, QTBUG-117944): + * 0001-fix-nullptr-derefence-with-invalid-SVG.patch + * 0002-make-sure-we-do-not-load-invalid-SVGs-twice.patch + +------------------------------------------------------------------- New: ---- 0001-fix-nullptr-derefence-with-invalid-SVG.patch 0002-make-sure-we-do-not-load-invalid-SVGs-twice.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ qt6-svg.spec ++++++ --- /var/tmp/diff_new_pack.5bqe9n/_old 2023-10-17 20:24:37.590501006 +0200 +++ /var/tmp/diff_new_pack.5bqe9n/_new 2023-10-17 20:24:37.590501006 +0200 @@ -33,6 +33,10 @@ License: LGPL-3.0-only OR (GPL-2.0-only OR GPL-3.0-or-later) URL: https://www.qt.io Source: https://download.qt.io/official_releases/qt/%{short_version}/%{real_version}%{tar_suffix}/submodules/%{tar_name}-%{real_version}%{tar_suffix}.tar.xz +# PATCH-FIX-UPSTREAM 0001-fix-nullptr-derefence-with-invalid-SVG.patch QTBUG-117944 boo#1216269 +Patch01: 0001-fix-nullptr-derefence-with-invalid-SVG.patch +# PATCH-FIX-UPSTREAM 0002-make-sure-we-do-not-load-invalid-SVGs-twice.patch boo#1216269 +Patch02: 0002-make-sure-we-do-not-load-invalid-SVGs-twice.patch Source99: qt6-svg-rpmlintrc BuildRequires: pkgconfig BuildRequires: qt6-core-private-devel ++++++ 0001-fix-nullptr-derefence-with-invalid-SVG.patch ++++++ >From edc8ca7f1e45302223b4b7962a57a30918f84c8d Mon Sep 17 00:00:00 2001 From: Paul Olav Tvete <[email protected]> Date: Tue, 10 Oct 2023 10:14:22 +0200 Subject: [PATCH] Fix nullptr dereference with invalid SVG Fixes: QTBUG-117944 Pick-to: 6.6 6.5 6.2 Change-Id: I9059dc28c750fc0585f1fb982152b211c323c6cd Reviewed-by: Eskil Abrahamsen Blomfeldt <[email protected]> --- src/svg/qsvghandler.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp index e6877acc..1cffbc37 100644 --- a/src/svg/qsvghandler.cpp +++ b/src/svg/qsvghandler.cpp @@ -3620,6 +3620,8 @@ void QSvgHandler::init() static bool detectCycles(const QSvgNode *node, QList<const QSvgUse *> active = {}) { + if (Q_UNLIKELY(!node)) + return false; switch (node->type()) { case QSvgNode::DOC: case QSvgNode::G: -- 2.16.3 ++++++ 0002-make-sure-we-do-not-load-invalid-SVGs-twice.patch ++++++ >From a090bd1f9a7bfa14f06b14570c6a5a37843931c6 Mon Sep 17 00:00:00 2001 From: Paul Olav Tvete <[email protected]> Date: Tue, 10 Oct 2023 11:41:41 +0200 Subject: [PATCH] Make sure we don't load invalid SVGs twice Fixes a bug where loading an invalid SVG that happens to be valid XML could behave differently in QML and C++, because readimage() in qquickpixmapcache.cpp calls QImageReader::size() twice. Task-number: QTBUG-117944 Pick-to: 6.6 6.5 Change-Id: Ibef7f54627c76414c66f81804f5f46f2db3594ba Reviewed-by: Eirik Aavitsland <[email protected]> Reviewed-by: Qt CI Bot <[email protected]> --- src/plugins/imageformats/svg/qsvgiohandler.cpp | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/src/plugins/imageformats/svg/qsvgiohandler.cpp b/src/plugins/imageformats/svg/qsvgiohandler.cpp index b04ee6b2..570c9829 100644 --- a/src/plugins/imageformats/svg/qsvgiohandler.cpp +++ b/src/plugins/imageformats/svg/qsvgiohandler.cpp @@ -19,7 +19,7 @@ class QSvgIOHandlerPrivate { public: QSvgIOHandlerPrivate(QSvgIOHandler *qq) - : q(qq), loaded(false), readDone(false), backColor(Qt::transparent) + : q(qq), loadAttempted(false), loadStatus(false), readDone(false), backColor(Qt::transparent) {} bool load(QIODevice *device); @@ -31,7 +31,8 @@ public: QRect clipRect; QSize scaledSize; QRect scaledClipRect; - bool loaded; + bool loadAttempted; + bool loadStatus; bool readDone; QColor backColor; }; @@ -39,8 +40,9 @@ public: bool QSvgIOHandlerPrivate::load(QIODevice *device) { - if (loaded) - return true; + if (loadAttempted) + return loadStatus; + loadAttempted = true; if (q->format().isEmpty()) q->canRead(); @@ -63,10 +65,10 @@ bool QSvgIOHandlerPrivate::load(QIODevice *device) if (res) { defaultSize = r.defaultSize(); - loaded = true; + loadStatus = true; } - return loaded; + return loadStatus; } @@ -105,7 +107,7 @@ bool QSvgIOHandler::canRead() const { if (!device()) return false; - if (d->loaded && !d->readDone) + if (d->loadStatus && !d->readDone) return true; // Will happen if we have been asked for the size bool isCompressed = false; -- 2.16.3
