Hello community, here is the log from the commit of package libqt5-qtbase for openSUSE:Factory checked in at 2015-01-15 16:00:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libqt5-qtbase (Old) and /work/SRC/openSUSE:Factory/.libqt5-qtbase.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libqt5-qtbase" Changes: -------- --- /work/SRC/openSUSE:Factory/libqt5-qtbase/libqt5-qtbase.changes 2014-12-29 00:31:58.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.libqt5-qtbase.new/libqt5-qtbase.changes 2015-01-15 16:00:59.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Jan 12 16:33:18 UTC 2015 - [email protected] + +- Added Fix-use-after-free-bug.patch from upstream + (qtbug#43623, boo#870151) + +------------------------------------------------------------------- New: ---- Fix-use-after-free-bug.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libqt5-qtbase.spec ++++++ --- /var/tmp/diff_new_pack.vBV7cg/_old 2015-01-15 16:01:01.000000000 +0100 +++ /var/tmp/diff_new_pack.vBV7cg/_new 2015-01-15 16:01:01.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package libqt5-qtbase # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -62,6 +62,8 @@ Patch2000: Handle-SelectionClientClose-in-QXcbClipboard.patch # PATCH-FIX-UPSTREAM qimage_conversions.cpp: Fix build on big endian systems Patch2001: qimage_conversions.cpp-Fix-build-on-big-endian-syste.patch +# PATCH-FIX-UPSTREAM Fix-use-after-free-bug.patch +Patch2002: Fix-use-after-free-bug.patch BuildRequires: alsa-devel BuildRequires: cups-devel BuildRequires: fdupes @@ -150,6 +152,7 @@ %patch6 -p1 %patch2000 -p1 %patch2001 -p1 +%patch2002 -p1 # be sure not to use them rm -r src/3rdparty/{libjpeg,freetype,libpng,zlib} ++++++ Fix-use-after-free-bug.patch ++++++ From: Gatis Paeglis <[email protected]> Date: Wed, 07 Jan 2015 13:50:41 +0000 Subject: Fix use-after-free bug X-Git-Url: http://quickgit.kde.org/?p=qt%2Fqtbase.git&a=commitdiff&h=d40b66a8ef98777c69ac293dac9a332f88832c23 --- Fix use-after-free bug xcb_image_destroy() calls free on m_xcb_image and then few lines down we access member of m_xcb_image. Swap order of these two actions. Change-Id: I01fb43a066459cce462df6af22161c35cef524eb Task-number: QTBUG-43623 Reviewed-by: Shawn Rutledge <[email protected]> --- --- a/src/plugins/platforms/xcb/qxcbbackingstore.cpp +++ b/src/plugins/platforms/xcb/qxcbbackingstore.cpp @@ -145,8 +145,6 @@ if (segmentSize && m_shm_info.shmaddr) Q_XCB_CALL(xcb_shm_detach(xcb_connection(), m_shm_info.shmseg)); - xcb_image_destroy(m_xcb_image); - if (segmentSize) { if (m_shm_info.shmaddr) { shmdt(m_shm_info.shmaddr); @@ -155,6 +153,8 @@ free(m_xcb_image->data); } } + + xcb_image_destroy(m_xcb_image); if (m_gc) Q_XCB_CALL(xcb_free_gc(xcb_connection(), m_gc)); -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
