[neon/qt/qtbase/Neon/release] debian: Restore CVE-2021-38593.diff, 3 of 4 commits are still applicable.

Thu Jul 14 14:50:52 BST 2022

Git commit b6679966289e1681ef3d3b899a5841db8e04608a by Dmitry Shachnev.
Committed on 20/06/2022 at 20:15.
Pushed by jriddell into branch 'Neon/release'.

Restore CVE-2021-38593.diff, 3 of 4 commits are still applicable.

M  +2    -0    debian/changelog
A  +38   -0    debian/patches/CVE-2021-38593.diff
M  +1    -0    debian/patches/series

https://invent.kde.org/neon/qt/qtbase/commit/b6679966289e1681ef3d3b899a5841db8e04608a

diff --git a/debian/changelog b/debian/changelog
index bfe3723..8392532 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,7 @@
 qtbase-opensource-src (5.15.5+dfsg-2) UNRELEASED; urgency=medium
 
+  [ Dmitry Shachnev ]
+  * Restore CVE-2021-38593.diff, 3 of 4 commits are still applicable.
 
  -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>  Mon, 20 Jun 2022 23:08:28 +0300
 
diff --git a/debian/patches/CVE-2021-38593.diff b/debian/patches/CVE-2021-38593.diff
new file mode 100644
index 0000000..c80e5c9
--- /dev/null
+++ b/debian/patches/CVE-2021-38593.diff
@@ -0,0 +1,38 @@
+Description: improve fix for avoiding huge number of tiny dashes
+ Some pathological cases were not caught by the previous fix.
+Origin: upstream, commits:
+ https://code.qt.io/cgit/qt/qtbase.git/commit/?id=6b400e3147dcfd8c
+ https://code.qt.io/cgit/qt/qtbase.git/commit/?id=84aba80944a2e1c3
+ https://code.qt.io/cgit/qt/qtbase.git/commit/?id=cca8ed0547405b1c
+Last-Update: 2022-06-20
+
+--- a/src/gui/painting/qpaintengineex.cpp
++++ b/src/gui/painting/qpaintengineex.cpp
+@@ -388,7 +388,7 @@ Q_GUI_EXPORT extern bool qt_scaleForTran
+ void QPaintEngineEx::stroke(const QVectorPath &path, const QPen &inPen)
+ {
+ #ifdef QT_DEBUG_DRAW
+-    qDebug() << "QPaintEngineEx::stroke()" << pen;
++    qDebug() << "QPaintEngineEx::stroke()" << inPen;
+ #endif
+ 
+     Q_D(QPaintEngineEx);
+@@ -415,15 +415,15 @@ void QPaintEngineEx::stroke(const QVecto
+             clipRect = xf.inverted().mapRect(QRectF(d->exDeviceRect));
+         }
+         // Check to avoid generating unwieldy amount of dashes that will not be visible anyway
+-        QRectF extentRect = cpRect & clipRect;
++        qreal pw = pen.widthF() ? pen.widthF() : 1;
++        QRectF extentRect = cpRect.adjusted(-pw, -pw, pw, pw) & clipRect;
+         qreal extent = qMax(extentRect.width(), extentRect.height());
+         qreal patternLength = 0;
+         const QVector<qreal> pattern = pen.dashPattern();
+         const int patternSize = qMin(pattern.size(), 32);
+         for (int i = 0; i < patternSize; i++)
+             patternLength += qMax(pattern.at(i), qreal(0));
+-        if (pen.widthF())
+-            patternLength *= pen.widthF();
++        patternLength *= pw;
+         if (qFuzzyIsNull(patternLength)) {
+             pen.setStyle(Qt::NoPen);
+         } else if (extent / patternLength > 10000) {
diff --git a/debian/patches/series b/debian/patches/series
index b062121..fd21d43 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,6 +8,7 @@ full_width_selection_rtl.diff
 xcb_add_a_timeout_control_when_reading_INCR_property.diff
 fix_recursion_crash.diff
 mysql_field_readonly.diff
+CVE-2021-38593.diff
 openssl3.diff
 CVE-2022-25255.diff
 moc_handle_include.diff

