[neon/qt/qtsvg/Neon/release] debian: Backport upstream commit to reject oversize SVGs as corrupt.

Dmitry Shachnev null at kde.org
Thu May 5 13:13:22 BST 2022 

Git commit feb3d86dc8bbac2af8995466d758922210771632 by Dmitry Shachnev.
Committed on 09/01/2022 at 13:07.
Pushed by jriddell into branch 'Neon/release'.

Backport upstream commit to reject oversize SVGs as corrupt.

M  +1    -0    debian/changelog
A  +16   -0    debian/patches/reject_oversize_svgs.diff
M  +1    -0    debian/patches/series

https://invent.kde.org/neon/qt/qtsvg/commit/feb3d86dc8bbac2af8995466d758922210771632

diff --git a/debian/changelog b/debian/changelog
index 13b2b86..b1830e8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ qtsvg-opensource-src (5.15.2-4) UNRELEASED; urgency=medium
   [ Dmitry Shachnev ]
   * Backport upstream commit to do stricter error checking when parsing path
     nodes (CVE-2021-45930, closes: #1002991).
+  * Backport upstream commit to reject oversize SVGs as corrupt.
 
  -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>  Fri, 07 Jan 2022 22:42:55 +0300
 
diff --git a/debian/patches/reject_oversize_svgs.diff b/debian/patches/reject_oversize_svgs.diff
new file mode 100644
index 0000000..e419bb0
--- /dev/null
+++ b/debian/patches/reject_oversize_svgs.diff
@@ -0,0 +1,16 @@
+Description: SVG Image reading: Reject oversize svgs as corrupt
+ Add an upper limit for height and width at 0xffff, same as jpeg.
+Origin: upstream, https://code.qt.io/cgit/qt/qtsvg.git/commit/?id=e544d8e457d52b54
+Last-Update: 2022-01-09
+
+--- a/src/plugins/imageformats/svg/qsvgiohandler.cpp
++++ b/src/plugins/imageformats/svg/qsvgiohandler.cpp
+@@ -177,6 +177,8 @@ bool QSvgIOHandler::read(QImage *image)
+             }
+         }
+         if (!finalSize.isEmpty()) {
++            if (qMax(finalSize.width(), finalSize.height()) > 0xffff)
++                return false; // Assume corrupted file
+             image->fill(d->backColor.rgba());
+             QPainter p(image);
+             d->r.render(&p, bounds);
diff --git a/debian/patches/series b/debian/patches/series
index 3621503..dccecd7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
 CVE-2021-3481.diff
 CVE-2021-45930.diff
+reject_oversize_svgs.diff

More information about the Neon-commits mailing list