diff --git a/Fix-use-after-free-bug.patch b/Fix-use-after-free-bug.patch new file mode 100644 index 0000000..36d7dff --- /dev/null +++ b/Fix-use-after-free-bug.patch @@ -0,0 +1,37 @@ +From: Gatis Paeglis +Date: Wed, 07 Jan 2015 13:50:41 +0000 +Subject: Fix use-after-free bug +X-Git-Url: http://quickgit.kde.org/?p=qt%2Fqtbase.git&a=commitdiff&h=d40b66a8ef98777c69ac293dac9a332f88832c23 +--- +Fix use-after-free bug + +xcb_image_destroy() calls free on m_xcb_image +and then few lines down we access member of +m_xcb_image. Swap order of these two actions. + +Change-Id: I01fb43a066459cce462df6af22161c35cef524eb +Task-number: QTBUG-43623 +Reviewed-by: Shawn Rutledge +--- + + +--- a/src/plugins/platforms/xcb/qxcbbackingstore.cpp ++++ b/src/plugins/platforms/xcb/qxcbbackingstore.cpp +@@ -145,8 +145,6 @@ + if (segmentSize && m_shm_info.shmaddr) + Q_XCB_CALL(xcb_shm_detach(xcb_connection(), m_shm_info.shmseg)); + +- xcb_image_destroy(m_xcb_image); +- + if (segmentSize) { + if (m_shm_info.shmaddr) { + shmdt(m_shm_info.shmaddr); +@@ -155,6 +153,8 @@ + free(m_xcb_image->data); + } + } ++ ++ xcb_image_destroy(m_xcb_image); + + if (m_gc) + Q_XCB_CALL(xcb_free_gc(xcb_connection(), m_gc)); diff --git a/libqt5-qtbase.changes b/libqt5-qtbase.changes index 0f6149e..ece21fd 100644 --- a/libqt5-qtbase.changes +++ b/libqt5-qtbase.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Jan 12 16:33:18 UTC 2015 - hrvoje.senjan@gmail.com + +- Added Fix-use-after-free-bug.patch from upstream + (qtbug#43623, boo#870151) + ------------------------------------------------------------------- Thu Dec 25 10:37:17 UTC 2014 - schwab@suse.de diff --git a/libqt5-qtbase.spec b/libqt5-qtbase.spec index 64a08a7..504b587 100644 --- a/libqt5-qtbase.spec +++ b/libqt5-qtbase.spec @@ -1,7 +1,7 @@ # # spec file for package libqt5-qtbase # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -62,6 +62,8 @@ Patch6: QTBUG41590.patch Patch2000: Handle-SelectionClientClose-in-QXcbClipboard.patch # PATCH-FIX-UPSTREAM qimage_conversions.cpp: Fix build on big endian systems Patch2001: qimage_conversions.cpp-Fix-build-on-big-endian-syste.patch +# PATCH-FIX-UPSTREAM Fix-use-after-free-bug.patch +Patch2002: Fix-use-after-free-bug.patch BuildRequires: alsa-devel BuildRequires: cups-devel BuildRequires: fdupes @@ -150,6 +152,7 @@ handling. %patch6 -p1 %patch2000 -p1 %patch2001 -p1 +%patch2002 -p1 # be sure not to use them rm -r src/3rdparty/{libjpeg,freetype,libpng,zlib}