Fix CVE-2024-56732 for qtbase.

microsoft · Jan 15, 2025 · d4091c5 · d4091c5
1 parent 97f9494
commit d4091c5
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 1 deletion.
diff --git a/SPECS/qtbase/CVE-2024-56732.patch b/SPECS/qtbase/CVE-2024-56732.patch
@@ -0,0 +1,58 @@
+From 1767f99e2e2196c3fcae27db6d8b60098d3f6d26 Mon Sep 17 00:00:00 2001
+From: Behdad Esfahbod <[email protected]>
+Date: Sun, 10 Nov 2024 22:43:28 -0700
+Subject: [PATCH] [cairo] Guard hb_cairo_glyphs_from_buffer() against bad UTF-8
+
+Previously it was assuming valid UTF-8.
+---
+ src/3rdparty/harfbuzz-ng/src/hb-cairo.cc | 2 ++
+ src/3rdparty/harfbuzz-ng/src/hb-utf.hh   | 6 ++++--
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/3rdparty/harfbuzz-ng/src/hb-cairo.cc b/src/3rdparty/harfbuzz-ng/src/hb-cairo.cc
+index d8b582c4908..4d22ae059ff 100644
+--- a/src/3rdparty/harfbuzz-ng/src/hb-cairo.cc
++++ b/src/3rdparty/harfbuzz-ng/src/hb-cairo.cc
+@@ -1000,6 +1000,7 @@ hb_cairo_glyphs_from_buffer (hb_buffer_t *buffer,
+ 	    end = start + hb_glyph[i].cluster - hb_glyph[i+1].cluster;
+ 	  else
+ 	    end = (const char *) hb_utf_offset_to_pointer<hb_utf8_t> ((const uint8_t *) start,
++								      (const uint8_t *) utf8, utf8_len,
+ 								      (signed) (hb_glyph[i].cluster - hb_glyph[i+1].cluster));
+ 	  (*clusters)[cluster].num_bytes = end - start;
+ 	  start = end;
+@@ -1020,6 +1021,7 @@ hb_cairo_glyphs_from_buffer (hb_buffer_t *buffer,
+ 	    end = start + hb_glyph[i].cluster - hb_glyph[i-1].cluster;
+ 	  else
+ 	    end = (const char *) hb_utf_offset_to_pointer<hb_utf8_t> ((const uint8_t *) start,
++								      (const uint8_t *) utf8, utf8_len,
+ 								      (signed) (hb_glyph[i].cluster - hb_glyph[i-1].cluster));
+ 	  (*clusters)[cluster].num_bytes = end - start;
+ 	  start = end;
+diff --git a/src/3rdparty/harfbuzz-ng/src/hb-utf.hh b/src/3rdparty/harfbuzz-ng/src/hb-utf.hh
+index 1120bd1cccf..6db9bf2fd79 100644
+--- a/src/3rdparty/harfbuzz-ng/src/hb-utf.hh
++++ b/src/3rdparty/harfbuzz-ng/src/hb-utf.hh
+@@ -458,19 +458,21 @@ struct hb_ascii_t
+ template <typename utf_t>
+ static inline const typename utf_t::codepoint_t *
+ hb_utf_offset_to_pointer (const typename utf_t::codepoint_t *start,
++			  const typename utf_t::codepoint_t *text,
++			  unsigned text_len,
+ 			  signed offset)
+ {
+   hb_codepoint_t unicode;
+
+   while (offset-- > 0)
+     start = utf_t::next (start,
+-			 start + utf_t::max_len,
++			 text + text_len,
+ 			 &unicode,
+ 			 HB_BUFFER_REPLACEMENT_CODEPOINT_DEFAULT);
+
+   while (offset++ < 0)
+     start = utf_t::prev (start,
+-			 start - utf_t::max_len,
++			 text,
+ 			 &unicode,
+ 			 HB_BUFFER_REPLACEMENT_CODEPOINT_DEFAULT);
diff --git a/SPECS/qtbase/qtbase.spec b/SPECS/qtbase/qtbase.spec
@@ -35,14 +35,15 @@
 Name:         qtbase
 Summary:      Qt6 - QtBase components
 Version:      6.6.2
-Release:      1%{?dist}
+Release:      2%{?dist}
 # See LICENSE.GPL3-EXCEPT.txt, for exception details
 License:      GFDL AND LGPLv3 AND GPLv2 AND GPLv3 with exceptions AND QT License Agreement 4.0
 Vendor:       Microsoft Corporation
 Distribution:   Azure Linux
 URL:          https://qt-project.org/
 %global       majmin %(echo %{version} | cut -d. -f1-2)
 Source0:      https://download.qt.io/archive/qt/%{majmin}/%{version}/submodules/%{qt_module}-everywhere-src-%{version}.tar.xz
+Patch0:       CVE-2024-56732.patch
 
 BuildRequires: build-essential
 BuildRequires: systemd
@@ -700,6 +701,9 @@ fi
 %{_qt_plugindir}/platformthemes/libqxdgdesktopportal.so
 
 %changelog
+* Wed Jan 15 2025 Lanze Liu <[email protected]> - 6.6.2-2
+- Added a patch for addressing CVE-2024-56732
+
 * Fri May 17 2024 Neha Agarwal <[email protected]> - 6.6.2-1
 - Upgrade to version 6.6.2 to fix CVE-2023-51714