Page MenuHome GnuPG
Files F26445957

No OneTemporary
Actions

View Options

diff --git a/Makefile.am b/Makefile.am
index 8c7608a3..34e72c74 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,146 +1,151 @@
# Makefile.am - Installer for GnuPG 4 Windows Makefile.
# Copyright (C) 2005, 2008, 2012 g10 Code GmbH
#
# This file is part of GPG4Win.
#
# GPG4Win is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# GPG4Win is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
ACLOCAL_AMFLAGS = -I m4
AUTOMAKE_OPTIONS = dist-xz no-dist-gzip
DISTCHECK_CONFIGURE_FLAGS = --host=i686-w64-mingw32
if BUILD_GPG4WIN
po = po
else
po =
endif
if BUILD_GPG4WIN
doc = doc
else
doc =
endif
SUBDIRS = ${po} packages ${doc} src
# find patches -type f | sort | sed 's/$/ \\/' | sed 's/^/ /'
# find patches-appimage -type f | sort | sed 's/$/ \\/' | sed 's/^/ /'
EXTRA_DIST = autogen.rc autogen.sh README.GIT ONEWS \
doc/license-page doc/GPLv3 \
build-aux/git-log-footer build-aux/git-log-fix \
docker/appimage/Dockerfile \
docker/build-appimage-docker-image.sh \
docker/build-gpg4win-docker-image.sh \
docker/gpg4win-bullseye/Dockerfile \
docker/run-appimage-build.sh \
docker/run-gpg4win-build.sh \
patches/breeze-icons/subset-crossbuild.patch \
patches/breeze-icons/add-the-nose.patch \
patches/extra-cmake-modules/0001-Use-BIN_INSTALL_DIR-data-for-DATAROOTDIR-on-Windows.patch \
patches/kconfig/0001-Read-defaults-from-Windows-registry.patch \
patches/kconfigwidgets/0001-Fix-crash-on-exit-on-Windows.patch \
patches/kconfigwidgets/0001-Make-QDbus-optional.patch \
patches/kiconthemes/0001-Make-DBus-optional.patch \
patches/kiconthemes/dark-mode-detection.patch \
patches/kleopatra/set-windows-registry.patch \
patches/kleopatra/0001-Make-KCMUtils-optional.patch \
patches/kleopatra/0001-DRAFT-Rework-aboutdata-to-use-a-settings-file.patch \
patches/kwidgetsaddons/0001-Set-the-modes-on-the-date-picker.patch \
patches/kwidgetsaddons/0002-Remove-No-date-option-from-date-picker-popup-used-by.patch \
patches/kxmlgui/0001-make-qdbus-optional.patch \
patches/kxmlgui/0004-Cruedly-disable-KSendbugmail.patch \
patches/libical/workaround-weird-mingw-10.0.0-issue.patch \
- patches/qtbase/0001-Fix-build-without-std-thread.patch \
+ patches/qtsvg/CVE-2023-32573-qtsvg-5.15.patch \
patches/qtbase/0001-Gpg4win-qstandardpaths-patch.patch \
patches/qtbase/0002-Gpg4win-theme-names-and-relpaths.patch \
- patches/qtsvg/CVE-2023-32573-qtsvg-5.15.patch \
- patches/qtbase/CVE-2023-32763-qtbase-5.15.diff \
+ patches/qtbase/add-kleopatras-mime-types.patch \
+ patches/qtbase/CVE-2023-32763-qtbase-5.15.patch \
+ patches/qtbase/CVE-2023-37369-qtbase-5.15.patch \
+ patches/qtbase/CVE-2023-43114-5.15.patch \
patches/qttools/disable-most-tools.patch \
patches/kcoreaddons/0001-Fix-MINGW-build.patch \
patches/kcoreaddons/0001-Add-KAboutData-updateFromSettings.patch \
patches/kcoreaddons/0002-Draft-Add-KVerify-class-to-verify-files.patch \
patches/ki18n/0001-Undef-snprintf-for-windows.patch \
patches/kio/0001-WIP-Remove-dependency-to-dbus.patch \
patches/kio/FileManagerWindowJob.patch \
patches/okular/lower-cmake-requirement.patch \
patches/okular/0001-Add-GnuPG-specific-manifest-to-okular.patch \
patches/okular/0001-Draft-add-support-to-customize-about-data.patch \
patches/kparts/0001-Apply-implicit-android-DBUS-fix-for-Win.patch \
patches/kparts/disable-jobuidelegate.patch \
patches/sonnet/0001-W32-Force-ispellchecker-for-sonnet.patch \
patches/jpeg/fix-redefine.patch \
patches-appimage/kleopatra/0001-Make-KCMUtils-optional.patch \
patches-appimage/kleopatra/0001-DRAFT-Rework-aboutdata-to-use-a-settings-file.patch \
patches-appimage/libkleo/gpg4win-check.patch \
patches-appimage/okular/0001-Make-KF5Pty-dependency-optional.patch \
patches-appimage/okular/0001-Draft-add-support-to-customize-about-data.patch \
patches-appimage/okular/lower-cmake-requirement.patch \
patches-appimage/poppler/fix-gpg-error-include.patch \
- patches-appimage/qtbase/CVE-2023-32763-qtbase-5.15.diff \
+ patches-appimage/qtbase/CVE-2023-32763-qtbase-5.15.patch \
+ patches-appimage/qtbase/CVE-2023-37369-qtbase-5.15.patch \
+ patches-appimage/qtbase/CVE-2023-43114-5.15.patch \
+ patches-appimage/qtbase/add-kleopatras-mime-types.patch \
patches-appimage/qtsvg/CVE-2023-32573-qtsvg-5.15.patch \
patches-appimage/qtwayland-5.15.0/00-disable-wayland-server.patch \
patches-appimage/kcoreaddons/0001-Fix-MINGW-build.patch \
patches-appimage/kcoreaddons/0001-Add-KAboutData-updateFromSettings.patch \
patches-appimage/kcoreaddons/0002-Draft-Add-KVerify-class-to-verify-files.patch
copy-news:
cp NEWS doc/website/NEWS.last
copy-release: gpg4win-$(VERSION).tar.bz2 installers/gpg4win-$(VERSION).exe \
installers/gpg4win-light-$(VERSION).exe \
installers/gpg4win-vanilla-$(VERSION).exe
@echo Copying $(VERSION) to $(RELEASEHOST) >&2
@set -e;\
if ssh "$$(echo $(RELEASEHOST)|cut -d: -f -1)" \
test -f "$$(echo $(RELEASEHOST)/gpg4win-$(VERSION).exe|cut -d: -f2-)";\
then echo "This release has already been copied to the server" >&2 ;\
else scp gpg4win-$(VERSION).tar.bz2 \
installers/gpg4win-$(VERSION).exe \
installers/gpg4win-light-$(VERSION).exe \
installers/gpg4win-vanilla-$(VERSION).exe \
installers/gpg4win-src-$(VERSION).exe $(RELEASEHOST)/ ;\
for f in en de ; do \
scp src/README.$$f.txt \
$(RELEASEHOST)/README-$(VERSION).$$f.txt; \
done;\
fi
dist-hook: gen-ChangeLog
gen_start_date = 2012-03-26T00:00:00
.PHONY: gen-ChangeLog
gen-ChangeLog:
set -e; \
if test -d $(top_srcdir)/.git; then \
(cd $(top_srcdir) && \
$(GITLOG_TO_CHANGELOG) --append-dot --tear-off \
--amend=build-aux/git-log-fix \
--since=$(gen_start_date) ) > $(distdir)/cl-t; \
cat $(top_srcdir)/build-aux/git-log-footer >> $(distdir)/cl-t;\
rm -f $(distdir)/ChangeLog; \
mv $(distdir)/cl-t $(distdir)/ChangeLog; \
fi
download: packages/packages.common packages/packages.4 packages/packages.3
(cd packages; ./download.sh)
msi:
$(MAKE) $(AM_MAKEFLAGS) -C src msi
msi-signed:
$(MAKE) $(AM_MAKEFLAGS) -C src msi-signed
msi-upload:
$(MAKE) $(AM_MAKEFLAGS) -C src msi-upload
diff --git a/patches-appimage/qtbase b/patches-appimage/qtbase
new file mode 120000
index 00000000..6180c688
--- /dev/null
+++ b/patches-appimage/qtbase
@@ -0,0 +1 @@
+../patches/qtbase
\ No newline at end of file
diff --git a/patches/qtbase/0001-Fix-build-without-std-thread.patch b/patches/qtbase/0001-Fix-build-without-std-thread.patch
deleted file mode 100755
index e39b88ad..00000000
--- a/patches/qtbase/0001-Fix-build-without-std-thread.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-#! /bin/sh
-patch -p1 -f -l $* < $0
-exit $?
-
-From af43ceb86ff8f762f30824ec779e200680e21914 Mon Sep 17 00:00:00 2001
-From: Andre Heinecke <aheinecke@gnupg.org>
-Date: Wed, 22 Jul 2020 15:27:33 +0200
-Subject: [PATCH] Fix build without std::thread
-
----
- src/corelib/thread/qwaitcondition_p.h | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/src/corelib/thread/qwaitcondition_p.h b/src/corelib/thread/qwaitcondition_p.h
-index 5133e52e..d86ab804 100644
---- a/src/corelib/thread/qwaitcondition_p.h
-+++ b/src/corelib/thread/qwaitcondition_p.h
-@@ -58,12 +58,21 @@
- #include <condition_variable>
- #include <mutex>
-
-+#if !QT_CONFIG(cxx11_future)
-+namespace std {
-+enum class cv_status {
-+ no_timeout,
-+ timeout
-+};
-+}
-+#endif
-+
- QT_BEGIN_NAMESPACE
-
- namespace QtPrivate
- {
-
--#if defined(Q_OS_INTEGRITY)
-+#if defined(Q_OS_INTEGRITY) || defined(Q_OS_WIN)
-
- class condition_variable;
-
---
-2.20.1
diff --git a/patches/qtbase/CVE-2023-32763-qtbase-5.15.diff b/patches/qtbase/CVE-2023-32763-qtbase-5.15.diff
deleted file mode 100755
index daa14c33..00000000
--- a/patches/qtbase/CVE-2023-32763-qtbase-5.15.diff
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/bin/sh
-patch -p1 -f $* < $0
-exit $?
-
---- a/src/gui/painting/qfixed_p.h
-+++ b/src/gui/painting/qfixed_p.h
-@@ -54,6 +54,7 @@
- #include <QtGui/private/qtguiglobal_p.h>
- #include "QtCore/qdebug.h"
- #include "QtCore/qpoint.h"
-+#include <QtCore/private/qnumeric_p.h>
- #include "QtCore/qsize.h"
-
- QT_BEGIN_NAMESPACE
-@@ -182,6 +183,14 @@ Q_DECL_CONSTEXPR inline bool operator<(int i, const QFixed &f) { return i * 64 <
- Q_DECL_CONSTEXPR inline bool operator>(const QFixed &f, int i) { return f.value() > i * 64; }
- Q_DECL_CONSTEXPR inline bool operator>(int i, const QFixed &f) { return i * 64 > f.value(); }
-
-+inline bool qAddOverflow(QFixed v1, QFixed v2, QFixed *r)
-+{
-+ int val;
-+ bool result = add_overflow(v1.value(), v2.value(), &val);
-+ r->setValue(val);
-+ return result;
-+}
-+
- #ifndef QT_NO_DEBUG_STREAM
- inline QDebug &operator<<(QDebug &dbg, const QFixed &f)
- { return dbg << f.toReal(); }
-
-
---- a/src/gui/text/qtextlayout.cpp
-+++ b/src/gui/text/qtextlayout.cpp
-@@ -2163,11 +2163,14 @@ found:
- eng->maxWidth = qMax(eng->maxWidth, line.textWidth);
- } else {
- eng->minWidth = qMax(eng->minWidth, lbh.minw);
-- eng->maxWidth += line.textWidth;
-+ if (qAddOverflow(eng->maxWidth, line.textWidth, &eng->maxWidth))
-+ eng->maxWidth = QFIXED_MAX;
- }
-
-- if (line.textWidth > 0 && item < eng->layoutData->items.size())
-- eng->maxWidth += lbh.spaceData.textWidth;
-+ if (line.textWidth > 0 && item < eng->layoutData->items.size()) {
-+ if (qAddOverflow(eng->maxWidth, lbh.spaceData.textWidth, &eng->maxWidth))
-+ eng->maxWidth = QFIXED_MAX;
-+ }
-
- line.textWidth += trailingSpace;
- if (lbh.spaceData.length) {
diff --git a/patches-appimage/qtbase/CVE-2023-32763-qtbase-5.15.diff b/patches/qtbase/CVE-2023-32763-qtbase-5.15.patch
similarity index 100%
rename from patches-appimage/qtbase/CVE-2023-32763-qtbase-5.15.diff
rename to patches/qtbase/CVE-2023-32763-qtbase-5.15.patch
diff --git a/patches/qtbase/CVE-2023-37369-qtbase-5.15.patch b/patches/qtbase/CVE-2023-37369-qtbase-5.15.patch
new file mode 100755
index 00000000..3ab7f2df
--- /dev/null
+++ b/patches/qtbase/CVE-2023-37369-qtbase-5.15.patch
@@ -0,0 +1,207 @@
+#!/bin/sh
+patch -p1 -f $* < $0
+exit $?
+
+diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp
+index 7cd457ba3a..11d162cb79 100644
+--- a/src/corelib/serialization/qxmlstream.cpp
++++ b/src/corelib/serialization/qxmlstream.cpp
+@@ -1302,15 +1302,18 @@ inline int QXmlStreamReaderPrivate::fastScanContentCharList()
+ return n;
+ }
+
+-inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
++// Fast scan an XML attribute name (e.g. "xml:lang").
++inline QXmlStreamReaderPrivate::FastScanNameResult
++QXmlStreamReaderPrivate::fastScanName(Value *val)
+ {
+ int n = 0;
+ uint c;
+ while ((c = getChar()) != StreamEOF) {
+ if (n >= 4096) {
+ // This is too long to be a sensible name, and
+- // can exhaust memory
+- return 0;
++ // can exhaust memory, or the range of decltype(*prefix)
++ raiseNamePrefixTooLongError();
++ return {};
+ }
+ switch (c) {
+ case '\n':
+@@ -1339,23 +1342,23 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
+ case '+':
+ case '*':
+ putChar(c);
+- if (prefix && *prefix == n+1) {
+- *prefix = 0;
++ if (val && val->prefix == n + 1) {
++ val->prefix = 0;
+ putChar(':');
+ --n;
+ }
+- return n;
++ return FastScanNameResult(n);
+ case ':':
+- if (prefix) {
+- if (*prefix == 0) {
+- *prefix = n+2;
++ if (val) {
++ if (val->prefix == 0) {
++ val->prefix = n + 2;
+ } else { // only one colon allowed according to the namespace spec.
+ putChar(c);
+- return n;
++ return FastScanNameResult(n);
+ }
+ } else {
+ putChar(c);
+- return n;
++ return FastScanNameResult(n);
+ }
+ Q_FALLTHROUGH();
+ default:
+@@ -1364,12 +1367,12 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
+ }
+ }
+
+- if (prefix)
+- *prefix = 0;
++ if (val)
++ val->prefix = 0;
+ int pos = textBuffer.size() - n;
+ putString(textBuffer, pos);
+ textBuffer.resize(pos);
+- return 0;
++ return FastScanNameResult(0);
+ }
+
+ enum NameChar { NameBeginning, NameNotBeginning, NotName };
+@@ -1878,6 +1881,14 @@ void QXmlStreamReaderPrivate::raiseWellFormedError(const QString &message)
+ raiseError(QXmlStreamReader::NotWellFormedError, message);
+ }
+
++void QXmlStreamReaderPrivate::raiseNamePrefixTooLongError()
++{
++ // TODO: add a ImplementationLimitsExceededError and use it instead
++ raiseError(QXmlStreamReader::NotWellFormedError,
++ QXmlStream::tr("Length of XML attribute name exceeds implemnetation limits (4KiB "
++ "characters)."));
++}
++
+ void QXmlStreamReaderPrivate::parseError()
+ {
+
+diff --git a/src/corelib/serialization/qxmlstream.g b/src/corelib/serialization/qxmlstream.g
+index 4321fed68a..8c6a1a5887 100644
+--- a/src/corelib/serialization/qxmlstream.g
++++ b/src/corelib/serialization/qxmlstream.g
+@@ -516,7 +516,16 @@ public:
+ int fastScanLiteralContent();
+ int fastScanSpace();
+ int fastScanContentCharList();
+- int fastScanName(int *prefix = nullptr);
++
++ struct FastScanNameResult {
++ FastScanNameResult() : ok(false) {}
++ explicit FastScanNameResult(int len) : addToLen(len), ok(true) { }
++ operator bool() { return ok; }
++ int operator*() { Q_ASSERT(ok); return addToLen; }
++ int addToLen;
++ bool ok;
++ };
++ FastScanNameResult fastScanName(Value *val = nullptr);
+ inline int fastScanNMTOKEN();
+
+
+@@ -525,6 +534,7 @@ public:
+
+ void raiseError(QXmlStreamReader::Error error, const QString& message = QString());
+ void raiseWellFormedError(const QString &message);
++ void raiseNamePrefixTooLongError();
+
+ QXmlStreamEntityResolver *entityResolver;
+
+@@ -1811,7 +1821,12 @@ space_opt ::= space;
+ qname ::= LETTER;
+ /.
+ case $rule_number: {
+- sym(1).len += fastScanName(&sym(1).prefix);
++ Value &val = sym(1);
++ if (auto res = fastScanName(&val))
++ val.len += *res;
++ else
++ return false;
++
+ if (atEnd) {
+ resume($rule_number);
+ return false;
+@@ -1822,7 +1837,11 @@ qname ::= LETTER;
+ name ::= LETTER;
+ /.
+ case $rule_number:
+- sym(1).len += fastScanName();
++ if (auto res = fastScanName())
++ sym(1).len += *res;
++ else
++ return false;
++
+ if (atEnd) {
+ resume($rule_number);
+ return false;
+diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h
+index e5bde7b98e..b01484cac3 100644
+--- a/src/corelib/serialization/qxmlstream_p.h
++++ b/src/corelib/serialization/qxmlstream_p.h
+@@ -1005,7 +1005,16 @@ public:
+ int fastScanLiteralContent();
+ int fastScanSpace();
+ int fastScanContentCharList();
+- int fastScanName(int *prefix = nullptr);
++
++ struct FastScanNameResult {
++ FastScanNameResult() : ok(false) {}
++ explicit FastScanNameResult(int len) : addToLen(len), ok(true) { }
++ operator bool() { return ok; }
++ int operator*() { Q_ASSERT(ok); return addToLen; }
++ int addToLen;
++ bool ok;
++ };
++ FastScanNameResult fastScanName(Value *val = nullptr);
+ inline int fastScanNMTOKEN();
+
+
+@@ -1014,6 +1023,7 @@ public:
+
+ void raiseError(QXmlStreamReader::Error error, const QString& message = QString());
+ void raiseWellFormedError(const QString &message);
++ void raiseNamePrefixTooLongError();
+
+ QXmlStreamEntityResolver *entityResolver;
+
+@@ -1939,7 +1949,12 @@ bool QXmlStreamReaderPrivate::parse()
+ break;
+
+ case 262: {
+- sym(1).len += fastScanName(&sym(1).prefix);
++ Value &val = sym(1);
++ if (auto res = fastScanName(&val))
++ val.len += *res;
++ else
++ return false;
++
+ if (atEnd) {
+ resume(262);
+ return false;
+@@ -1947,7 +1962,11 @@ bool QXmlStreamReaderPrivate::parse()
+ } break;
+
+ case 263:
+- sym(1).len += fastScanName();
++ if (auto res = fastScanName())
++ sym(1).len += *res;
++ else
++ return false;
++
+ if (atEnd) {
+ resume(263);
+ return false;
diff --git a/patches/qtbase/CVE-2023-43114-5.15.patch b/patches/qtbase/CVE-2023-43114-5.15.patch
new file mode 100755
index 00000000..5d1f2010
--- /dev/null
+++ b/patches/qtbase/CVE-2023-43114-5.15.patch
@@ -0,0 +1,123 @@
+#!/bin/sh
+patch -p1 -f $* < $0
+exit $?
+
+diff --git a/src/platformsupport/fontdatabases/windows/qwindowsfontdatabase.cpp b/src/platformsupport/fontdatabases/windows/qwindowsfontdatabase.cpp
+index ba683cf686..217a968c64 100644
+--- a/src/platformsupport/fontdatabases/windows/qwindowsfontdatabase.cpp
++++ b/src/platformsupport/fontdatabases/windows/qwindowsfontdatabase.cpp
+@@ -1471,36 +1471,70 @@ QT_WARNING_POP
+ return fontEngine;
+ }
+
+-static QList<quint32> getTrueTypeFontOffsets(const uchar *fontData)
++static QList<quint32> getTrueTypeFontOffsets(const uchar *fontData, const uchar *fileEndSentinel)
+ {
+ QList<quint32> offsets;
+- const quint32 headerTag = *reinterpret_cast<const quint32 *>(fontData);
++ if (fileEndSentinel - fontData < 12) {
++ qCWarning(lcQpaFonts) << "Corrupted font data detected";
++ return offsets;
++ }
++
++ const quint32 headerTag = qFromUnaligned<quint32>(fontData);
+ if (headerTag != MAKE_TAG('t', 't', 'c', 'f')) {
+ if (headerTag != MAKE_TAG(0, 1, 0, 0)
+ && headerTag != MAKE_TAG('O', 'T', 'T', 'O')
+ && headerTag != MAKE_TAG('t', 'r', 'u', 'e')
+- && headerTag != MAKE_TAG('t', 'y', 'p', '1'))
++ && headerTag != MAKE_TAG('t', 'y', 'p', '1')) {
+ return offsets;
++ }
+ offsets << 0;
+ return offsets;
+ }
++
++ const quint32 maximumNumFonts = 0xffff;
+ const quint32 numFonts = qFromBigEndian<quint32>(fontData + 8);
+- for (uint i = 0; i < numFonts; ++i) {
+- offsets << qFromBigEndian<quint32>(fontData + 12 + i * 4);
++ if (numFonts > maximumNumFonts) {
++ qCWarning(lcQpaFonts) << "Font collection of" << numFonts << "fonts is too large. Aborting.";
++ return offsets;
+ }
++
++ if (quintptr(fileEndSentinel - fontData) > 12 + (numFonts - 1) * 4) {
++ for (quint32 i = 0; i < numFonts; ++i)
++ offsets << qFromBigEndian<quint32>(fontData + 12 + i * 4);
++ } else {
++ qCWarning(lcQpaFonts) << "Corrupted font data detected";
++ }
++
+ return offsets;
+ }
+
+-static void getFontTable(const uchar *fileBegin, const uchar *data, quint32 tag, const uchar **table, quint32 *length)
++static void getFontTable(const uchar *fileBegin, const uchar *fileEndSentinel, const uchar *data, quint32 tag, const uchar **table, quint32 *length)
+ {
+- const quint16 numTables = qFromBigEndian<quint16>(data + 4);
+- for (uint i = 0; i < numTables; ++i) {
+- const quint32 offset = 12 + 16 * i;
+- if (*reinterpret_cast<const quint32 *>(data + offset) == tag) {
+- *table = fileBegin + qFromBigEndian<quint32>(data + offset + 8);
+- *length = qFromBigEndian<quint32>(data + offset + 12);
+- return;
++ if (fileEndSentinel - data >= 6) {
++ const quint16 numTables = qFromBigEndian<quint16>(data + 4);
++ if (fileEndSentinel - data >= 28 + 16 * (numTables - 1)) {
++ for (quint32 i = 0; i < numTables; ++i) {
++ const quint32 offset = 12 + 16 * i;
++ if (qFromUnaligned<quint32>(data + offset) == tag) {
++ const quint32 tableOffset = qFromBigEndian<quint32>(data + offset + 8);
++ if (quintptr(fileEndSentinel - fileBegin) <= tableOffset) {
++ qCWarning(lcQpaFonts) << "Corrupted font data detected";
++ break;
++ }
++ *table = fileBegin + tableOffset;
++ *length = qFromBigEndian<quint32>(data + offset + 12);
++ if (quintptr(fileEndSentinel - *table) < *length) {
++ qCWarning(lcQpaFonts) << "Corrupted font data detected";
++ break;
++ }
++ return;
++ }
++ }
++ } else {
++ qCWarning(lcQpaFonts) << "Corrupted font data detected";
+ }
++ } else {
++ qCWarning(lcQpaFonts) << "Corrupted font data detected";
+ }
+ *table = 0;
+ *length = 0;
+@@ -1513,8 +1547,9 @@ static void getFamiliesAndSignatures(const QByteArray &fontData,
+ QVector<QFontValues> *values)
+ {
+ const uchar *data = reinterpret_cast<const uchar *>(fontData.constData());
++ const uchar *dataEndSentinel = data + fontData.size();
+
+- QList<quint32> offsets = getTrueTypeFontOffsets(data);
++ QList<quint32> offsets = getTrueTypeFontOffsets(data, dataEndSentinel);
+ if (offsets.isEmpty())
+ return;
+
+@@ -1522,7 +1557,7 @@ static void getFamiliesAndSignatures(const QByteArray &fontData,
+ const uchar *font = data + offsets.at(i);
+ const uchar *table;
+ quint32 length;
+- getFontTable(data, font, MAKE_TAG('n', 'a', 'm', 'e'), &table, &length);
++ getFontTable(data, dataEndSentinel, font, MAKE_TAG('n', 'a', 'm', 'e'), &table, &length);
+ if (!table)
+ continue;
+ QFontNames names = qt_getCanonicalFontNames(table, length);
+@@ -1532,7 +1567,7 @@ static void getFamiliesAndSignatures(const QByteArray &fontData,
+ families->append(std::move(names));
+
+ if (values || signatures)
+- getFontTable(data, font, MAKE_TAG('O', 'S', '/', '2'), &table, &length);
++ getFontTable(data, dataEndSentinel, font, MAKE_TAG('O', 'S', '/', '2'), &table, &length);
+
+ if (values) {
+ QFontValues fontValues;
+--
+2.27.0.windows.1

File Metadata

Mime Type
text/x-diff
Expires
Thu, Jul 17, 12:12 AM (12 h, 37 m)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
07/43/dad9eb72b28d4458859be15b40a2

Event Timeline