SOURCES: 0082-fix-qdatetime-fromstring.diff (NEW), 0083-CVE-2007-4...
adamg
adamg at pld-linux.org
Sat Sep 15 12:20:51 CEST 2007
Author: adamg Date: Sat Sep 15 10:20:51 2007 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- new
---- Files affected:
SOURCES:
0082-fix-qdatetime-fromstring.diff (NONE -> 1.1) (NEW), 0083-CVE-2007-4137.diff (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/0082-fix-qdatetime-fromstring.diff
diff -u /dev/null SOURCES/0082-fix-qdatetime-fromstring.diff:1.1
--- /dev/null Sat Sep 15 12:20:51 2007
+++ SOURCES/0082-fix-qdatetime-fromstring.diff Sat Sep 15 12:20:46 2007
@@ -0,0 +1,20 @@
+qt-bugs@ issue : 153183
+bugs.kde.org number :
+applied: yes
+author: woebbeking at kde.org
+
+In Qt 3.3.8 QDateTime::fromString() has an off by one regression:
+- Thu Mar 3 19:45:58 2005 -> invalid QDateTime
+- Thu Mar 13 19:45:58 2005 -> Mar 1 2005
+
+--- src/tools/qdatetime.cpp
++++ src/tools/qdatetime.cpp
+@@ -2485,7 +2485,7 @@
+ return dt;
+ }
+ #endif
+- int day = s.mid( firstSpace + 4, 2 ).simplifyWhiteSpace().toInt();
++ int day = s.mid( firstSpace + 5, 2 ).simplifyWhiteSpace().toInt();
+ int year = s.right( 4 ).toInt();
+ QDate date( year, month, day );
+ QTime time;
================================================================
Index: SOURCES/0083-CVE-2007-4137.diff
diff -u /dev/null SOURCES/0083-CVE-2007-4137.diff:1.1
--- /dev/null Sat Sep 15 12:20:51 2007
+++ SOURCES/0083-CVE-2007-4137.diff Sat Sep 15 12:20:46 2007
@@ -0,0 +1,19 @@
+qt-bugs@ issue : N175791
+bugs.kde.org number :
+applied: no
+author: mueller at kde.org
+
+fixes an off-by-one buffer overflow in the utf8 decoder
+
+
+--- src/codecs/qutfcodec.cpp
++++ src/codecs/qutfcodec.cpp
+@@ -164,7 +164,7 @@ public:
+ QString toUnicode(const char* chars, int len)
+ {
+ QString result;
+- result.setLength( len ); // worst case
++ result.setLength( len + 1 ); // worst case
+ QChar *qch = (QChar *)result.unicode();
+ uchar ch;
+ for (int i=0; i<len; i++) {
================================================================
More information about the pld-cvs-commit
mailing list