SOURCES: 0082-fix-qdatetime-fromstring.diff (NEW), 0083-CVE-2007-4...

Sat Sep 15 12:20:51 CEST 2007

Author: adamg                        Date: Sat Sep 15 10:20:51 2007 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- new

---- Files affected:
SOURCES:
   0082-fix-qdatetime-fromstring.diff (NONE -> 1.1)  (NEW), 0083-CVE-2007-4137.diff (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/0082-fix-qdatetime-fromstring.diff
diff -u /dev/null SOURCES/0082-fix-qdatetime-fromstring.diff:1.1

--- /dev/null	Sat Sep 15 12:20:51 2007
+++ SOURCES/0082-fix-qdatetime-fromstring.diff	Sat Sep 15 12:20:46 2007
@@ -0,0 +1,20 @@
+qt-bugs@ issue : 153183
+bugs.kde.org number : 
+applied: yes
+author: woebbeking at kde.org
+
+In Qt 3.3.8 QDateTime::fromString() has an off by one regression:
+- Thu Mar  3 19:45:58 2005 -> invalid QDateTime
+- Thu Mar 13 19:45:58 2005 -> Mar 1 2005
+ 
+--- src/tools/qdatetime.cpp
++++ src/tools/qdatetime.cpp
+@@ -2485,7 +2485,7 @@
+ 	    return dt;
+ 	}
+ #endif
+-	int day = s.mid( firstSpace + 4, 2 ).simplifyWhiteSpace().toInt();
++	int day = s.mid( firstSpace + 5, 2 ).simplifyWhiteSpace().toInt();
+ 	int year = s.right( 4 ).toInt();
+ 	QDate date( year, month, day );
+ 	QTime time;

================================================================
Index: SOURCES/0083-CVE-2007-4137.diff
diff -u /dev/null SOURCES/0083-CVE-2007-4137.diff:1.1
--- /dev/null	Sat Sep 15 12:20:51 2007
+++ SOURCES/0083-CVE-2007-4137.diff	Sat Sep 15 12:20:46 2007
@@ -0,0 +1,19 @@
+qt-bugs@ issue : N175791
+bugs.kde.org number :
+applied: no
+author: mueller at kde.org
+
+fixes an off-by-one buffer overflow in the utf8 decoder
+
+
+--- src/codecs/qutfcodec.cpp
++++ src/codecs/qutfcodec.cpp
+@@ -164,7 +164,7 @@ public:
+     QString toUnicode(const char* chars, int len)
+     {
+ 	QString result;
+-	result.setLength( len ); // worst case
++	result.setLength( len + 1 ); // worst case
+ 	QChar *qch = (QChar *)result.unicode();
+ 	uchar ch;
+ 	for (int i=0; i<len; i++) {
================================================================
