From e748ba9741f6540f4675c23e3e37b73e822c13a4 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Mon, 31 May 2021 20:59:14 +0100
Subject: gentoo resync : 31.05.2021

---
 ...o-extras-20.12.3-thumbnail-check-shm-size.patch | 44 ++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 kde-apps/kio-extras/files/kio-extras-20.12.3-thumbnail-check-shm-size.patch

(limited to 'kde-apps/kio-extras/files')

diff --git a/kde-apps/kio-extras/files/kio-extras-20.12.3-thumbnail-check-shm-size.patch b/kde-apps/kio-extras/files/kio-extras-20.12.3-thumbnail-check-shm-size.patch
new file mode 100644
index 000000000000..ef53e0fc3f69
--- /dev/null
+++ b/kde-apps/kio-extras/files/kio-extras-20.12.3-thumbnail-check-shm-size.patch
@@ -0,0 +1,44 @@
+From a288a7ba4283b2102a4602aa105072f33bc25645 Mon Sep 17 00:00:00 2001
+From: Fabian Vogt <fabian@ritter-vogt.de>
+Date: Tue, 4 May 2021 20:52:59 +0200
+Subject: [PATCH] thumbnail: Check shm size before writing to it
+
+The SHM is created by the application, which might've done a different size
+calculation. Verify that the data fits instead of writing past the end and
+crashing.
+
+CCBUG: 430862
+
+
+(cherry picked from commit 112b67ae7895bdc4f32d851c09a4d6baecbb6666)
+---
+ thumbnail/thumbnail.cpp | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/thumbnail/thumbnail.cpp b/thumbnail/thumbnail.cpp
+index 6b133323..afdb088e 100644
+--- a/thumbnail/thumbnail.cpp
++++ b/thumbnail/thumbnail.cpp
+@@ -288,14 +288,15 @@ void ThumbnailProtocol::get(const QUrl &url)
+             error(KIO::ERR_INTERNAL, i18n("Failed to attach to shared memory segment %1", shmid));
+             return;
+         }
+-        if (img.width() * img.height() > m_width * m_height) {
++        if( img.format() != QImage::Format_ARGB32 ) { // KIO::PreviewJob and this code below completely ignores colortable :-/,
++            img = img.convertToFormat(QImage::Format_ARGB32); //  so make sure there is none
++        }
++        struct shmid_ds shmStat;
++        if (shmctl(shmid.toInt(), IPC_STAT, &shmStat) == -1 || shmStat.shm_segsz < img.sizeInBytes()) {
+             error(KIO::ERR_INTERNAL, i18n("Image is too big for the shared memory segment"));
+             shmdt((char*)shmaddr);
+             return;
+         }
+-        if( img.format() != QImage::Format_ARGB32 ) { // KIO::PreviewJob and this code below completely ignores colortable :-/,
+-            img = img.convertToFormat(QImage::Format_ARGB32); //  so make sure there is none
+-        }
+         // Keep in sync with kdelibs/kio/kio/previewjob.cpp
+         stream << img.width() << img.height() << quint8(img.format());
+         memcpy(shmaddr, img.bits(), img.sizeInBytes());
+-- 
+GitLab
+
-- 
cgit v1.2.3