Merge pull request #57526 from xantoz/qtwebengine-fix-CVE-2019-5785

qt512: patch qtwebengine against CVE-2019-5786
This commit is contained in:
Andreas Rammhold 2019-03-14 13:56:22 +01:00 committed by GitHub
commit a050cb9dc9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 1 deletions

View File

@ -60,7 +60,10 @@ let
qtdeclarative = [ ./qtdeclarative.patch ];
qtscript = [ ./qtscript.patch ];
qtserialport = [ ./qtserialport.patch ];
qtwebengine = [ ./qtwebengine-no-build-skip.patch ];
qtwebengine = [
./qtwebengine-no-build-skip.patch
./qtwebengine-CVE-2019-5786.patch
];
qtwebkit = [ ./qtwebkit.patch ]
++ optionals stdenv.isDarwin [
./qtwebkit-darwin-no-readline.patch

View File

@ -0,0 +1,26 @@
--- a/src/3rdparty/chromium/third_party/blink/renderer/core/fileapi/file_reader_loader.cc
+++ b/src/3rdparty/chromium/third_party/blink/renderer/core/fileapi/file_reader_loader.cc
@@ -135,14 +135,16 @@
if (!raw_data_ || error_code_)
return nullptr;
- DOMArrayBuffer* result = DOMArrayBuffer::Create(raw_data_->ToArrayBuffer());
- if (finished_loading_) {
- array_buffer_result_ = result;
- AdjustReportedMemoryUsageToV8(
- -1 * static_cast<int64_t>(raw_data_->ByteLength()));
- raw_data_.reset();
+ if (!finished_loading_) {
+ return DOMArrayBuffer::Create(
+ ArrayBuffer::Create(raw_data_->Data(), raw_data_->ByteLength()));
}
- return result;
+ array_buffer_result_ = DOMArrayBuffer::Create(raw_data_->ToArrayBuffer());
+ AdjustReportedMemoryUsageToV8(-1 *
+ static_cast<int64_t>(raw_data_->ByteLength()));
+
+ raw_data_.reset();
+ return array_buffer_result_;
}
String FileReaderLoader::StringResult() {