summaryrefslogtreecommitdiff
path: root/user/qt5-qtbase/CVE-2020-0570.patch
blob: dcf507c0d24b4833369f4a1fd5c0d3c98a26798f (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
From e6f1fde24f77f63fb16b2df239f82a89d2bf05dd Mon Sep 17 00:00:00 2001
From: Thiago Macieira <thiago.macieira@intel.com>
Date: Fri, 10 Jan 2020 09:26:27 -0800
Subject: QLibrary/Unix: do not attempt to load a library relative to $PWD

I added the code in commit 5219c37f7c98f37f078fee00fe8ca35d83ff4f5d to
find libraries in a haswell/ subdir of the main path, but we only need
to do that transformation if the library is contains at least one
directory seprator. That is, if the user asks to load "lib/foo", then we
should try "lib/haswell/foo" (often, the path prefix will be absolute).

When the library name the user requested has no directory separators, we
let dlopen() do the transformation for us. Testing on Linux confirms
glibc does so:

$ LD_DEBUG=libs /lib64/ld-linux-x86-64.so.2 --inhibit-cache ./qml -help |& grep Xcursor
   1972475:     find library=libXcursor.so.1 [0]; searching
   1972475:       trying file=/usr/lib64/haswell/avx512_1/libXcursor.so.1
   1972475:       trying file=/usr/lib64/haswell/libXcursor.so.1
   1972475:       trying file=/usr/lib64/libXcursor.so.1
   1972475:     calling init: /usr/lib64/libXcursor.so.1
   1972475:     calling fini: /usr/lib64/libXcursor.so.1 [0]

Fixes: QTBUG-81272
Change-Id: I596aec77785a4e4e84d5fffd15e89689bb91ffbb
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
---
 src/corelib/plugin/qlibrary_unix.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/corelib/plugin/qlibrary_unix.cpp b/src/corelib/plugin/qlibrary_unix.cpp
index f0de1010d7..135b82cd37 100644
--- a/src/corelib/plugin/qlibrary_unix.cpp
+++ b/src/corelib/plugin/qlibrary_unix.cpp
@@ -1,7 +1,7 @@
 /****************************************************************************
 **
 ** Copyright (C) 2016 The Qt Company Ltd.
-** Copyright (C) 2018 Intel Corporation
+** Copyright (C) 2020 Intel Corporation
 ** Contact: https://www.qt.io/licensing/
 **
 ** This file is part of the QtCore module of the Qt Toolkit.
@@ -218,6 +218,8 @@ bool QLibraryPrivate::load_sys()
         for(int suffix = 0; retry && !pHnd && suffix < suffixes.size(); suffix++) {
             if (!prefixes.at(prefix).isEmpty() && name.startsWith(prefixes.at(prefix)))
                 continue;
+            if (path.isEmpty() && prefixes.at(prefix).contains(QLatin1Char('/')))
+                continue;
             if (!suffixes.at(suffix).isEmpty() && name.endsWith(suffixes.at(suffix)))
                 continue;
             if (loadHints & QLibrary::LoadArchiveMemberHint) {
-- 
cgit v1.2.1