Update buildkey for GCC 5

[taken from RedHat Qt3 patches]
(cherry picked from commit 0d96f74958)

configure

@@ -2810,7 +2810,7 @@ case "$COMPILER" in
 g++*)
     # GNU C++
     QMAKE_CONF_COMPILER=`grep "QMAKE_CXX[^_A-Z0-9a-z]" $QMAKESPEC/qmake.conf | sed "s,.* *= *\(.*\)$,\1,"`
-    COMPILER_VERSION=`${QMAKE_CONF_COMPILER} --version 2>/dev/null | sed 's,^[^0-9]*,,g'`
+    COMPILER_VERSION=`${QMAKE_CONF_COMPILER} -dumpversion 2>/dev/null | sed 's,^[^0-9]*,,g'`
     case "$COMPILER_VERSION" in
     2.95.*)
 	COMPILER_VERSION="2.95.*"
@@ -2818,7 +2818,7 @@ g++*)
     3.*)
 	COMPILER_VERSION="3.*"
 	;;
-    4.*)
+    5.*|4.*)
 	COMPILER_VERSION="4.*"
 	;;
     *)

src/iconview/qiconview.cpp

@@ -2347,14 +2347,15 @@ void QIconViewItem::checkRect()
 
     When an item is inserted the QIconView allocates a position for it.
     Existing items are rearranged if autoArrange() is TRUE. The
-    default arrangement is \c LeftToRight -- the QIconView fills up
+    default arrangement is \c LeftToRight -- the QIconView fills
-    the \e left-most column from top to bottom, then moves one column
+    the \e top-most row from left to right, then moves one row \e down
-    \e right and fills that from top to bottom and so on. The
+    and fills that row from left to right and so on. The
     arrangement can be modified with any of the following approaches:
     \list
-    \i Call setArrangement(), e.g. with \c TopToBottom which will fill
+    \i Call setArrangement(), e.g. with \c TopToBottom which will fill up
-    the \e top-most row from left to right, then moves one row \e down
+    the \e left-most column from top to bottom, then moves one column
-    and fills that row from left to right and so on.
+    \e right and fills that from top to bottom and so on.
+    
     \i Construct each QIconViewItem using a constructor which allows
     you to specify which item the new one is to follow.
     \i Call setSorting() or sort() to sort the items.
@@ -6040,7 +6041,7 @@ QIconViewItem *QIconView::makeRowLayout( QIconViewItem *begin, int &y, bool &cha
 	}
 
 
-    } else { // -------------------------------- SOUTH ------------------------------
+    } else { // -------------------------------- TopToBottom ------------------------------
 
 	int x = y;
 
@@ -6075,6 +6076,7 @@ QIconViewItem *QIconView::makeRowLayout( QIconViewItem *begin, int &y, bool &cha
 
 	    // now move the items
 	    item = begin;
+	    QIconViewItem *prevVisibleItem = NULL;
 	    for (;;) {
 		item->dirty = FALSE;
 		if ( d->itemTextPos == Bottom ) {
@@ -6082,15 +6084,16 @@ QIconViewItem *QIconView::makeRowLayout( QIconViewItem *begin, int &y, bool &cha
 			changed = item->move( x + ( w - item->width() ) / 2, d->spacing )  || changed;
 		    else
 			changed = item->move( x + ( w - item->width() ) / 2,
-					      item->prev->y() + item->prev->height() + d->spacing ) || changed;
+					      prevVisibleItem->y() + prevVisibleItem->height() + d->spacing ) || changed;
 		} else {
 		    if ( item == begin )
 			changed = item->move( x, d->spacing ) || changed;
 		    else
-			changed = item->move( x, item->prev->y() + item->prev->height() + d->spacing ) || changed;
+			changed = item->move( x, prevVisibleItem->y() + prevVisibleItem->height() + d->spacing ) || changed;
 		}
 		if ( item == end )
 		    break;
+		prevVisibleItem = item;
 		item = item->next;
 		while (item && (item->isVisible() == FALSE)) {
 		    item = item->next;

src/kernel/qasyncimageio.cpp

@@ -904,7 +904,12 @@ int QGIFFormat::decode(QImage& img, QImageConsumer* consumer,
 		    sheight = newtop + newheight;
 
 		if (img.isNull()) {
-		    img.create(swidth, sheight, 32);
+		    if (!img.create(swidth, sheight, 32)) {
+			// Check if the attempt to create the image failed. If
+			// it did, the image is broken and we should give up.
+			state = Error;
+			return -1;
+		    }
 		    memset( img.bits(), 0, img.numBytes() );
 		    if (consumer) consumer->setSize(swidth, sheight);
 		}
@@ -1221,6 +1226,8 @@ void QGIFFormat::fillRect(QImage& img, int col, int row, int w, int h, QRgb colo
 
 void QGIFFormat::nextY(QImage& img, QImageConsumer* consumer)
 {
+    if (out_of_bounds)
+        return;
     int my;
     switch (interlace) {
       case 0:

src/kernel/qimage.cpp

@@ -4716,10 +4716,16 @@ bool read_dib( QDataStream& s, int offset, int startpos, QImage& image )
 	if ( (Q_ULONG)d->readBlock( (char *)&blue_mask, sizeof(blue_mask) ) != sizeof(blue_mask) )
 	    return FALSE;
 	red_shift = calc_shift(red_mask);
+	if (((red_mask >> red_shift) + 1) == 0)
+	    return FALSE;
 	red_scale = 256 / ((red_mask >> red_shift) + 1);
 	green_shift = calc_shift(green_mask);
+	if (((green_mask >> green_shift) + 1) == 0)
+	    return FALSE;
 	green_scale = 256 / ((green_mask >> green_shift) + 1);
 	blue_shift = calc_shift(blue_mask);
+	if (((blue_mask >> blue_shift) + 1) == 0)
+	    return FALSE;
 	blue_scale = 256 / ((blue_mask >> blue_shift) + 1);
     } else if (comp == BMP_RGB && (nbits == 24 || nbits == 32)) {
 	blue_mask = 0x000000ff;

src/xml/qxml.cpp

@@ -4529,6 +4529,11 @@ bool QXmlSimpleReader::parseDoctype()
 		}
 		break;
 	    case Mup:
+		if (dtdRecursionLimit > 0U && d->parameterEntities.size() > dtdRecursionLimit) {
+		    reportParseError(QString::fromLatin1(
+		        "DTD parsing exceeded recursion limit of %1.").arg(dtdRecursionLimit));
+		    return FALSE;
+		}
 		if ( !parseMarkupdecl() ) {
 		    parseFailed( &QXmlSimpleReader::parseDoctype, state );
 		    return FALSE;
@@ -6128,6 +6133,58 @@ bool QXmlSimpleReader::parseChoiceSeq()
     }
 }
 
+bool QXmlSimpleReader::isExpandedEntityValueTooLarge(QString *errorMessage)
+{
+    QMap<QString, uint> literalEntitySizes;
+    // The entity at (QMap<QString,) referenced the entities at (QMap<QString,) (uint>) times.
+    QMap<QString, QMap<QString, uint> > referencesToOtherEntities;
+    QMap<QString, uint> expandedSizes;
+
+    // For every entity, check how many times all entity names were referenced in its value.
+    QMap<QString,QString>::ConstIterator toSearchIterator;
+    for (toSearchIterator = d->entities.begin(); toSearchIterator != d->entities.end(); ++toSearchIterator) {
+        QString toSearch = toSearchIterator.key();
+        // The amount of characters that weren't entity names, but literals, like 'X'.
+        QString leftOvers = toSearchIterator.data();
+        QMap<QString,QString>::ConstIterator entityNameIterator;
+        // How many times was entityName referenced by toSearch?
+        for (entityNameIterator = d->entities.begin(); entityNameIterator != d->entities.end(); ++entityNameIterator) {
+            QString entityName = entityNameIterator.key();
+            for (int i = 0; i >= 0 && (uint) i < leftOvers.length(); ) {
+                i = leftOvers.find(QString::fromLatin1("&%1;").arg(entityName), i);
+                if (i != -1) {
+                    leftOvers.remove(i, entityName.length() + 2U);
+                    // The entityName we're currently trying to find was matched in this string; increase our count.
+                    ++referencesToOtherEntities[toSearch][entityName];
+                }
+            }
+        }
+        literalEntitySizes[toSearch] = leftOvers.length();
+    }
+
+    QMap<QString, QMap<QString, uint> >::ConstIterator entityIterator;
+    for (entityIterator = referencesToOtherEntities.begin(); entityIterator != referencesToOtherEntities.end(); ++entityIterator) {
+        QString entity = entityIterator.key();
+        expandedSizes[entity] = literalEntitySizes[entity];
+        QMap<QString, uint>::ConstIterator referenceToIterator;
+        for (referenceToIterator = entityIterator.data().begin(); referenceToIterator != entityIterator.data().end(); ++referenceToIterator) {
+            QString referenceTo = referenceToIterator.key();
+            const uint references = referenceToIterator.data();
+            // The total size of an entity's value is the expanded size of all of its referenced entities, plus its literal size.
+            expandedSizes[entity] += expandedSizes[referenceTo] * references + literalEntitySizes[referenceTo] * references;
+        }
+
+        if (expandedSizes[entity] > entityCharacterLimit) {
+            if (errorMessage) {
+                *errorMessage = QString::fromLatin1("The XML entity \"%1\" expands to a string that is too large to process (%2 characters > %3).");
+                *errorMessage = (*errorMessage).arg(entity).arg(expandedSizes[entity]).arg(entityCharacterLimit);
+            }
+            return TRUE;
+        }
+    }
+    return FALSE;
+}
+
 /*
   Parse a EntityDecl [70].
 
@@ -6222,6 +6279,12 @@ bool QXmlSimpleReader::parseEntityDecl()
 	switch ( state ) {
 	    case EValue:
 		if (  !entityExist( name() ) ) {
+		    QString errorMessage;
+		    if (isExpandedEntityValueTooLarge(&errorMessage)) {
+		        reportParseError(errorMessage);
+		        return FALSE;
+		    }
+
 		    d->entities.insert( name(), string() );
 		    if ( declHnd ) {
 			if ( !declHnd->internalEntityDecl( name(), string() ) ) {

src/xml/qxml.h

@@ -307,6 +307,12 @@ private:
 
     QXmlSimpleReaderPrivate* d;
 
+    // The limit to the amount of times the DTD parsing functions can be called
+    // for the DTD currently being parsed.
+    static const uint dtdRecursionLimit = 2U;
+    // The maximum amount of characters an entity value may contain, after expansion.
+    static const uint entityCharacterLimit = 65536U;
+
     const QString &string();
     void stringClear();
     inline void stringAddC() { stringAddC(c); }
@@ -378,6 +384,7 @@ private:
     void unexpectedEof( ParseFunction where, int state );
     void parseFailed( ParseFunction where, int state );
     void pushParseState( ParseFunction function, int state );
+    bool isExpandedEntityValueTooLarge(QString *errorMessage);
 
     void setUndefEntityInAttrHack(bool b);