Avoid parsing over the buffer limit, or interpreting non-hex as hex.
This still leaves parsing of lines longer than 300 chars unreliable.
Based on Qt5 patch for CVE-2020-17507.
Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
(cherry picked from commit 7441a646a8)
If `_POSIX_THREAD_PRIORITY_SCHEDULING == 0`, it must be checked
with sysconf(_SC_THREAD_PRIORITY_SCHEDULING) at runtime.
Signed-off-by: OBATA Akio <obache@wizdas.com>
(cherry picked from commit 48a9cf9a3c)
`info_ptr->channels` will be set in the next called `png_set_IHDR()`,
so it is no effect.
Signed-off-by: OBATA Akio <obache@wizdas.com>
(cherry picked from commit b6a4a5ec20)
`__RES` is usable to check release date of resolver library.
Such modern res API appeared in BIND-8.2.0 libbind with `__RES == 19980901`,
it was refrected as BIND-8.2.2-P5 to glibc at pre 2.3 release with
`__RES == 19991006`.
Signed-off-by: OBATA Akio <obache@wizdas.com>
(cherry picked from commit b79f0a7caa)
The ppm format specifies that the maximum color value field must be
less than 65536. The handler did not enforce this, leading to
potentional overflow when the value was used in 16 bits context.
Based on Qt5 patch for CVE-2018-19872.
Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
(cherry picked from commit 4470facd61)
It resolves building with libc libraries
other than glibc - for example musl libc.
Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
(cherry picked from commit 1aa221a2bc)
in the TQt plugins directory, instead of the TDE plugins
directory, which cannot be known at TQt build time.
This resolves issue #3.
Signed-off-by: gregory guy <g-gregory@gmx.fr>
Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
(cherry picked from commit d3b13515ef)
Add desktop files for:
- tqassistant
- tqdesigner
- tqlinguist
- tqtconfig
These files have been made with the contribution of Laurent Dard's
patch (see bugzilla:639) with little change/addition from I.
Add 'sysshare' option to the configure script.
Signed-off-by: gregory guy <g-gregory@gmx.fr>
(cherry picked from commit 6131b4262e)
Make the decoder fail early to avoid spending time and memory on
attempting to decode a corrupt image file.
Based on Qt5 patch for CVE-2018-19873.
Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
(cherry picked from commit 5a61151fe9)
Since image files easily can be (or corrupt files claim to be) huge,
it is worth checking for out of memory situations.
Based on Qt5 patch for CVE-2018-19870.
Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
(cherry picked from commit 83036c3af1)
This resolves bug 2991.
Thanks to Nikolaus Klepp for initial patch.
Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
(cherry picked from commit b7be699a09)
currentThreadObject() returns a null pointer if the
current thread was not started using the TQThread API.
This relates to bug 1748.
(cherry picked from commit caab7b3557)
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
OBATA Akio
François Andriot
Denis Kozadaev
Chris
gregory guy
Roman Savochenko
Timothy Pearson