summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--pkgs/development/libraries/qt-5/5.12/default.nix5
-rw-r--r--pkgs/development/libraries/qt-5/5.12/qtwebengine-CVE-2019-5786.patch26
2 files changed, 30 insertions, 1 deletions
diff --git a/pkgs/development/libraries/qt-5/5.12/default.nix b/pkgs/development/libraries/qt-5/5.12/default.nix
index c7773baad0c..bc6432b5ca5 100644
--- a/pkgs/development/libraries/qt-5/5.12/default.nix
+++ b/pkgs/development/libraries/qt-5/5.12/default.nix
@@ -60,7 +60,10 @@ let
     qtdeclarative = [ ./qtdeclarative.patch ];
     qtscript = [ ./qtscript.patch ];
     qtserialport = [ ./qtserialport.patch ];
-    qtwebengine = [ ./qtwebengine-no-build-skip.patch ];
+    qtwebengine = [
+      ./qtwebengine-no-build-skip.patch
+      ./qtwebengine-CVE-2019-5786.patch
+    ];
     qtwebkit = [ ./qtwebkit.patch ]
       ++ optionals stdenv.isDarwin [
         ./qtwebkit-darwin-no-readline.patch
diff --git a/pkgs/development/libraries/qt-5/5.12/qtwebengine-CVE-2019-5786.patch b/pkgs/development/libraries/qt-5/5.12/qtwebengine-CVE-2019-5786.patch
new file mode 100644
index 00000000000..ec9a432ea70
--- /dev/null
+++ b/pkgs/development/libraries/qt-5/5.12/qtwebengine-CVE-2019-5786.patch
@@ -0,0 +1,26 @@
+--- a/src/3rdparty/chromium/third_party/blink/renderer/core/fileapi/file_reader_loader.cc
++++ b/src/3rdparty/chromium/third_party/blink/renderer/core/fileapi/file_reader_loader.cc
+@@ -135,14 +135,16 @@
+   if (!raw_data_ || error_code_)
+     return nullptr;
+ 
+-  DOMArrayBuffer* result = DOMArrayBuffer::Create(raw_data_->ToArrayBuffer());
+-  if (finished_loading_) {
+-    array_buffer_result_ = result;
+-    AdjustReportedMemoryUsageToV8(
+-        -1 * static_cast<int64_t>(raw_data_->ByteLength()));
+-    raw_data_.reset();
++  if (!finished_loading_) {
++    return DOMArrayBuffer::Create(
++        ArrayBuffer::Create(raw_data_->Data(), raw_data_->ByteLength()));
+   }
+-  return result;
++  array_buffer_result_ = DOMArrayBuffer::Create(raw_data_->ToArrayBuffer());
++  AdjustReportedMemoryUsageToV8(-1 *
++                                static_cast<int64_t>(raw_data_->ByteLength()));
++
++  raw_data_.reset();
++  return array_buffer_result_;
+ }
+ 
+ String FileReaderLoader::StringResult() {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-03 02:19:10 +0000