From a1c51e17a4e0d5955c59ffa3a0a84870dc6e157d Mon Sep 17 00:00:00 2001
From: lvfei <lvfei@kylinos.cn>
Date: Fri, 26 Apr 2024 15:53:17 +0800
Subject: [PATCH] Fix CVE-2023-45935

(cherry picked from commit dca3aa7b7f3d94dfe28c7ee3c701c6876ad3246c)
---
 CVE-2023-45935.patch | 31 +++++++++++++++++++++++++++++++
 qt5-qtbase.spec      |  9 ++++++++-
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2023-45935.patch

diff --git a/CVE-2023-45935.patch b/CVE-2023-45935.patch
new file mode 100644
index 0000000..c8e87f8
--- /dev/null
+++ b/CVE-2023-45935.patch
@@ -0,0 +1,31 @@
+From 33f905df885041e97a465c3706046fa4378ea27f Mon Sep 17 00:00:00 2001
+From: Liang Qi <liang.qi@qt.io>
+Date: 2023-07-31 05:35:11 +0200
+Subject: [PATCH] CVE-2023-45935
+ 
+port invokeMethodImpl() from QScopeGuard to SlotObjUniquePtr
+
+---
+ src/plugins/platforms/xcb/qxcbatom.cpp | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/plugins/platforms/xcb/qxcbatom.cpp b/src/plugins/platforms/xcb/qxcbatom.cpp
+index a769ddad..a33b1b44 100644
+--- a/src/plugins/platforms/xcb/qxcbatom.cpp
++++ b/src/plugins/platforms/xcb/qxcbatom.cpp
+@@ -270,8 +270,10 @@ void QXcbAtom::initializeAllAtoms(xcb_connection_t *connection) {
+ 
+     for (i = 0; i < QXcbAtom::NAtoms; ++i) {
+         xcb_intern_atom_reply_t *reply = xcb_intern_atom_reply(connection, cookies[i], nullptr);
+-        m_allAtoms[i] = reply->atom;
+-        free(reply);
++        if (reply) {
++            m_allAtoms[i] = reply->atom;
++            free(reply);
++        }        
+     }
+ }
+ 
+-- 
+2.27.0
+
diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec
index ee0fab9..9ed99d1 100644
--- a/qt5-qtbase.spec
+++ b/qt5-qtbase.spec
@@ -36,7 +36,7 @@
 Name:             qt5-qtbase
 Summary:          Qt5 - QtBase components
 Version:          5.15.10
-Release:          8
+Release:          9
 
 # See LGPL_EXCEPTIONS.txt, for exception details
 License:          LGPL-3.0-only OR GPL-3.0-only WITH Qt-GPL-exception-1.0
@@ -134,6 +134,8 @@ Patch0027:        qtbase5.15.10-CVE-2023-43114.patch
 Patch0028:        fix-build-error-of-libxkbcommon-1.6.0.patch
 Patch0029:        qtbase5.15-CVE-2023-51714.patch
 Patch0030:        CVE-2024-25580-qtbase-5.15.diff
+Patch0031:        CVE-2023-45935.patch
+
 # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires.
 # Those themes are there for platform integration. If the required libraries are
 # not there, the platform to integrate with isn't either. Then Qt will just
@@ -404,6 +406,8 @@ Qt5 libraries used for drawing widgets and OpenGL items.
 %patch -P0028 -p1
 %patch -P0029 -p1
 %patch -P0030 -p1
+%patch -P0031 -p1
+
 # move some bundled libs to ensure they're not accidentally used
 pushd src/3rdparty
 mkdir UNUSED
@@ -1061,6 +1065,9 @@ fi
 
 
 %changelog
+* Wed Apr 24 2024 lvfei <lvfei@kylinos.cn> - 5.15.10-9
+- add CVE-2023-45935.patch
+
 * Wed Apr 17 2024 peijiankang <peijiankang@kylinos.cn> - 5.15.10-8
 - add CVE-2024-25580-qtbase-5.15.diff
 
-- 
Gitee