From b1cad792c813e4ba4a0ce3457c5b390d84f3aacd Mon Sep 17 00:00:00 2001
From: lvfei <lvfei@kylinos.cn>
Date: Sun, 28 Apr 2024 09:47:31 +0800
Subject: [PATCH] Fix  CVE-2023-45935

---
 CVE-2023-45935.patch | 31 +++++++++++++++++++++++++++++++
 qt5-qtbase.spec      |  6 +++++-
 2 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2023-45935.patch

diff --git a/CVE-2023-45935.patch b/CVE-2023-45935.patch
new file mode 100644
index 0000000..3a42886
--- /dev/null
+++ b/CVE-2023-45935.patch
@@ -0,0 +1,31 @@
+From e876e91e829f6f0d6b9942ae4de80f8323f750ca Mon Sep 17 00:00:00 2001
+From: Liang Qi <liang.qi@qt.io>
+Date: 2023-07-31 05:35:11 +0200
+Subject: [PATCH] CVE-2023-45935
+
+port invokeMethodImpl() from QScopeGuard to SlotObjUniquePtr
+
+---
+ src/plugins/platforms/xcb/qxcbconnection.cpp | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/plugins/platforms/xcb/qxcbconnection.cpp b/src/plugins/platforms/xcb/qxcbconnection.cpp
+index 5fd1fc6a..2ec668a6 100644
+--- a/src/plugins/platforms/xcb/qxcbconnection.cpp
++++ b/src/plugins/platforms/xcb/qxcbconnection.cpp
+@@ -2051,8 +2051,10 @@ void QXcbConnection::initializeAllAtoms() {
+ 
+     for (i = 0; i < QXcbAtom::NAtoms; ++i) {
+         xcb_intern_atom_reply_t *reply = xcb_intern_atom_reply(xcb_connection(), cookies[i], 0);
+-        m_allAtoms[i] = reply->atom;
+-        free(reply);
++         if (reply) {
++            m_allAtoms[i] = reply->atom;
++            free(reply);
++        }        
+     }
+ }
+ 
+-- 
+2.27.0
+
diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec
index 908ef08..32fc6ba 100644
--- a/qt5-qtbase.spec
+++ b/qt5-qtbase.spec
@@ -13,7 +13,7 @@
 Name:             qt5-qtbase
 Summary:          Core component of Qt toolkit
 Version:          5.11.1
-Release:          21
+Release:          22
 License:          LGPLv2 with exceptions or GPLv3 with exceptions
 Url:              http://qt-project.org/
 Source0:          https://download.qt.io/new_archive/qt/5.11/%{version}/submodules/qtbase-everywhere-src-%{version}.tar.xz
@@ -57,6 +57,7 @@ Patch6013:        qtbase5.11.1-CVE-2023-38197.patch
 #https://codereview.qt-project.org/c/qt/qtbase/+/503026
 Patch6014:        qtbase5.11.1-CVE-2023-43114.patch
 Patch6015:        qtbase5.11.1-CVE-2023-51714.patch
+Patch6016:        CVE-2023-45935.patch
 
 BuildRequires:    pkgconfig(libsystemd) cups-devel desktop-file-utils findutils
 BuildRequires:    libjpeg-devel libmng-devel libtiff-devel pkgconfig(alsa)
@@ -424,6 +425,9 @@ fi
 
 
 %changelog
+* Wed Apr 24 2024 lvfei <lvfei@kylinos.cn> - 5.11.1-22
+- Fix CVE-2023-45935
+
 * Wed Jan 31 2024 douyan <douyan@kylinos.cn> - 5.11.1-21
 - add qtbase5.11.1-CVE-2023-51714.patch
 
-- 
Gitee