master

分支 (13)

标签 (9)

管理

管理

master

openEuler-20.03-LTS-SP3

openEuler-20.03-LTS

openEuler-21.03

openEuler-21.09

openEuler-22.03-LTS

openEuler-22.03-LTS-Next

openEuler-20.03-LTS-Next

openEuler-20.03-LTS-SP1

openEuler-20.03-LTS-SP2

openEuler-20.09

openEuler1.0

openEuler1.0-base

openEuler-22.03-LTS-round3

openEuler-22.03-LTS-round2

openEuler-22.03-LTS-round1

openEuler-20.03-LTS-SP3-release

openEuler-20.03-LTS-SP2-20210624

openEuler-21.03-20210330

openEuler-20.09-20200929

openEuler-20.03-LTS-20200606

openEuler-20.03-LTS-tag

qt
/
CVE-2020-0570.patch

From 15d5017b8f61a4af9196ba8f802df75efb77a319 Mon Sep 17 00:00:00 2001
From: Thiago Macieira <thiago.macieira@intel.com>
Date: Fri, 10 Jan 2020 09:26:27 -0800
Subject: QLibrary/Unix: do not attempt to load a library relative to $PWD

I added the code in commit 5219c37f7c98f37f078fee00fe8ca35d83ff4f5d to
find libraries in a haswell/ subdir of the main path, but we only need
to do that transformation if the library is contains at least one
directory seprator. That is, if the user asks to load "lib/foo", then we
should try "lib/haswell/foo" (often, the path prefix will be absolute).

When the library name the user requested has no directory separators, we
let dlopen() do the transformation for us. Testing on Linux confirms
glibc does so:

$ LD_DEBUG=libs /lib64/ld-linux-x86-64.so.2 --inhibit-cache ./qml -help
|& grep Xcurs or
   1972475:     find library=libXcursor.so.1 [0]; searching
   1972475:trying file=/usr/lib64/haswell/avx512_1/libXcursor.so.1
   1972475:trying file=/usr/lib64/haswell/libXcursor.so.1
   1972475:trying file=/usr/lib64/libXcursor.so.1
   1972475:     calling init: /usr/lib64/libXcursor.so.1
   1972475:     calling fini: /usr/lib64/libXcursor.so.1 [0]

Fixes: QTBUG-81272
Change-Id: I596aec77785a4e4e84d5fffd15e89689bb91ffbb
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
---
 src/corelib/plugin/qlibrary_unix.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/corelib/plugin/qlibrary_unix.cpp b/src/corelib/plugin/qlibrary_unix.cpp
index 90797a49..99c646e1 100644
--- a/src/corelib/plugin/qlibrary_unix.cpp
+++ b/src/corelib/plugin/qlibrary_unix.cpp
@@ -209,6 +209,8 @@ bool QLibraryPrivate::load_sys()
         for(int suffix = 0; retry && !pHnd && suffix < suffixes.size(); suffix++) {
             if (!prefixes.at(prefix).isEmpty() && name.startsWith(prefixes.at(prefix)))
                 continue;
+	    if (path.isEmpty() && prefixes.at(prefix).contains(QLatin1Char('/')))
+		continue;
             if (!suffixes.at(suffix).isEmpty() && name.endsWith(suffixes.at(suffix)))
                 continue;
             if (loadHints & QLibrary::LoadArchiveMemberHint) {
--
2.23.0