QLibrary/Unix: do not attempt to load a library relative to $PWD

Origin: upstream, https://code.qt.io/cgit/qt/qtbase.git/commit/?id=e6f1fde24f77f63f
Last-Update: 2020-01-30

I added the code in commit 5219c37f7c98f37f078fee00fe8ca35d83ff4f5d to
find libraries in a haswell/ subdir of the main path, but we only need
to do that transformation if the library is contains at least one
directory separator. That is, if the user asks to load "lib/foo", then we
should try "lib/haswell/foo" (often, the path prefix will be absolute).

When the library name the user requested has no directory separators, we
let dlopen() do the transformation for us. Testing on Linux confirms
glibc does so:

$ LD_DEBUG=libs /lib64/ld-linux-x86-64.so.2 --inhibit-cache ./qml -help |& grep Xcursor
   1972475:     find library=libXcursor.so.1 [0]; searching
   1972475:       trying file=/usr/lib64/haswell/avx512_1/libXcursor.so.1
   1972475:       trying file=/usr/lib64/haswell/libXcursor.so.1
   1972475:       trying file=/usr/lib64/libXcursor.so.1
   1972475:     calling init: /usr/lib64/libXcursor.so.1
   1972475:     calling fini: /usr/lib64/libXcursor.so.1 [0]

Gbp-Pq: Name CVE-2020-0570.diff

diff --git a/src/corelib/plugin/qlibrary_unix.cpp b/src/corelib/plugin/qlibrary_unix.cpp
index e03814984ce3ec51c4ef1ce66157fded82adcfd1..acb4e1490a5d19e20359ef95a10cbabd138b0d08 100644 (file)
--- a/src/corelib/plugin/qlibrary_unix.cpp
+++ b/src/corelib/plugin/qlibrary_unix.cpp
@@ -208,6 +208,8 @@ bool QLibraryPrivate::load_sys()
         for(int suffix = 0; retry && !pHnd && suffix < suffixes.size(); suffix++) {
             if (!prefixes.at(prefix).isEmpty() && name.startsWith(prefixes.at(prefix)))
                 continue;
+            if (path.isEmpty() && prefixes.at(prefix).contains(QLatin1Char('/')))
+                continue;
             if (!suffixes.at(suffix).isEmpty() && name.endsWith(suffixes.at(suffix)))
                 continue;
             if (loadHints & QLibrary::LoadArchiveMemberHint) {