fix #2208136, CVE-2023-32573 Uninitialized variable usage in m_unitsPerEm

Gbp-Pq: Name CVE-2023-32573.patch

diff --git a/src/svg/qsvgfont_p.h b/src/svg/qsvgfont_p.h
index 62bc4c08a0b423e79f106e86dc5294b60a98778a..e02060c02262e3d85d4a36159181cff230b1f773 100644 (file)
--- a/src/svg/qsvgfont_p.h
+++ b/src/svg/qsvgfont_p.h
@@ -78,6 +78,7 @@ public:
 class QSvgFont : public QSvgRefCounted
 {
 public:
+    static const qreal DEFAULT_UNITS_PER_EM = 1000;
     QSvgFont(qreal horizAdvX);
 
     void setFamilyName(const QString &name);
@@ -90,9 +91,7 @@ public:
     void draw(QPainter *p, const QPointF &point, const QString &str, qreal pixelSize, Qt::Alignment alignment) const;
 public:
     QString m_familyName;
-    qreal m_unitsPerEm;
-    qreal m_ascent;
-    qreal m_descent;
+    qreal m_unitsPerEm = DEFAULT_UNITS_PER_EM;
     qreal m_horizAdvX;
     QHash<QChar, QSvgGlyph> m_glyphs;
 };

diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
index 229e550f4a3dac441d18b37331723a197d02d2e1..2f03da09395c55d52df36977649545e45f1ceee0 100644 (file)
--- a/src/svg/qsvghandler.cpp
+++ b/src/svg/qsvghandler.cpp
@@ -2567,7 +2567,7 @@ static bool parseFontFaceNode(QSvgStyleProperty *parent,
 
     qreal unitsPerEm = toDouble(unitsPerEmStr);
     if (!unitsPerEm)
-        unitsPerEm = 1000;
+        unitsPerEm = QSvgFont::DEFAULT_UNITS_PER_EM;
 
     if (!name.isEmpty())
         font->setFamilyName(name);