File 0001-Fix-use-after-free-bug.patch of Package libkolab-old
From c801b50bf541a8825bc640438339731d5e08b34a Mon Sep 17 00:00:00 2001
From: Christoph Erhardt <kolab@sicherha.de>
Date: Sun, 14 Feb 2021 18:27:41 +0100
Subject: [PATCH] Fix use-after-free bug
QByteArray::fromRawData() does not copy the contents of the source
buffer. If the resulting QByteArray object lives longer than the source
buffer, we run into use-after-free problems.
In this particular instance, the source data resides in a temporary
rvalue object.
---
conversion/kcalconversion.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/conversion/kcalconversion.cpp b/conversion/kcalconversion.cpp
index b06a5d0..7a5077e 100644
--- a/conversion/kcalconversion.cpp
+++ b/conversion/kcalconversion.cpp
@@ -316,7 +316,7 @@ void setIncidence(KCalCore::Incidence &i, const T &e)
if (!a.uri().empty()) {
ptr = KCalCore::Attachment::Ptr(new KCalCore::Attachment(fromStdString(a.uri()), fromStdString(a.mimetype())));
} else {
- ptr = KCalCore::Attachment::Ptr(new KCalCore::Attachment(QByteArray::fromRawData(a.data().c_str(), a.data().size()), fromStdString(a.mimetype())));
+ ptr = KCalCore::Attachment::Ptr(new KCalCore::Attachment(QByteArray(a.data().c_str(), a.data().size()), fromStdString(a.mimetype())));
}
if (!a.label().empty()) {
ptr->setLabel(fromStdString(a.label()));
--
2.31.1