From 58fa23c73fe7accb60dc6ac98863e6054996b2d0 Mon Sep 17 00:00:00 2001
From: Patrick Franz <deltaone@debian.org>
Date: Mon, 27 Feb 2023 20:16:02 +0100
Subject: [PATCH] Update patch for CVE-2023-24607.

---
 debian/changelog                    |  3 ++
 debian/patches/cve-2023-24607.patch | 54 ++++++++++++++++++++---------
 2 files changed, 41 insertions(+), 16 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index efe8a97..fcab356 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,8 @@
 qt6-base (6.4.2+dfsg-7) UNRELEASED; urgency=medium
 
+  [ Patrick Franz ]
+  * Update patch for CVE-2023-24607.
+
  -- Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>  Mon, 27 Feb 2023 20:11:33 +0100
 
 qt6-base (6.4.2+dfsg-6) unstable; urgency=medium
diff --git a/debian/patches/cve-2023-24607.patch b/debian/patches/cve-2023-24607.patch
index f6d56a4..bea047c 100644
--- a/debian/patches/cve-2023-24607.patch
+++ b/debian/patches/cve-2023-24607.patch
@@ -1,13 +1,12 @@
 Description: Fix CVE-2023-24607
  CVE-2023-24607 can trigger a DOS with a specifically crafted string,
  see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031871.
- This patch backports both https://codereview.qt-project.org/c/qt/qtbase/+/456007
- and https://codereview.qt-project.org/c/qt/qtbase/+/457937.
+ This patch https://codereview.qt-project.org/c/qt/qtbase/+/456216,
+ https://codereview.qt-project.org/c/qt/qtbase/+/457637 and
+ https://codereview.qt-project.org/c/qt/qtbase/+/457937
+ See: https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin
 Forwarded: not-needed
 
----
-diff --git a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
-index 386ffccf36..80bf6ad7c0 100644
 --- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
 +++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
 @@ -58,23 +58,39 @@ inline static QString fromSQLTCHAR(const QVarLengthArray<SQLTCHAR>& input, qsize
@@ -64,7 +63,30 @@ index 386ffccf36..80bf6ad7c0 100644
      result.append(0); // make sure it's null terminated, doesn't matter if it already is, it does if it isn't.
      return result;
  }
-@@ -729,6 +745,14 @@ QChar QODBCDriverPrivate::quoteChar()
+
+--- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
++++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
+@@ -1740,10 +1740,11 @@ bool QODBCResult::exec()
+             case QMetaType::QString:
+                 if (d->unicode) {
+                     if (bindValueType(i) & QSql::Out) {
+-                        const QByteArray &first = tmpStorage.at(i);
+-                        QVarLengthArray<SQLTCHAR> array;
+-                        array.append((const SQLTCHAR *)first.constData(), first.size());
+-                        values[i] = fromSQLTCHAR(array, first.size()/sizeof(SQLTCHAR));
++                        const QByteArray &bytes = tmpStorage.at(i);
++                        const auto strSize = bytes.size() / sizeof(SQLTCHAR);
++                        QVarLengthArray<SQLTCHAR> string(strSize);
++                        memcpy(string.data(), bytes.data(), strSize * sizeof(SQLTCHAR));
++                        values[i] = fromSQLTCHAR(string);
+                     }
+                     break;
+                 }
+
+
+--- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
++++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp
+@@ -745,6 +745,14 @@ QChar QODBCDriverPrivate::quoteChar()
      return quote;
  }
 
@@ -79,7 +101,7 @@ index 386ffccf36..80bf6ad7c0 100644
 
  bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts)
  {
-@@ -764,10 +788,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts)
+@@ -780,10 +788,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts)
              v = val.toUInt();
              r = SQLSetConnectAttr(hDbc, SQL_ATTR_LOGIN_TIMEOUT, (SQLPOINTER) size_t(v), 0);
          } else if (opt.toUpper() == "SQL_ATTR_CURRENT_CATALOG"_L1) {
@@ -91,7 +113,7 @@ index 386ffccf36..80bf6ad7c0 100644
          } else if (opt.toUpper() == "SQL_ATTR_METADATA_ID"_L1) {
              if (val.toUpper() == "SQL_TRUE"_L1) {
                  v = SQL_TRUE;
-@@ -782,10 +803,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts)
+@@ -798,10 +803,7 @@ bool QODBCDriverPrivate::setConnectionOptions(const QString& connOpts)
              v = val.toUInt();
              r = SQLSetConnectAttr(hDbc, SQL_ATTR_PACKET_SIZE, (SQLPOINTER) size_t(v), 0);
          } else if (opt.toUpper() == "SQL_ATTR_TRACEFILE"_L1) {
@@ -103,7 +125,7 @@ index 386ffccf36..80bf6ad7c0 100644
          } else if (opt.toUpper() == "SQL_ATTR_TRACE"_L1) {
              if (val.toUpper() == "SQL_OPT_TRACE_OFF"_L1) {
                  v = SQL_OPT_TRACE_OFF;
-@@ -988,9 +1006,12 @@ bool QODBCResult::reset (const QString& query)
+@@ -1004,9 +1006,12 @@ bool QODBCResult::reset (const QString& query)
          return false;
      }
 
@@ -119,7 +141,7 @@ index 386ffccf36..80bf6ad7c0 100644
      if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO && r!= SQL_NO_DATA) {
          setLastError(qMakeError(QCoreApplication::translate("QODBCResult",
                       "Unable to execute statement"), QSqlError::StatementError, d));
-@@ -1339,9 +1360,12 @@ bool QODBCResult::prepare(const QString& query)
+@@ -1355,9 +1360,12 @@ bool QODBCResult::prepare(const QString& query)
          return false;
      }
 
@@ -135,7 +157,7 @@ index 386ffccf36..80bf6ad7c0 100644
 
      if (r != SQL_SUCCESS) {
          setLastError(qMakeError(QCoreApplication::translate("QODBCResult",
-@@ -1369,7 +1393,7 @@ bool QODBCResult::exec()
+@@ -1385,7 +1393,7 @@ bool QODBCResult::exec()
          SQLCloseCursor(d->hStmt);
 
      QVariantList &values = boundValues();
@@ -144,7 +166,7 @@ index 386ffccf36..80bf6ad7c0 100644
      QVarLengthArray<SQLLEN, 32> indicators(values.count());
      memset(indicators.data(), 0, indicators.size() * sizeof(SQLLEN));
 
-@@ -1584,36 +1608,36 @@ bool QODBCResult::exec()
+@@ -1600,36 +1608,36 @@ bool QODBCResult::exec()
              case QMetaType::QString:
                  if (d->unicode) {
                      QByteArray &ba = tmpStorage[i];
@@ -193,7 +215,7 @@ index 386ffccf36..80bf6ad7c0 100644
                                            ba.size(),
                                            ind);
                      break;
-@@ -1974,14 +1998,16 @@ bool QODBCDriver::open(const QString & db,
+@@ -1991,14 +1999,16 @@ bool QODBCDriver::open(const QString & db,
      SQLSMALLINT cb;
      QVarLengthArray<SQLTCHAR> connOut(1024);
      memset(connOut.data(), 0, connOut.size() * sizeof(SQLTCHAR));
@@ -218,7 +240,7 @@ index 386ffccf36..80bf6ad7c0 100644
 
      if (r != SQL_SUCCESS && r != SQL_SUCCESS_WITH_INFO) {
          setLastError(qMakeError(tr("Unable to connect"), QSqlError::ConnectionError, d));
-@@ -2360,17 +2386,15 @@ QStringList QODBCDriver::tables(QSql::TableType type) const
+@@ -2377,17 +2387,15 @@ QStringList QODBCDriver::tables(QSql::TableType type) const
      if (tableType.isEmpty())
          return tl;
 
@@ -244,7 +266,7 @@ index 386ffccf36..80bf6ad7c0 100644
 
      if (r != SQL_SUCCESS)
          qSqlWarning("QODBCDriver::tables Unable to execute table list"_L1, d);
-@@ -2443,28 +2467,30 @@ QSqlIndex QODBCDriver::primaryIndex(const QString& tablename) const
+@@ -2460,28 +2468,30 @@ QSqlIndex QODBCDriver::primaryIndex(const QString& tablename) const
                          SQL_ATTR_CURSOR_TYPE,
                          (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY,
                          SQL_IS_UINTEGER);
@@ -292,7 +314,7 @@ index 386ffccf36..80bf6ad7c0 100644
 
              if (r != SQL_SUCCESS) {
                  qSqlWarning("QODBCDriver::primaryIndex: Unable to execute primary key list"_L1, d);
-@@ -2545,15 +2571,17 @@ QSqlRecord QODBCDriver::record(const QString& tablename) const
+@@ -2562,15 +2572,17 @@ QSqlRecord QODBCDriver::record(const QString& tablename) const
                          SQL_ATTR_CURSOR_TYPE,
                          (SQLPOINTER)SQL_CURSOR_FORWARD_ONLY,
                          SQL_IS_UINTEGER);