From 5e60d472a289699a7ce36595f8866afd806ae872 Mon Sep 17 00:00:00 2001
From: tobtoht <tob@featherwallet.org>
Date: Fri, 20 Oct 2023 00:43:44 +0200
Subject: [PATCH] depends: qt: patch for CVE-2023-45872

---
 contrib/depends/packages/qt.mk                    |  5 ++++-
 .../patches/qt/CVE-2023-45872-qtsvg-6.6.0.diff    | 15 +++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 contrib/depends/patches/qt/CVE-2023-45872-qtsvg-6.6.0.diff

diff --git a/contrib/depends/packages/qt.mk b/contrib/depends/packages/qt.mk
index d15567b..d53c422 100644
--- a/contrib/depends/packages/qt.mk
+++ b/contrib/depends/packages/qt.mk
@@ -20,6 +20,7 @@ $(package)_patches += xcb-util-image-fix.patch
 $(package)_patches += libxau-fix.patch
 $(package)_patches += toolchain.cmake
 $(package)_patches += xkb-1.6.0.patch
+$(package)_patches += CVE-2023-45872-qtsvg-6.6.0.diff
 #$(package)_patches += fix-static-fontconfig-static-linking.patch
 
 $(package)_qttools_file_name=qttools-$($(package)_suffix)
@@ -191,7 +192,9 @@ define $(package)_preprocess_cmds
   patch -p1 -i $($(package)_patch_dir)/xkb-1.6.0.patch && \
   cd ../qtmultimedia && \
   patch -p1 -i $($(package)_patch_dir)/qtmultimedia-fixes.patch && \
-  patch -p1 -i $($(package)_patch_dir)/v4l2.patch
+  patch -p1 -i $($(package)_patch_dir)/v4l2.patch && \
+  cd ../qtsvg && \
+  patch -p1 -i $($(package)_patch_dir)/CVE-2023-45872-qtsvg-6.6.0.diff
 endef
 
 define $(package)_config_cmds
diff --git a/contrib/depends/patches/qt/CVE-2023-45872-qtsvg-6.6.0.diff b/contrib/depends/patches/qt/CVE-2023-45872-qtsvg-6.6.0.diff
new file mode 100644
index 0000000..a60618d
--- /dev/null
+++ b/contrib/depends/patches/qt/CVE-2023-45872-qtsvg-6.6.0.diff
@@ -0,0 +1,15 @@
+diff --git a/src/svg/qsvghandler.cpp b/src/svg/qsvghandler.cpp
+index 2649422..335500a 100644
+--- a/src/svg/qsvghandler.cpp
++++ b/src/svg/qsvghandler.cpp
+@@ -3606,6 +3606,8 @@ void QSvgHandler::init()
+ 
+ static bool detectCycles(const QSvgNode *node, QList<const QSvgUse *> active = {})
+ {
++    if (Q_UNLIKELY(!node))
++        return false;
+     switch (node->type()) {
+     case QSvgNode::DOC:
+     case QSvgNode::G:
+
+