[Development] How do I fix a vulnerability in Qt. I forward the question to someone, or should I write the code myself?
bruno.crocamo at gmail.com
Thu Jul 9 20:11:06 CEST 2020
Thank u, Eddy.
Lars, in my first message I mentioned a link:
Here you can see the changes I made:
The changes made by me perform a reordering. This lessens the risk. But the
risk will always exist as long as there is a source of risk: the CMap
However, the change made was made in a version of Qt used in a third party
I don't know, for sure, how to make this modification official in Qt. I
believe that the best option is an analysis by a developer with more
experience about Qt. I understand that I have a minor contribution, very
punctual contribution, that does not break the code. But an analysis by
someone more experienced is required.
In fact, the Qt contribution guidelines talks about:
- "Add relevant reviewers to your change(s)";
- "If your contribution is deemed to not align with the project's vision or
goals, you should abandon the change at this point".
Thus, to make a change someone else's participation is required.
I appreciate the answer given by everyone,
Em qui., 9 de jul. de 2020 às 12:48, Thiago Macieira <
thiago.macieira at intel.com> escreveu:
> On Thursday, 9 July 2020 03:48:18 PDT Lars Knoll wrote:
> > The easiest fix for this would probably be to simply change the
> > glyph_indices;" in QFontSubset to a QSet.
> That would make the output non-deterministic. If determinism is wanted, a
> sorted container is preferable.
> Thiago Macieira - thiago.macieira (AT) intel.com
> Software Architect - Intel System Software Products
> Development mailing list
> Development at qt-project.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Development