From 635d3fe606632d01dd8c98ec33a8a0c605644e21 Mon Sep 17 00:00:00 2001
From: Slávek Banko <slavek.banko@axis.cz>
Date: Mon, 9 Mar 2015 22:30:38 +0100
Subject: Fix security issue CVE-2013-4549 [taken from RedHat Qt3 patches]
 (cherry picked from commit 73584365f8600414fc5a114ec2f2d6750a7f77cc)

---
 src/xml/qxml.h | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src/xml/qxml.h')

diff --git a/src/xml/qxml.h b/src/xml/qxml.h
index 11fbbdb..6d0bee8 100644
--- a/src/xml/qxml.h
+++ b/src/xml/qxml.h
@@ -307,6 +307,12 @@ private:
 
     QXmlSimpleReaderPrivate* d;
 
+    // The limit to the amount of times the DTD parsing functions can be called
+    // for the DTD currently being parsed.
+    static const uint dtdRecursionLimit = 2U;
+    // The maximum amount of characters an entity value may contain, after expansion.
+    static const uint entityCharacterLimit = 65536U;
+
     const QString &string();
     void stringClear();
     inline void stringAddC() { stringAddC(c); }
@@ -378,6 +384,7 @@ private:
     void unexpectedEof( ParseFunction where, int state );
     void parseFailed( ParseFunction where, int state );
     void pushParseState( ParseFunction function, int state );
+    bool isExpandedEntityValueTooLarge(QString *errorMessage);
 
     void setUndefEntityInAttrHack(bool b);
 
-- 
cgit v1.2.3