File CVE-2021-3481.patch of Package A_tw-libqt4

From: Fabian Vogt <fvogt@suse.de>
Subject: Clamp parsed doubles to float representable values
Fixes: QTBUG-91507, CVE-2021-3481, boo#1184783

Backport of two upstream patches:

From fbe87464350f8bd66ddef5653280fac6bfadab3b Mon Sep 17 00:00:00 2001
From: Eirik Aavitsland <eirik.aavitsland@qt.io>
Date: Tue, 1 Dec 2020 14:39:59 +0100
Subject: [PATCH] Improve handling of malformed numeric values in svg files

Catch cases where the input is not containable in a qreal, and avoid
passing on inf values.

Change-Id: I1ab8932d94473916815385240c29e03afb0e0c9e
Reviewed-by: Robert Loehning <robert.loehning@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 428d56da9d5ed9bda51f7cc3c144996fb3a6a285)

From 9311a42677db244cd1c584f27270fa73f69d90d7 Mon Sep 17 00:00:00 2001
From: Allan Sandfeld Jensen <allan.jensen@qt.io>
Date: Thu, 4 Mar 2021 14:28:48 +0100
Subject: [PATCH] Clamp parsed doubles to float representable values
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Parts of our rendering assumes incoming doubles can still be sane
floats.

Fixes: QTBUG-91507
Change-Id: I7086a121e1b5ed47695a1251ea90e774dd8f148d
Reviewed-by: Robert Löhning <robert.loehning@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit bfd6ee0d8cf34b63d32adf10ed93daa0086b359f

Index: qt-everywhere-opensource-src-4.8.7/src/svg/qsvghandler.cpp
===================================================================
--- qt-everywhere-opensource-src-4.8.7.orig/src/svg/qsvghandler.cpp
+++ qt-everywhere-opensource-src-4.8.7/src/svg/qsvghandler.cpp
@@ -638,6 +638,9 @@ static qreal toDouble(const QChar *&str)
         {
             bool ok = false;
             val = qstrtod(temp, 0, &ok);
+            // Do not tolerate values too wild to be represented normally by floats
+            if (fpclassify(float(val)) != FP_NORMAL)
+                val = 0;
         }
     }
     return val;
@@ -2946,6 +2949,8 @@ static QSvgStyleProperty *createRadialGr
         ncy = toDouble(cy);
     if (!r.isEmpty())
         nr = toDouble(r);
+    if (nr < 0.5)
+        nr = 0.5;
 
     qreal nfx = ncx;
     if (!fx.isEmpty())