Comment 4 for bug 1758699

I have reached a point where I would like some guidance as to the contents of the patch for the CVE-2018-7889 Trusty backport.

So, this is the line in src/calibre/gui2/viewer/bookmarkmanager.py that has been patched upstream for this:

     def item_to_bm(self, item):
- return cPickle.loads(bytes(item.data(Qt.UserRole)))
+ return item.data(Qt.UserRole).copy()

( https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d )

Here is my attempt to backport it:

     def item_to_bm(self, item):
- return cPickle.loads(bytes(item.data(Qt.UserRole).toPyObject()))
+ return item.data(Qt.UserRole).copy()

This errors out on runtime with this error: "AttributeError: 'QVariant' object has no attribute 'copy'"

I tried changing "return item.data(Qt.UserRole).copy()" to "return item.data(Qt.UserRole).toPyObject().copy()" but I'm thrown "TypeError: key PyQt4.QtCore.QString(u'pos') is not a string"

I expect that there are somewhat significant codebase differences due to the fact that Trusty is based off of PyQt4 while Bionic is based off of PyQt5, but I am a bit stumped at why this error would be thrown.

I've subscribed Marc directly because I have worked with him on this (briefly, via IRC), and I'm a bit out of time at the moment (18.04 is near) to be researching old PyQt4 syntax, but if I'm missing something obvious, please yell.

Thanks.