bugfix in oss-fuzz

libical-bugfix-Cap-the-number-of-parameters.patch

@@ -0,0 +1,69 @@
+From 97abaada05f20973a710e194ce7c91c80bf39fe6 Mon Sep 17 00:00:00 2001
+From: orange-snn <songnannan2@huawei.com>
+Date: Tue, 10 Mar 2020 16:44:19 +0800
+Subject: [PATCH] vvv
+
+---
+ src/libical/icalparser.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/libical/icalparser.c b/src/libical/icalparser.c
+index 5715036..416080d 100644
+--- a/src/libical/icalparser.c
++++ b/src/libical/icalparser.c
+@@ -46,6 +46,9 @@
+ 
+ #define TMP_BUF_SIZE 80
+ 
++#define MAXIMUM_ALLOWED_PARAMETERS 100
++#define MAXIMUM_ALLOWED_MULTIPLE_VALUES 500
++
+ struct icalparser_impl
+ {
+     int buffer_full;    /* flag indicates that temp is smaller that
+@@ -689,6 +692,7 @@ icalcomponent *icalparser_add_line(icalparser *parser, char *line)
+ {
+     char *str;
+     char *end;
++    int pcount = 0;
+     int vcount = 0;
+     icalproperty *prop;
+     icalproperty_kind prop_kind;
+@@ -864,7 +868,7 @@ icalcomponent *icalparser_add_line(icalparser *parser, char *line)
+ 
+     /* Now, add any parameters to the last property */
+ 
+-    while (1) {
++    while (pcount < MAXIMUM_ALLOWED_PARAMETERS) {
+         if (*(end - 1) == ':') {
+             /* if the last separator was a ":" and the value is a
+                URL, icalparser_get_next_parameter will find the
+@@ -1083,6 +1087,7 @@ icalcomponent *icalparser_add_line(icalparser *parser, char *line)
+ 
+                     icalmemory_free_buffer(str);
+                     str = NULL;
++		    pcount++;
+                     continue;
+                 }
+             }
+@@ -1092,7 +1097,7 @@ icalcomponent *icalparser_add_line(icalparser *parser, char *line)
+             tail = 0;
+             icalmemory_free_buffer(str);
+             str = NULL;
+-
++	    pcount++;
+         } else {
+             /* str is NULL */
+             break;
+@@ -1109,7 +1114,7 @@ icalcomponent *icalparser_add_line(icalparser *parser, char *line)
+        parameter and add one part of the value to each clone */
+ 
+     vcount = 0;
+-    while (1) {
++    while (vcount < MAXIMUM_ALLOWED_MULTIPLE_VALUES) {
+         /* Only some properties can have multiple values. This list was taken
+            from rfc5545. Also added the x-properties, because the spec actually
+            says that commas should be escaped. For x-properties, other apps may
+-- 
+1.8.3.1
+

libical-bugfix-Reset-the-parser-level-to-0.patch

@@ -0,0 +1,36 @@
+From fdeb2c05160969a3251eda1b3dbd7f855656fd12 Mon Sep 17 00:00:00 2001
+From: Kent Sutherland <git@ksuther.com>
+Date: Sat, 11 May 2019 19:59:03 +0000
+Subject: [PATCH] Reset the parser level to 0 when encountering a line with END
+ before BEGIN Fixes memory leaks caused by the parser behaving incorrectly
+ when the level is negative. oss-fuzz issue 14480, 14151, 14152, 14153, 14155.
+
+---
+ src/libical/icalparser.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/libical/icalparser.c b/src/libical/icalparser.c
+index 0530a4b..6d54a7c 100644
+--- a/src/libical/icalparser.c
++++ b/src/libical/icalparser.c
+@@ -795,8 +795,15 @@ icalcomponent *icalparser_add_line(icalparser *parser, char *line)
+         icalmemory_free_buffer(str);
+         str = NULL;
+ 
+-        /* Return the component if we are back to the 0th level */
+-        if (parser->level == 0) {
++        if (parser->level < 0) {
++            // Encountered an END before any BEGIN, this must be invalid data
++            icalerror_warn("Encountered END before BEGIN");
++
++            parser->state = ICALPARSER_ERROR;
++            parser->level = 0;
++            return 0;
++        } else if (parser->level == 0) {
++            /* Return the component if we are back to the 0th level */
+             icalcomponent *rtrn;
+ 
+             if (pvl_count(parser->components) != 0) {
+-- 
+2.19.1
+

libical-bugfix-attempt-to-make-Coverity-happy.patch

@@ -0,0 +1,31 @@
+From 5048c2e6084bc0df1a80416bf9760f03e243bb09 Mon Sep 17 00:00:00 2001
+From: Allen Winter <allen.winter@kdab.com>
+Date: Sun, 12 May 2019 16:55:44 -0400
+Subject: [PATCH] another attempt to make Coverity happy
+
+---
+ src/libical/icalparser.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/libical/icalparser.c b/src/libical/icalparser.c
+index 6d54a7c..de7a2a4 100644
+--- a/src/libical/icalparser.c
++++ b/src/libical/icalparser.c
+@@ -1004,7 +1004,13 @@ icalcomponent *icalparser_add_line(icalparser *parser, char *line)
+                 /* Reparse the parameter name and value with the new segment */
+                 if (!parser_get_param_name_stack(str, name_stack, sizeof(name_stack),
+                                                  pvalue_stack, sizeof(pvalue_stack))) {
+-                    if (name_heap) {
++                    
++		    if (pvalue_heap) {
++                        icalmemory_free_buffer(pvalue_heap);
++                        pvalue_heap = 0;
++                        pvalue = 0;
++                    }	
++		    if (name_heap) {
+                         icalmemory_free_buffer(name_heap);
+                         name = 0;
+                     }
+-- 
+2.19.1
+

libical-bugfix-timeout-found-by-fuzzer.patch

@@ -0,0 +1,52 @@
+From 3eacf85ec9dd638c2023c89c2a6cdf61107fc617 Mon Sep 17 00:00:00 2001
+From: Kent Sutherland <git@ksuther.com>
+Date: Fri, 14 Jun 2019 15:21:59 -0500
+Subject: [PATCH] Fix timeout found by fuzzer (oss-fuzz issue 14881) strspn is
+ really slow compared to doing direct comparisons
+
+---
+ src/libical/icalparser.c | 18 +++++++++++++-----
+ 1 file changed, 13 insertions(+), 5 deletions(-)
+
+diff --git a/src/libical/icalparser.c b/src/libical/icalparser.c
+index fa92495..0530a4b 100644
+--- a/src/libical/icalparser.c
++++ b/src/libical/icalparser.c
+@@ -221,21 +221,29 @@ static void parser_decode_param_value(char *value)
+     char *in, *out;
+ 
+     for (in = out = value; *in; in++, out++) {
+-        if (*in == '^' && strspn(in+1, "n^'")) {
+-            switch (*++in) {
+-            case 'n':
++        int found_escaped_char = 0;
++	
++	if(*in == '^'){
++	    switch (*(in + 1)) {
++	    case 'n':
+                 *out = '\n';
++		found_escaped_char = 1;
+                 break;
+-
+             case '^':
+                 *out = '^';
++		found_escaped_char = 1;
+                 break;
+ 
+             case '\'':
+                 *out = '"';
++		found_escaped_char = 1;
+                 break;
+             }
+-        } else {
++        }
++	 
++	if(found_escaped_char) {
++	++in;
++	} else {
+             *out = *in;
+         }
+     }
+-- 
+2.19.1
+

libical.spec

@@ -1,6 +1,6 @@
 Name:           libical
 Version:        3.0.4
-Release:        1
+Release:        2
 Summary:        An Open Source implementation of the iCalendar protocols and protocol data formats.
 License:        LGPLv2 or MPLv2.0
 URL:            https://libical.github.io/libical/
@@ -13,6 +13,11 @@ Requires:       tzdata
 Provides:       libical-glib = %{version}-%{release}
 Obsoletes:      libical-glib < %{version}-%{release}
 
+Patch6001:      libical-bugfix-Cap-the-number-of-parameters.patch
+Patch6002: 	libical-bugfix-timeout-found-by-fuzzer.patch
+Patch6003:	libical-bugfix-Reset-the-parser-level-to-0.patch
+Patch6004:	libical-bugfix-attempt-to-make-Coverity-happy.patch
+
 %description
 Libical is an open source implementation of the IETF's iCalendar calendaring
 and scheduling protocols (RFC 2445, 2446, and 2447).
@@ -74,6 +79,9 @@ make test ARGS="-V" -C %{_target_platform}
 %{_datadir}/gtk-doc/html/%{name}-glib
 
 %changelog
+* Tue Mar 10 2020 songnannan <songnannan2@huawei.com> - 3.0.4-2
+- bugfix in oss-fuzz
+
 * Fri Jan 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.0.4-1
 - Type:bugfix
 - Id:NA