libical/libical-bugfix-Reset-the-parser-level-to-0.patch

From fdeb2c05160969a3251eda1b3dbd7f855656fd12 Mon Sep 17 00:00:00 2001
From: Kent Sutherland <git@ksuther.com>
Date: Sat, 11 May 2019 19:59:03 +0000
Subject: [PATCH] Reset the parser level to 0 when encountering a line with END
 before BEGIN Fixes memory leaks caused by the parser behaving incorrectly
 when the level is negative. oss-fuzz issue 14480, 14151, 14152, 14153, 14155.

---
 src/libical/icalparser.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/libical/icalparser.c b/src/libical/icalparser.c
index 0530a4b..6d54a7c 100644
--- a/src/libical/icalparser.c
+++ b/src/libical/icalparser.c
@@ -795,8 +795,15 @@ icalcomponent *icalparser_add_line(icalparser *parser, char *line)
         icalmemory_free_buffer(str);
         str = NULL;
 
-        /* Return the component if we are back to the 0th level */
-        if (parser->level == 0) {
+        if (parser->level < 0) {
+            // Encountered an END before any BEGIN, this must be invalid data
+            icalerror_warn("Encountered END before BEGIN");
+
+            parser->state = ICALPARSER_ERROR;
+            parser->level = 0;
+            return 0;
+        } else if (parser->level == 0) {
+            /* Return the component if we are back to the 0th level */
             icalcomponent *rtrn;
 
             if (pvl_count(parser->components) != 0) {
-- 
2.19.1