From 99a14ff48450fd91042220623e9aa93b4480103c Mon Sep 17 00:00:00 2001
From: fly_fzc <2385803914@qq.com>
Date: Mon, 10 Feb 2025 09:39:12 +0800
Subject: [PATCH] fix CVE-2018-17942

(cherry picked from commit f32533d14a634c6ab8daf705df88ff055f8da53e)
---
 backport-CVE-2018-17942.patch | 32 ++++++++++++++++++++++++++++++++
 patch.spec                    |  6 +++++-
 2 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2018-17942.patch

diff --git a/backport-CVE-2018-17942.patch b/backport-CVE-2018-17942.patch
new file mode 100644
index 0000000..bf3c4c7
--- /dev/null
+++ b/backport-CVE-2018-17942.patch
@@ -0,0 +1,32 @@
+From 278b4175c9d7dd47c1a3071554aac02add3b3c35 Mon Sep 17 00:00:00 2001
+From: Bruno Haible <bruno@clisp.org>
+Date: Sun, 23 Sep 2018 14:13:52 +0200
+Subject: vasnprintf: Fix heap memory overrun bug.
+
+Reported by Ben Pfaff <blp@cs.stanford.edu> in
+<https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00107.html>.
+
+* lib/vasnprintf.c (convert_to_decimal): Allocate one more byte of
+memory.
+---
+ lib/vasnprintf.c        |  4 +++-
+ 1 files changed, 3 insertions(+), 1 deletions(-)
+
+diff --git a/lib/vasnprintf.c b/lib/vasnprintf.c
+index 56ffbe3..30d021b 100644
+--- a/lib/vasnprintf.c
++++ b/lib/vasnprintf.c
+@@ -860,7 +860,9 @@ convert_to_decimal (mpn_t a, size_t extra_zeroes)
+   size_t a_len = a.nlimbs;
+   /* 0.03345 is slightly larger than log(2)/(9*log(10)).  */
+   size_t c_len = 9 * ((size_t)(a_len * (GMP_LIMB_BITS * 0.03345f)) + 1);
+-  char *c_ptr = (char *) malloc (xsum (c_len, extra_zeroes));
++  /* We need extra_zeroes bytes for zeroes, followed by c_len bytes for the
++     digits of a, followed by 1 byte for the terminating NUL.  */
++  char *c_ptr = (char *) malloc (xsum (xsum (extra_zeroes, c_len), 1));
+   if (c_ptr != NULL)
+     {
+       char *d_ptr = c_ptr;
+-- 
+cgit v1.1
+
diff --git a/patch.spec b/patch.spec
index 00028de..477cc76 100644
--- a/patch.spec
+++ b/patch.spec
@@ -1,6 +1,6 @@
 Name:		patch
 Version:	2.7.6
-Release:	21
+Release:	22
 Summary:	Utiliity which applies a patch file to original files.
 License:	GPLv3+
 URL:	 	http://www.gnu.org/software/patch/patch.html
@@ -28,6 +28,7 @@ Patch19:        backport-Fix-failed-assertion-outstate-after_newline.patch
 Patch20:        backport-Add-missing-section-tests-to-context-format-test-cas.patch
 Patch21:        backport-Fix-test-for-presence-of-BASH_LINENO-0.patch
 Patch22:        backport-Pass-the-correct-stat-to-backup-files.patch
+Patch23:        backport-CVE-2018-17942.patch
 
 BuildRequires:	gcc libselinux-devel libattr-devel ed
 Buildroot:	%{_tmppath}/%{name}-%{version}-%{release}-root-root
@@ -70,6 +71,9 @@ CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE"
 %{_mandir}/man1/*
 
 %changelog
+* Mon Feb 10 2025 fuanan <fuanan3@h-partners.com> - 2.7.6-22
+- fix CVE-2018-17942
+
 * Mon Apr 29 2024 kouwenqi <kouwenqi@kylinos.cn> - 2.7.6-21
 - Pass the correct stat to backup files