Sanitize input param dl_total_time

create_image-Sanitize-input-param-dl_total_time.patch

@@ -0,0 +1,30 @@
+From 0179138fe58134dec9abe77220d683c7dbb105e6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Wed, 11 Dec 2019 12:29:54 +0100
+Subject: [PATCH] * src/progress.c (create_image): Sanitize input param
+ 'dl_total_time'
+
+---
+ src/progress.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/progress.c b/src/progress.c
+index 1db94546..574a035e 100644
+--- a/src/progress.c
++++ b/src/progress.c
+@@ -950,6 +950,12 @@ create_image (struct bar_progress *bp, double dl_total_time, bool done)
+   if (progress_size < 5)
+     progress_size = 0;
+ 
++  // sanitize input
++  if (dl_total_time >= INT_MAX)
++    dl_total_time = INT_MAX - 1;
++  else if (dl_total_time < 0)
++    dl_total_time = 0;
++
+   if (orig_filename_cols <= MAX_FILENAME_COLS)
+     {
+       padding = MAX_FILENAME_COLS - orig_filename_cols;
+-- 
+2.19.1.windows.1
+

wget.spec

@@ -1,11 +1,13 @@
 Name:          wget
 Version:       1.20.3
-Release:       1
+Release:       2
 Summary:       A package for retrieving files using HTTP, HTTPS, FTP and FTPS the most widely-used Internet protocols.
 License:       GPLv3+
 Url:           http://www.gnu.org/software/wget/
 Source:        ftp://ftp.gnu.org/gnu/wget/wget-%{version}.tar.gz
 
+Patch6000:     create_image-Sanitize-input-param-dl_total_time.patch
+
 Provides:      webclient bundled(gnulib)
 BuildRequires: perl-HTTP-Daemon python3 libuuid-devel perl-podlators libpsl-devel libmetalink-devel
 BuildRequires: gnutls-devel pkgconfig texinfo gettext autoconf libidn2-devel gpgme-devel zlib-devel
@@ -52,6 +54,12 @@ make check
 %{_infodir}/*
 
 %changelog
+* Thu Apr 23 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.20.3-2
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:Sanitize input param dl_total_time
+
 * Sat Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.20.3-1
 - Type:NA
 - ID:NA