From bbf3121a53abedb178633ba77b215485e66a82ca Mon Sep 17 00:00:00 2001
From: fly_fzc <2385803914@qq.com>
Date: Mon, 10 Feb 2025 09:36:30 +0800
Subject: [PATCH] fix CVE-2018-17942

---
 backport-CVE-2018-17942.patch | 32 ++++++++++++++++++++++++++++++++
 patch.spec                    |  8 ++++++--
 2 files changed, 38 insertions(+), 2 deletions(-)
 create mode 100644 backport-CVE-2018-17942.patch

diff --git a/backport-CVE-2018-17942.patch b/backport-CVE-2018-17942.patch
new file mode 100644
index 0000000..bf3c4c7
--- /dev/null
+++ b/backport-CVE-2018-17942.patch
@@ -0,0 +1,32 @@
+From 278b4175c9d7dd47c1a3071554aac02add3b3c35 Mon Sep 17 00:00:00 2001
+From: Bruno Haible <bruno@clisp.org>
+Date: Sun, 23 Sep 2018 14:13:52 +0200
+Subject: vasnprintf: Fix heap memory overrun bug.
+
+Reported by Ben Pfaff <blp@cs.stanford.edu> in
+<https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00107.html>.
+
+* lib/vasnprintf.c (convert_to_decimal): Allocate one more byte of
+memory.
+---
+ lib/vasnprintf.c        |  4 +++-
+ 1 files changed, 3 insertions(+), 1 deletions(-)
+
+diff --git a/lib/vasnprintf.c b/lib/vasnprintf.c
+index 56ffbe3..30d021b 100644
+--- a/lib/vasnprintf.c
++++ b/lib/vasnprintf.c
+@@ -860,7 +860,9 @@ convert_to_decimal (mpn_t a, size_t extra_zeroes)
+   size_t a_len = a.nlimbs;
+   /* 0.03345 is slightly larger than log(2)/(9*log(10)).  */
+   size_t c_len = 9 * ((size_t)(a_len * (GMP_LIMB_BITS * 0.03345f)) + 1);
+-  char *c_ptr = (char *) malloc (xsum (c_len, extra_zeroes));
++  /* We need extra_zeroes bytes for zeroes, followed by c_len bytes for the
++     digits of a, followed by 1 byte for the terminating NUL.  */
++  char *c_ptr = (char *) malloc (xsum (xsum (extra_zeroes, c_len), 1));
+   if (c_ptr != NULL)
+     {
+       char *d_ptr = c_ptr;
+-- 
+cgit v1.1
+
diff --git a/patch.spec b/patch.spec
index 9042e98..3320a0b 100644
--- a/patch.spec
+++ b/patch.spec
@@ -1,6 +1,6 @@
 Name:		patch
 Version:	2.7.6
-Release:	14
+Release:	15
 Summary:	Utiliity which applies a patch file to original files.
 License:	GPLv3+
 URL:	 	http://www.gnu.org/software/patch/patch.html
@@ -14,7 +14,8 @@ Patch5: 	Fix-swapping-fake-lines-in-pch_swap.patch
 Patch6:         CVE-2018-20969-and-CVE-2019-13638.patch
 Patch7:         CVE-2019-13636.patch
 Patch8:         patch-selinux.patch
-Patch9:     backport-Pass-the-correct-stat-to-backup-files.patch
+Patch9:         backport-Pass-the-correct-stat-to-backup-files.patch
+Patch10:        backport-CVE-2018-17942.patch
 
 BuildRequires:	gcc libselinux-devel libattr-devel ed
 Buildroot:	%{_tmppath}/%{name}-%{version}-%{release}-root-root
@@ -57,6 +58,9 @@ CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE"
 %{_mandir}/man1/*
 
 %changelog
+* Mon Feb 10 2025 fuanan <fuanan3@h-partners.com> - 2.7.6-15
+- fix CVE-2018-17942
+
 * Wed May 22 2024 kouwenqi <kouwenqi@kylinos.cn> - 2.7.6-14
 - Pass the correct stat to backup files