From f5bf8f9d9f7bd1bd24685ce744ce735e9d4fd387 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Tue, 8 Oct 2019 16:03:04 +0200
Subject: fix heap-buffer-overflow using upstream patch

---
 15c4228aa2ffa02140a99912dd3177df0b1841c6.patch | 37 ++++++++++++++++++++++++++
 oniguruma.spec                                 |  7 ++++-
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 15c4228aa2ffa02140a99912dd3177df0b1841c6.patch

diff --git a/15c4228aa2ffa02140a99912dd3177df0b1841c6.patch b/15c4228aa2ffa02140a99912dd3177df0b1841c6.patch
new file mode 100644
index 0000000..88dd8e8
--- /dev/null
+++ b/15c4228aa2ffa02140a99912dd3177df0b1841c6.patch
@@ -0,0 +1,37 @@
+From 15c4228aa2ffa02140a99912dd3177df0b1841c6 Mon Sep 17 00:00:00 2001
+From: "K.Kosako" <kkosako0@gmail.com>
+Date: Fri, 4 Oct 2019 19:54:40 +0900
+Subject: [PATCH] fix #156: Heap buffer overflow in match_at() with
+ case-insensitive match
+
+---
+ src/regcomp.c | 2 +-
+ src/regexec.c | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/regcomp.c b/src/regcomp.c
+index cd379a2..52f6f01 100644
+--- a/src/regcomp.c
++++ b/src/regcomp.c
+@@ -734,8 +734,8 @@ add_compile_string(UChar* s, int mb_len, int str_len,
+     COP(reg)->exact_n.s = p;
+   }
+   else {
++    xmemset(COP(reg)->exact.s, 0, sizeof(COP(reg)->exact.s));
+     xmemcpy(COP(reg)->exact.s, s, (size_t )byte_len);
+-    COP(reg)->exact.s[byte_len] = '\0';
+   }
+ 
+   return 0;
+diff --git a/src/regexec.c b/src/regexec.c
+index e471491..4bcd8a9 100644
+--- a/src/regexec.c
++++ b/src/regexec.c
+@@ -2889,6 +2889,7 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
+           DATA_ENSURE(0);
+           q = lowbuf;
+           while (len-- > 0) {
++            if (ps >= endp) goto fail;
+             if (*ps != *q) goto fail;
+             ps++; q++;
+           }
diff --git a/oniguruma.spec b/oniguruma.spec
index 17cdec2..6cb224a 100644
--- a/oniguruma.spec
+++ b/oniguruma.spec
@@ -24,7 +24,7 @@ Name:       %{libname}
 Name:       %{libname}%{soname}
 %endif
 Version:	6.9.3
-Release:	2%{?dist}
+Release:	3%{?dist}
 Summary:	Regular expressions library
 
 License:	BSD
@@ -32,6 +32,7 @@ URL:		https://github.com/kkos/oniguruma/
 Source0:	https://github.com/kkos/oniguruma/releases/download/v%{version}/onig-%{version}.tar.gz
 
 Patch0:     https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b.patch
+Patch1:     https://github.com/kkos/oniguruma/commit/15c4228aa2ffa02140a99912dd3177df0b1841c6.patch
 
 BuildRequires:	gcc
 
@@ -69,6 +70,7 @@ developing applications that use %{name}.
 %setup -q -n onig-%{version}
 %{__sed} -i.multilib -e 's|-L@libdir@||' onig-config.in
 %patch0 -p1 -b .up
+%patch1 -p1 -b .up1
 
 %if 0
 for f in \
@@ -144,6 +146,9 @@ find $RPM_BUILD_ROOT -name '*.la' \
 
 
 %changelog
+* Tue Oct  8 2019 Remi Collet <remi@remirepo.net> -6.9.3-3
+- fix heap-buffer-overflow using upstream patch
+
 * Thu Sep 26 2019 Remi Collet <remi@remirepo.net> -6.9.3-2
 - fix heap-buffer-overflow using upstream patch
   https://bugzilla.redhat.com/1755880
-- 
cgit