New patch 040_libwc-overflow.patch to fix integer overflow in libwc

2 files changed, 30 insertions, 0 deletions

diff --git a/debian/patches/040_libwc-overflow.patch b/debian/patches/040_libwc-overflow.patch
new file mode 100644
index 0000000..ab6fd8b
--- /dev/null
+++ b/debian/patches/040_libwc-overflow.patch
@@ -0,0 +1,29 @@
+Subject: Prevent unintentional integer overflow in libwc
+Author: Tatsuya Kinoshita <tats@debian.org>
+
+diff --git a/libwc/utf7.c b/libwc/utf7.c
+index 44a3330..874bc3d 100644
+--- a/libwc/utf7.c
++++ b/libwc/utf7.c
+@@ -73,7 +73,7 @@ wc_conv_from_utf7(Str is, wc_ces ces)
+ 	;
+     if (p == ep)
+ 	return is;
+-    os = Strnew_size(is->length * 4 / 3);
++    os = Strnew_size(is->length + is->length / 3);
+     if (p > sp)
+ 	Strcat_charp_n(os, is->ptr, (int)(p - sp));
+ 
+diff --git a/libwc/utf8.c b/libwc/utf8.c
+index e523139..c878499 100644
+--- a/libwc/utf8.c
++++ b/libwc/utf8.c
+@@ -150,7 +150,7 @@ wc_conv_from_utf8(Str is, wc_ces ces)
+ 	;
+     if (p == ep)
+ 	return is;
+-    os = Strnew_size(is->length * 4 / 3);
++    os = Strnew_size(is->length + is->length / 3);
+     if (p > sp)
+ 	Strcat_charp_n(os, is->ptr, (int)(p - sp));
+ 
diff --git a/debian/patches/series b/debian/patches/series
index b829509..043b91c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 010_section.patch
 020_ssl-ca.patch
 030_str-overflow.patch
+040_libwc-overflow.patch