From fffca81ddb25a939d720bab5240bfd6410c644ba Mon Sep 17 00:00:00 2001
From: Filpped <pennycng@outlook.com>
Date: Tue, 14 Jan 2025 16:03:58 +0800
Subject: [PATCH] fix CVE-2018-17942

(cherry picked from commit 714442866dadde5d1e945b19c684755950fd8418)
---
 enscript-CVE-vasnprintf.patch | 15 +++++++++++++++
 enscript.spec                 |  6 +++++-
 2 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 enscript-CVE-vasnprintf.patch

diff --git a/enscript-CVE-vasnprintf.patch b/enscript-CVE-vasnprintf.patch
new file mode 100644
index 0000000..623f2ab
--- /dev/null
+++ b/enscript-CVE-vasnprintf.patch
@@ -0,0 +1,15 @@
+diff --git a/intl/vasnprintf.c b/intl/vasnprintf.c
+index 4a8e7f0..65ade71 100644
+--- a/intl/vasnprintf.c
++++ b/intl/vasnprintf.c
+@@ -758,7 +758,9 @@ convert_to_decimal (mpn_t a, size_t extra_zeroes)
+   size_t a_len = a.nlimbs;
+   /* 0.03345 is slightly larger than log(2)/(9*log(10)).  */
+   size_t c_len = 9 * ((size_t)(a_len * (GMP_LIMB_BITS * 0.03345f)) + 1);
+-  char *c_ptr = (char *) malloc (xsum (c_len, extra_zeroes));
++  /* We need extra_zeroes bytes for zeroes, followed by c_len bytes for the
++     digits of a, followed by 1 byte for the terminating NUL.  */
++  char *c_ptr = (char *) malloc (xsum (xsum (extra_zeroes, c_len), 1));
+   if (c_ptr != NULL)
+     {
+       char *d_ptr = c_ptr;
diff --git a/enscript.spec b/enscript.spec
index 066b111..3479fee 100644
--- a/enscript.spec
+++ b/enscript.spec
@@ -1,6 +1,6 @@
 Name:              enscript
 Version:           1.6.6
-Release:           21
+Release:           22
 Summary:           A plain ASCII to PostScript converter
 License:           GPLv3+
 URL:               http://www.gnu.org/software/enscript
@@ -17,6 +17,7 @@ Patch0002:         enscript-1.6.4-rh457720.patch
 Patch0003:         enscript-rh477382.patch
 Patch0004:         enscript-build.patch
 Patch0005:         enscript-bufpos-crash.patch
+Patch0006:         enscript-CVE-vasnprintf.patch
 
 %description
 GNU enscript is a computer program that converts text files to PostScript,
@@ -73,6 +74,9 @@ done
 %{_infodir}/enscript*
 
 %changelog
+* Tue Jan 14 2025 pengjian <pengjian23@mails.ucas.ac.cn> - 1.6.6-22
+- fix CVE-2018-17942
+
 * Wed Oct 9 2024 lvzhonglin<lvzhonglin@inspur.com> - 1.6.6-21
 - update package description
 
-- 
Gitee