diff --git a/fix-use-of-uninitialized-value-476-478.patch b/fix-use-of-uninitialized-value-476-478.patch
new file mode 100644
index 0000000000000000000000000000000000000000..040094dbc8fb98e563022c7a542ff142784a3d30
--- /dev/null
+++ b/fix-use-of-uninitialized-value-476-478.patch
@@ -0,0 +1,32 @@
+From 0b44e558f311671f6e6d14c559bc1c9bda59b8df Mon Sep 17 00:00:00 2001
+From: Will Cosgrove <will@panic.com>
+Date: Thu, 28 May 2020 14:20:08 -0700
+Subject: [PATCH 2/2] transport.c: moving total_num check from #476 (#478)
+
+file: transport.c
+
+notes:
+moving total_num zero length check from #476 up to the prior bounds check which already includes a total_num check. Makes it slightly more readable.
+
+credit:
+Will Cosgrove
+---
+ src/transport.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/transport.c b/src/transport.c
+index adf96c2..11e5614 100644
+--- a/src/transport.c
++++ b/src/transport.c
+@@ -465,7 +465,7 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
+              * or less (including length, padding length, payload,
+              * padding, and MAC.)."
+              */
+-            if(total_num > LIBSSH2_PACKET_MAXPAYLOAD) {
++            if(total_num > LIBSSH2_PACKET_MAXPAYLOAD || total_num == 0) {
+                 return LIBSSH2_ERROR_OUT_OF_BOUNDARY;
+             }
+ 
+-- 
+1.8.3.1
+
diff --git a/libssh2.spec b/libssh2.spec
index 7f106c56f923721c01e6f3f0ef7ab759a783c80d..d60a9aa69b80f5b24eb3a7124c1160e81018ce8c 100644
--- a/libssh2.spec
+++ b/libssh2.spec
@@ -1,6 +1,6 @@
 Name:		libssh2
 Version:	1.9.0
-Release:	2
+Release:	3
 Summary:	A library implementing the SSH2 protocol
 License:	BSD
 URL:		https://www.libssh2.org/
@@ -8,6 +8,7 @@ Source0:	https://libssh2.org/download/libssh2-%{version}.tar.gz
 
 Patch9000:      0001-libssh2-CVE-2019-17498.patch
 Patch9001:      0001-libssh2-misc.c-_libssh2_ntohu32-cast-bit-shifting-40.patch
+Patch9002:      fix-use-of-uninitialized-value-476-478.patch
 
 BuildRequires:	coreutils findutils /usr/bin/man zlib-devel
 BuildRequires:	gcc make sed openssl-devel > 1:1.0.1 openssh-server
@@ -87,6 +88,12 @@ LC_ALL=en_US.UTF-8 make -C tests check
 %{_mandir}/man3/libssh2_*.3*
 
 %changelog
+* Sat May 30 2020 songzifeng<songzifeng1@huawei.com> - 1.9.0-3
+- Type:bugfix
+- Id:NA
+- SUG:NA
+- DESC: fix use of uninitialized value in transport.c
+
 * Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.9.0-2
 - Type:bugfix
 - Id:NA