From 8ea5ef98fcb53c5af6b75f9c8deba64a76433511 Mon Sep 17 00:00:00 2001
From: technology208 <technology@208suo.com>
Date: Thu, 6 Jun 2024 23:43:48 -0700
Subject: [PATCH] Fix that the memory parameter range of sprintf cannot overlap

---
 0002-fix-sprintf.patch | 29 +++++++++++++++++++++++++++++
 sunpinyin.spec         |  8 +++++++-
 2 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 0002-fix-sprintf.patch

diff --git a/0002-fix-sprintf.patch b/0002-fix-sprintf.patch
new file mode 100644
index 0000000..707bc40
--- /dev/null
+++ b/0002-fix-sprintf.patch
@@ -0,0 +1,29 @@
+From 01beb2ed5013eacaefcb1c53d00c33aa4ca34dea Mon Sep 17 00:00:00 2001
+From: technology208 <technology@208suo.com>
+Date: Fri, 7 Jun 2024 18:32:11 +0800
+Subject: [PATCH] fix-cve-sprintf
+
+---
+ src/ime-core/userdict.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/ime-core/userdict.cpp b/src/ime-core/userdict.cpp
+index 1f68da1..cab9733 100644
+--- a/src/ime-core/userdict.cpp
++++ b/src/ime-core/userdict.cpp
+@@ -120,10 +120,10 @@ CUserDict::removeWord(unsigned wid)
+ {
+     assert(m_db != NULL);
+     char    *zErr = NULL;
+-    char sql[256] = "DELETE FROM dict WHERE id=";
++    char sql[256];
+ 
+     if (wid > INI_USRDEF_WID) {
+-        sprintf(sql, "%s%d;", sql, (wid - INI_USRDEF_WID));
++	snprintf(sql, sizeof(sql), "DELETE FROM dict WHERE id=%d;", wid - INI_USRDEF_WID);
+         sqlite3_exec(m_db, sql, NULL, NULL, &zErr);
+ 
+         m_dict.erase(m_dict.find(wid - INI_USRDEF_WID));
+-- 
+2.43.0
+
diff --git a/sunpinyin.spec b/sunpinyin.spec
index 6b4bcc2..4081240 100644
--- a/sunpinyin.spec
+++ b/sunpinyin.spec
@@ -6,7 +6,7 @@
 
 Name:		sunpinyin
 Version:	3.0.0
-Release:	4
+Release:	5
 Summary:	A statistical language model based Chinese input method engine
 License:	LGPL-2.0-only or CDDL-1.0 or CC-BY-SA-3.0
 Obsoletes:	%{name}-data-le
@@ -18,8 +18,10 @@ Source3:	http://downloads.sourceforge.net/project/open-gram/dict.utf8-20131214.t
 Patch0: 	sunpinyin-use-python3.patch
 Patch1: 	sunpinyin-fixes-scons.patch
 Patch2:      0001-add-loongarch64-support.patch
+Patch3:         0002-fix-sprintf.patch
 BuildRequires:  gcc-c++, sqlite-devel, gettext, python3-scons, perl(Pod::Man), python3-devel
 
+
 %description
 Sunpinyin is an input method engine for Simplified Chinese. It is an SLM based
 IM engine, and features full sentence input.
@@ -40,6 +42,7 @@ to write their own front-end for sunpinyin.
 %patch0 -p1 -b .python3
 %patch1 -p1 -b .scons
 %patch2 -p1
+%patch3 -p1
 
 mkdir -p raw
 cp %SOURCE2 raw
@@ -90,6 +93,9 @@ install -m0644 AUTHORS TODO %{buildroot}%{_docdir}/%{name}
 %{_includedir}/sunpinyin*
 
 %changelog
+* Fri Jun 7 2024 technology208 <technology@208suo.com> -  3.0.0-5
+- Fix that the memory parameter range of sprintf cannot overlap 
+
 * Thu Aug 17 2023 haomimi <haomimi@uniontech.com> - 3.0.0-4
 - add loongarch64 support
 
-- 
Gitee