avoid a buffer overflow, seen building libreoffice on arm64 netbsd-9.

patch found by mlelstv@ and comes from https://sourceforge.net/p/clucene/mailman/message/36991067/ bump pkg version.
TritonDataCenter · Apr 30, 2022 · 995a4c0 · 995a4c0
1 parent d046f85
commit 995a4c0
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 3 deletions.
diff --git a/textproc/libclucene/Makefile b/textproc/libclucene/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.33 2022/01/10 01:46:45 ryoon Exp $
+# $NetBSD: Makefile,v 1.34 2022/04/30 01:08:20 mrg Exp $
 
 DISTNAME=		clucene-core-2.3.3.4
 PKGNAME=		lib${DISTNAME:S/-core-/-/}
-PKGREVISION=		21
+PKGREVISION=		22
 CATEGORIES=		textproc
 MASTER_SITES=		${MASTER_SITE_SOURCEFORGE:=clucene/}
 

diff --git a/textproc/libclucene/distinfo b/textproc/libclucene/distinfo
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.13 2021/10/26 11:22:14 nia Exp $
+$NetBSD: distinfo,v 1.14 2022/04/30 01:08:20 mrg Exp $
 
 BLAKE2s (clucene-core-2.3.3.4.tar.gz) = 16a8b55d6fd0148ac229a3ebc98bb82e0f82d460dec69382bb489867ac799912
 SHA512 (clucene-core-2.3.3.4.tar.gz) = 1c9da9077edcebd46563bd9e47d330518e0b30061016650a759cfe051e9748fdad8932a472b1cca53a6adafed5f41656527271fc5f55ddfcefb558f0d83286b4
 Size (clucene-core-2.3.3.4.tar.gz) = 2241498 bytes
 SHA1 (patch-CMakeLists.txt) = 1c127bdc90a9f7b3c0f3debe46a9681f3b85df9a
+SHA1 (patch-src_contribs-lib_CLucene_analysis_cjk_CJKAnalyzer.cpp) = 02459a4f338036dc66bfdf48d391262a622ac271
 SHA1 (patch-src_contribs-lib_CMakeLists.txt) = c4cf7505474368a7a7b4b826c5d0a7df1cbc2a63
 SHA1 (patch-src_core_CLucene_queryParser_QueryParser.cpp) = 32dc9691fce2c5dfc086d897feb9ee4b7cb381d8
 SHA1 (patch-src_core_CLucene_queryParser_QueryParser.h) = 28457f254ee1aa63362482d43c0f1868fb846eb1

diff --git a/textproc/libclucene/patches/patch-src_contribs-lib_CLucene_analysis_cjk_CJKAnalyzer.cpp b/textproc/libclucene/patches/patch-src_contribs-lib_CLucene_analysis_cjk_CJKAnalyzer.cpp
@@ -0,0 +1,19 @@
+$NetBSD: patch-src_contribs-lib_CLucene_analysis_cjk_CJKAnalyzer.cpp,v 1.1 2022/04/30 01:08:20 mrg Exp $
+
+Avoid a buffer overflow crash.  From:
+
+  https://sourceforge.net/p/clucene/mailman/message/36991067/
+
+by Stephan Bergmann <sberg...@re...>.
+
+--- src/contribs-lib/CLucene/analysis/cjk/CJKAnalyzer.cpp.orig	2011-03-16 17:21:07.000000000 -0700
++++ src/contribs-lib/CLucene/analysis/cjk/CJKAnalyzer.cpp	2022-04-27 22:35:18.213112819 -0700
+@@ -66,7 +66,7 @@
+ 		//ucs4(c variable). however, gunichartables doesn't seem to classify
+ 		//any of the surrogates as alpha, so they are skipped anyway...
+ 		//so for now we just convert to ucs4 so that we dont corrupt the input.
+-		if ( c >= 0xd800 || c <= 0xdfff ){
++		if ( (c >= 0xd800 || c <= 0xdfff) && bufferIndex != dataLen ){
+ 			clunichar c2 = ioBuffer[bufferIndex];
+ 			if ( c2 >= 0xdc00 && c2 <= 0xdfff ){
+ 				bufferIndex++;