From dafdfeca40e4120a8db7b020259ba3ef5751eabd Mon Sep 17 00:00:00 2001 From: yangl777 Date: Thu, 29 Aug 2024 07:28:32 +0000 Subject: [PATCH] backport some upstream patches (cherry picked from commit c14347500947ee361b7db6e5fdb76bfd7603d26b) --- ...-crashing-in-icalcomponent_normalize.patch | 28 ++++++++++++++ ...a-memleak-in-icalcomponent_normalize.patch | 37 +++++++++++++++++++ libical.spec | 11 +++++- 3 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 backport-icalcomponent.c-avoid-crashing-in-icalcomponent_normalize.patch create mode 100644 backport-icalcomponent.c-fix-a-memleak-in-icalcomponent_normalize.patch diff --git a/backport-icalcomponent.c-avoid-crashing-in-icalcomponent_normalize.patch b/backport-icalcomponent.c-avoid-crashing-in-icalcomponent_normalize.patch new file mode 100644 index 0000000..a0e7708 --- /dev/null +++ b/backport-icalcomponent.c-avoid-crashing-in-icalcomponent_normalize.patch @@ -0,0 +1,28 @@ +From d8345bffcbf5a7e550388c7354818caed4a1e8ad Mon Sep 17 00:00:00 2001 +From: Allen Winter +Date: Sun, 2 Jun 2024 10:35:02 -0400 +Subject: [PATCH] icalcomponent.c - avoid crashing in icalcomponent_normalize + +Avoid a crash in icalcomponent_normalize() by returning +immediately if the specified component in NULL. + +Should fix fuzzer issues 52787 and 56539. +--- + src/libical/icalcomponent.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/libical/icalcomponent.c b/src/libical/icalcomponent.c +index 8fc61a330..be524767d 100644 +--- a/src/libical/icalcomponent.c ++++ b/src/libical/icalcomponent.c +@@ -2628,6 +2628,10 @@ void icalcomponent_normalize(icalcomponent *comp) + icalproperty *prop; + icalcomponent *sub; + ++ icalerror_check_arg(comp != 0, "comp"); ++ if (!comp) ++ return; ++ + /* Normalize properties into sorted list */ + while ((prop = pvl_pop(comp->properties)) != 0) { + int nparams, remove = 0; diff --git a/backport-icalcomponent.c-fix-a-memleak-in-icalcomponent_normalize.patch b/backport-icalcomponent.c-fix-a-memleak-in-icalcomponent_normalize.patch new file mode 100644 index 0000000..2bd63e8 --- /dev/null +++ b/backport-icalcomponent.c-fix-a-memleak-in-icalcomponent_normalize.patch @@ -0,0 +1,37 @@ +From 14294634579557fee136128d410211ea53635c5c Mon Sep 17 00:00:00 2001 +From: Allen Winter +Date: Sun, 2 Jun 2024 11:03:33 -0400 +Subject: [PATCH] icalcomponent.c - fix a memleak in icalcomponent_normalize() + +Fix a memleak introduced in the previous commit. +Make sure to return on NULL specified component *before* +the pvl_lists are created;. +--- + src/libical/icalcomponent.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/libical/icalcomponent.c b/src/libical/icalcomponent.c +index be524767d..9c2db5299 100644 +--- a/src/libical/icalcomponent.c ++++ b/src/libical/icalcomponent.c +@@ -2623,15 +2623,18 @@ static int comp_compare(void *a, void *b) + + void icalcomponent_normalize(icalcomponent *comp) + { +- pvl_list sorted_props = pvl_newlist(); +- pvl_list sorted_comps = pvl_newlist(); + icalproperty *prop; + icalcomponent *sub; ++ pvl_list sorted_props; ++ pvl_list sorted_comps; + + icalerror_check_arg(comp != 0, "comp"); + if (!comp) + return; + ++ sorted_props = pvl_newlist(); ++ sorted_comps = pvl_newlist(); ++ + /* Normalize properties into sorted list */ + while ((prop = pvl_pop(comp->properties)) != 0) { + int nparams, remove = 0; diff --git a/libical.spec b/libical.spec index f471fde..af0ca2d 100644 --- a/libical.spec +++ b/libical.spec @@ -1,6 +1,6 @@ Name: libical Version: 3.0.11 -Release: 1 +Release: 2 Summary: An Open Source implementation of the iCalendar protocols and protocol data formats. License: LGPLv2 or MPLv2.0 URL: https://libical.github.io/libical/ @@ -14,6 +14,8 @@ Provides: libical-glib = %{version}-%{release} Obsoletes: libical-glib < %{version}-%{release} Patch0: libical-bugfix-timeout-found-by-fuzzer.patch +Patch1: backport-icalcomponent.c-avoid-crashing-in-icalcomponent_normalize.patch +Patch2: backport-icalcomponent.c-fix-a-memleak-in-icalcomponent_normalize.patch %description Libical is an open source implementation of the IETF's iCalendar calendaring @@ -79,6 +81,13 @@ make test ARGS="-V" -C %{_target_platform} %{_datadir}/gtk-doc/html/%{name}-glib %changelog +* Thu Aug 29 2024 yanglu - 3.0.11-2 +- Type:bugfix +- Id:NA +- SUG:NA +- DESC:avoid crashing in icalcomponent_normalize + fix a memleak in icalcomponent_normalize + * Tue Dec 14 2021 xihaochen - 3.0.11-1 - Type:requirements - Id:NA -- Gitee