From 534ea3a38c109e793ea44f5f925ca2ec06af78baee532554810e048ed8748549 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= <ismail@i10z.com>
Date: Tue, 26 Nov 2013 16:13:25 +0000
Subject: [PATCH] Accepting request 208551 from
 home:netsroth:branches:devel:libraries:c_c++

Add patch against malloc int overflow

OBS-URL: https://build.opensuse.org/request/show/208551
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/boost?expand=0&rev=114
---
 boost-pool_check_overflow.patch | 36 +++++++++++++++++++++++++++++++++
 boost.changes                   |  7 +++++++
 boost.spec                      |  2 ++
 3 files changed, 45 insertions(+)
 create mode 100644 boost-pool_check_overflow.patch

diff --git a/boost-pool_check_overflow.patch b/boost-pool_check_overflow.patch
new file mode 100644
index 0000000..59a0dac
--- /dev/null
+++ b/boost-pool_check_overflow.patch
@@ -0,0 +1,36 @@
+Upstream URL: https://svn.boost.org/trac/boost/ticket/6701
+
+Check that request size doesn't overflow.
+
+Index: boost/pool/pool.hpp
+===================================================================
+--- boost/pool/pool.hpp.orig	2007-11-25 19:07:19.000000000 +0100
++++ boost/pool/pool.hpp	2012-06-22 13:03:49.422438613 +0200
+@@ -10,6 +10,8 @@
+ #define BOOST_POOL_HPP
+ 
+ #include <boost/config.hpp>  // for workarounds
++// std::numeric_limits
++#include <boost/limits.hpp>
+ 
+ // std::less, std::less_equal, std::greater
+ #include <functional>
+@@ -793,6 +793,9 @@ void * pool<UserAllocator>::ordered_mall
+   //! \returns Address of chunk n if allocated ok.
+   //! \returns 0 if not enough memory for n chunks.
+ 
++  if (requested_size && (n > (std::numeric_limits<size_type>::max)() / requested_size))
++    return 0;
++
+   const size_type partition_size = alloc_size();
+   const size_type total_req_size = n * requested_size;
+   const size_type num_chunks = total_req_size / partition_size +
+@@ -975,6 +979,8 @@
+   {
+      if(max_alloc_size && (n > max_alloc_size))
+         return 0;
++     if(chunk_size && (n > (std::numeric_limits<size_type>::max)() / chunk_size))
++        return 0;
+      void* ret = (user_allocator::malloc)(chunk_size * n);
+      used_list.insert(ret);
+      return ret;
diff --git a/boost.changes b/boost.changes
index de37ec8..2f76e53 100644
--- a/boost.changes
+++ b/boost.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Nov 26 16:13:00 CET 2013 - tbehrens@suse.com
+
+- Add boost-pool_check_overflow.patch: Prevent possible overflow when
+  calculating the amount to malloc (bnc#765443).
+  Fix from https://svn.boost.org/trac/boost/ticket/6701
+
 -------------------------------------------------------------------
 Sun Oct 20 12:51:53 UTC 2013 - jengelh@inai.de
 
diff --git a/boost.spec b/boost.spec
index ec8a96e..463ac66 100644
--- a/boost.spec
+++ b/boost.spec
@@ -105,6 +105,7 @@ Source4:        existing_extra_docs
 Patch1:         boost-thread.patch
 Patch2:         boost-no_type_punning.patch
 Patch8:         boost-no_segfault_in_Regex_filter.patch
+Patch9:         boost-pool_check_overflow.patch
 Patch20:        boost-strict_aliasing.patch
 Patch50:        boost-use_std_xml_catalog.patch
 Patch60:        boost-glibc-2.18.patch
@@ -421,6 +422,7 @@ find -type f ! \( -name \*.sh -o -name \*.py -o -name \*.pl \) -exec chmod -x {}
 %patch1
 %patch2
 %patch8
+%patch9
 %patch20
 %patch50
 %patch60 -p1