- 989a193268b963aa1047814f7f1402084fb7d859.patch: fix

stack out of bounds read in gsl_stats_quantile_from_sorted_data() (bsc#1214681, CVE-2020-353570) OBS-URL: https://build.opensuse.org/package/show/science/gsl?expand=0&rev=43
2023-08-28 11:36:19 +00:00 · 2023-08-28 11:36:19 +00:00 · c620f66df0
commit c620f66df0
parent 2aaf7afe6f
3 changed files with 82 additions and 0 deletions
--- a/989a193268b963aa1047814f7f1402084fb7d859.patch
+++ b/989a193268b963aa1047814f7f1402084fb7d859.patch
@ -0,0 +1,73 @@
+From 989a193268b963aa1047814f7f1402084fb7d859 Mon Sep 17 00:00:00 2001
+From: Patrick Alken <alken@colorado.edu>
+Date: Sat, 16 Apr 2022 11:56:10 -0600
+Subject: fix for bug #59624
+
+---
+ NEWS                          |  2 ++
+ statistics/quantiles.c        |  1 +
+ statistics/quantiles_source.c | 35 +++++++++++++++++++++--------------
+ 3 files changed, 24 insertions(+), 14 deletions(-)
+
+diff --git a/statistics/quantiles.c b/statistics/quantiles.c
+index 96a3a25..50898d9 100644
+--- a/statistics/quantiles.c
+++ b/statistics/quantiles.c
+@@ -1,5 +1,6 @@
+ #include <config.h>
+ #include <gsl/gsl_statistics.h>
+#include <gsl/gsl_errno.h>
+ 
+ #define BASE_LONG_DOUBLE
+ #include "templates_on.h"
+diff --git a/statistics/quantiles_source.c b/statistics/quantiles_source.c
+index e2956d9..b2feba4 100644
+--- a/statistics/quantiles_source.c
+++ b/statistics/quantiles_source.c
+@@ -24,22 +24,29 @@ FUNCTION(gsl_stats,quantile_from_sorted_data) (const BASE sorted_data[],
+                                                const size_t n,
+                                                const double f)
+ {
+-  const double index = f * (n - 1) ;
+-  const size_t lhs = (int)index ;
+-  const double delta = index - lhs ;
+-  double result;
+-
+-  if (n == 0)
+-    return 0.0 ;
+-
+-  if (lhs == n - 1)
+  if ((f < 0.0) || (f > 1.0))
+     {
+-      result = sorted_data[lhs * stride] ;
+      GSL_ERROR_VAL ("invalid quantile fraction", GSL_EDOM, 0.0);
+     }
+-  else 
+  else
+     {
+-      result = (1 - delta) * sorted_data[lhs * stride] + delta * sorted_data[(lhs + 1) * stride] ;
+-    }
+      const double index = f * (n - 1) ;
+      const size_t lhs = (int)index ;
+      const double delta = index - lhs ;
+      double result;
+ 
+-  return result ;
+      if (n == 0)
+        return 0.0 ;
+
+      if (lhs == n - 1)
+        {
+          result = sorted_data[lhs * stride] ;
+        }
+      else 
+        {
+          result = (1 - delta) * sorted_data[lhs * stride] + delta * sorted_data[(lhs + 1) * stride] ;
+        }
+
+      return result ;
+    }
+ }
+-- 
+cgit v1.1
+
--- a/gsl.changes
+++ b/gsl.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Aug 28 11:27:15 UTC 2023 - Adam Majer <adam.majer@suse.de>
+
+- 989a193268b963aa1047814f7f1402084fb7d859.patch: fix
+   stack out of bounds read in gsl_stats_quantile_from_sorted_data()
+   (bsc#1214681, CVE-2020-353570)
+
 -------------------------------------------------------------------
 Fri Feb  3 14:25:46 UTC 2023 - Stefan Brüns <stefan.bruens@rwth-aachen.de>

--- a/gsl.spec
+++ b/gsl.spec
@ -122,6 +122,7 @@ Source1:        https://ftp.gnu.org/pub/gnu/%{pname}/%{pname}-%{version}.tar.gz.
 Source2:        https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=gsl&download=1#/%{pname}.keyring
 Patch6:         gsl-qawc-test-x86-precision.diff
 Patch7:         gsl-disable-fma.patch
+Patch8:         989a193268b963aa1047814f7f1402084fb7d859.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libtool
@ -259,6 +260,7 @@ library packages.
 %setup -q -n %{pname}-%{version}
 %patch6
 %patch7 -p1
+%patch8 -p1

 %build