From b2887af2dc76805a0cdba01334e5f0f786cd7ac3b6195273e296e21afcb3d187 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= <ismail@i10z.com>
Date: Mon, 25 Apr 2016 11:52:50 +0000
Subject: [PATCH] - Add CVE-2015-8863.patch to fix a heap overflow bsc#976992

OBS-URL: https://build.opensuse.org/package/show/utilities/jq?expand=0&rev=11
---
 CVE-2015-8863.patch | 34 ++++++++++++++++++++++++++++++++++
 jq.changes          |  5 +++++
 jq.spec             |  4 +++-
 3 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2015-8863.patch

diff --git a/CVE-2015-8863.patch b/CVE-2015-8863.patch
new file mode 100644
index 0000000..792ce3d
--- /dev/null
+++ b/CVE-2015-8863.patch
@@ -0,0 +1,34 @@
+From 8eb1367ca44e772963e704a700ef72ae2e12babd Mon Sep 17 00:00:00 2001
+From: Nicolas Williams <nico@cryptonector.com>
+Date: Sat, 24 Oct 2015 17:24:57 -0500
+Subject: [PATCH] Heap buffer overflow in tokenadd() (fix #105)
+
+This was an off-by one: the NUL terminator byte was not allocated on
+resize.  This was triggered by JSON-encoded numbers longer than 256
+bytes.
+---
+ src/jv_parse.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/jv_parse.c b/src/jv_parse.c
+index 3102ed4..84245b8 100644
+--- a/src/jv_parse.c
++++ b/src/jv_parse.c
+@@ -383,7 +383,7 @@ static pfunc stream_token(struct jv_parser* p, char ch) {
+ 
+ static void tokenadd(struct jv_parser* p, char c) {
+   assert(p->tokenpos <= p->tokenlen);
+-  if (p->tokenpos == p->tokenlen) {
++  if (p->tokenpos >= (p->tokenlen - 1)) {
+     p->tokenlen = p->tokenlen*2 + 256;
+     p->tokenbuf = jv_mem_realloc(p->tokenbuf, p->tokenlen);
+   }
+@@ -485,7 +485,7 @@ static pfunc check_literal(struct jv_parser* p) {
+     TRY(value(p, v));
+   } else {
+     // FIXME: better parser
+-    p->tokenbuf[p->tokenpos] = 0; // FIXME: invalid
++    p->tokenbuf[p->tokenpos] = 0;
+     char* end = 0;
+     double d = jvp_strtod(&p->dtoa, p->tokenbuf, &end);
+     if (end == 0 || *end != 0)
diff --git a/jq.changes b/jq.changes
index e9c9aa6..7c3e95a 100644
--- a/jq.changes
+++ b/jq.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Apr 25 11:48:27 UTC 2016 - idonmez@suse.com
+
+- Add CVE-2015-8863.patch to fix a heap overflow bsc#976992 
+
 -------------------------------------------------------------------
 Tue Aug 18 09:12:21 UTC 2015 - idonmez@suse.com
 
diff --git a/jq.spec b/jq.spec
index c605f8f..b10861e 100644
--- a/jq.spec
+++ b/jq.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package jq
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -24,6 +24,7 @@ License:        MIT and CC-BY-3.0
 Group:          Productivity/Text/Utilities
 Url:            http://stedolan.github.io/jq/
 Source:         https://github.com/stedolan/jq/releases/download/jq-%{version}/jq-%{version}.tar.gz
+Patch1:         CVE-2015-8863.patch
 BuildRequires:  autoconf
 BuildRequires:  chrpath
 BuildRequires:  coreutils
@@ -54,6 +55,7 @@ Development files (headers and libraries for jq).
 
 %prep
 %setup -q
+%patch1 -p2
 
 %build
 %configure --disable-static