From 3d5cb00c3caa95957abfe96dcb44ccdb42d4197ac5b82790c3b8de18b15f3fc0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=98=D0=BB=D1=8C=D1=8F=20=D0=98=D0=BD=D0=B4=D0=B8=D0=B3?=
 =?UTF-8?q?=D0=BE?= <ilya@ilya.cf>
Date: Wed, 18 May 2022 15:52:38 +0000
Subject: [PATCH] Accepting request 977972 from
 home:13ilya:branches:devel:languages:javascript

Added mujs-1.2.0-stack-exhaustion.patch (CVE-2022-30974, boo#1199678).

OBS-URL: https://build.opensuse.org/request/show/977972
OBS-URL: https://build.opensuse.org/package/show/devel:languages:javascript/mujs?expand=0&rev=12
---
 mujs-1.2.0-stack-exhaustion.patch | 89 +++++++++++++++++++++++++++++++
 mujs.changes                      |  5 ++
 mujs.spec                         |  1 +
 3 files changed, 95 insertions(+)
 create mode 100644 mujs-1.2.0-stack-exhaustion.patch

diff --git a/mujs-1.2.0-stack-exhaustion.patch b/mujs-1.2.0-stack-exhaustion.patch
new file mode 100644
index 0000000..04973df
--- /dev/null
+++ b/mujs-1.2.0-stack-exhaustion.patch
@@ -0,0 +1,89 @@
+diff -Pdpru mujs-1.2.0.orig/jsdump.c mujs-1.2.0/jsdump.c
+--- mujs-1.2.0.orig/jsdump.c	2021-12-08 14:56:12.000000000 +0300
++++ mujs-1.2.0/jsdump.c	2022-05-18 18:37:44.522227643 +0300
+@@ -682,11 +682,13 @@ static void pstmlist(int d, js_Ast *list
+ void jsP_dumpsyntax(js_State *J, js_Ast *prog, int dominify)
+ {
+ 	minify = dominify;
+-	if (prog->type == AST_LIST)
+-		pstmlist(-1, prog);
+-	else {
+-		pstm(0, prog);
+-		nl();
++	if (prog) {
++		if (prog->type == AST_LIST)
++			pstmlist(-1, prog);
++		else {
++			pstm(0, prog);
++			nl();
++		}
+ 	}
+ 	if (minify > 1)
+ 		putchar('\n');
+@@ -768,11 +770,13 @@ static void sblock(int d, js_Ast *list)
+ void jsP_dumplist(js_State *J, js_Ast *prog)
+ {
+ 	minify = 0;
+-	if (prog->type == AST_LIST)
+-		sblock(0, prog);
+-	else
+-		snode(0, prog);
+-	nl();
++	if (prog) {
++		if (prog->type == AST_LIST)
++			sblock(0, prog);
++		else
++			snode(0, prog);
++		nl();
++	}
+ }
+ 
+ /* Compiled code */
+diff -Pdpru mujs-1.2.0.orig/regexp.c mujs-1.2.0/regexp.c
+--- mujs-1.2.0.orig/regexp.c	2021-12-08 14:56:12.000000000 +0300
++++ mujs-1.2.0/regexp.c	2022-05-18 18:32:24.114001044 +0300
+@@ -622,25 +622,26 @@ struct Reinst {
+ 	Reinst *y;
+ };
+ 
+-static int count(struct cstate *g, Renode *node)
++static int count(struct cstate *g, Renode *node, int depth)
+ {
+ 	int min, max, n;
+ 	if (!node) return 0;
++	if (++depth > REG_MAXREC) die(g, "stack overflow");
+ 	switch (node->type) {
+ 	default: return 1;
+-	case P_CAT: return count(g, node->x) + count(g, node->y);
+-	case P_ALT: return count(g, node->x) + count(g, node->y) + 2;
++	case P_CAT: return count(g, node->x, depth) + count(g, node->y, depth);
++	case P_ALT: return count(g, node->x, depth) + count(g, node->y, depth) + 2;
+ 	case P_REP:
+ 		min = node->m;
+ 		max = node->n;
+-		if (min == max) n = count(g, node->x) * min;
+-		else if (max < REPINF) n = count(g, node->x) * max + (max - min);
+-		else n = count(g, node->x) * (min + 1) + 2;
++		if (min == max) n = count(g, node->x, depth) * min;
++		else if (max < REPINF) n = count(g, node->x, depth) * max + (max - min);
++		else n = count(g, node->x, depth) * (min + 1) + 2;
+ 		if (n < 0 || n > REG_MAXPROG) die(g, "program too large");
+ 		return n;
+-	case P_PAR: return count(g, node->x) + 2;
+-	case P_PLA: return count(g, node->x) + 2;
+-	case P_NLA: return count(g, node->x) + 2;
++	case P_PAR: return count(g, node->x, depth) + 2;
++	case P_PLA: return count(g, node->x, depth) + 2;
++	case P_NLA: return count(g, node->x, depth) + 2;
+ 	}
+ }
+ 
+@@ -903,7 +904,7 @@ Reprog *regcompx(void *(*alloc)(void *ct
+ 	putchar('\n');
+ #endif
+ 
+-	n = 6 + count(&g, node);
++	n = 6 + count(&g, node, 0);
+ 	if (n < 0 || n > REG_MAXPROG)
+ 		die(&g, "program too large");
+ 
diff --git a/mujs.changes b/mujs.changes
index 5fde3ab..1dababf 100644
--- a/mujs.changes
+++ b/mujs.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed May 18 15:45:51 UTC 2022 - Илья Индиго <ilya@ilya.cf>
+
+- Added mujs-1.2.0-stack-exhaustion.patch (CVE-2022-30974, boo#1199678).
+
 -------------------------------------------------------------------
 Mon Feb 15 13:12:21 UTC 2022 - Илья Индиго <ilya@ilya.pp.ua>
 
diff --git a/mujs.spec b/mujs.spec
index 1e15de2..63d2ac9 100644
--- a/mujs.spec
+++ b/mujs.spec
@@ -24,6 +24,7 @@ License:        AGPL-3.0-or-later
 Group:          Development/Languages/C and C++
 URL:            https://mujs.com
 Source0:        https://mujs.com/downloads/%{name}-%{version}.tar.xz
+Patch0:         %{name}-1.2.0-stack-exhaustion.patch
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(readline)