Accepting request 977973 from devel:languages:javascript

Added mujs-1.2.0-stack-exhaustion.patch (CVE-2022-30974, boo#1199678).

OBS-URL: https://build.opensuse.org/request/show/977973
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mujs?expand=0&rev=7

mujs-1.2.0-stack-exhaustion.patch

@@ -0,0 +1,89 @@
+diff -Pdpru mujs-1.2.0.orig/jsdump.c mujs-1.2.0/jsdump.c
+--- mujs-1.2.0.orig/jsdump.c	2021-12-08 14:56:12.000000000 +0300
++++ mujs-1.2.0/jsdump.c	2022-05-18 18:37:44.522227643 +0300
+@@ -682,11 +682,13 @@ static void pstmlist(int d, js_Ast *list
+ void jsP_dumpsyntax(js_State *J, js_Ast *prog, int dominify)
+ {
+ 	minify = dominify;
+-	if (prog->type == AST_LIST)
+-		pstmlist(-1, prog);
+-	else {
+-		pstm(0, prog);
+-		nl();
++	if (prog) {
++		if (prog->type == AST_LIST)
++			pstmlist(-1, prog);
++		else {
++			pstm(0, prog);
++			nl();
++		}
+ 	}
+ 	if (minify > 1)
+ 		putchar('\n');
+@@ -768,11 +770,13 @@ static void sblock(int d, js_Ast *list)
+ void jsP_dumplist(js_State *J, js_Ast *prog)
+ {
+ 	minify = 0;
+-	if (prog->type == AST_LIST)
+-		sblock(0, prog);
+-	else
+-		snode(0, prog);
+-	nl();
++	if (prog) {
++		if (prog->type == AST_LIST)
++			sblock(0, prog);
++		else
++			snode(0, prog);
++		nl();
++	}
+ }
+ 
+ /* Compiled code */
+diff -Pdpru mujs-1.2.0.orig/regexp.c mujs-1.2.0/regexp.c
+--- mujs-1.2.0.orig/regexp.c	2021-12-08 14:56:12.000000000 +0300
++++ mujs-1.2.0/regexp.c	2022-05-18 18:32:24.114001044 +0300
+@@ -622,25 +622,26 @@ struct Reinst {
+ 	Reinst *y;
+ };
+ 
+-static int count(struct cstate *g, Renode *node)
++static int count(struct cstate *g, Renode *node, int depth)
+ {
+ 	int min, max, n;
+ 	if (!node) return 0;
++	if (++depth > REG_MAXREC) die(g, "stack overflow");
+ 	switch (node->type) {
+ 	default: return 1;
+-	case P_CAT: return count(g, node->x) + count(g, node->y);
+-	case P_ALT: return count(g, node->x) + count(g, node->y) + 2;
++	case P_CAT: return count(g, node->x, depth) + count(g, node->y, depth);
++	case P_ALT: return count(g, node->x, depth) + count(g, node->y, depth) + 2;
+ 	case P_REP:
+ 		min = node->m;
+ 		max = node->n;
+-		if (min == max) n = count(g, node->x) * min;
+-		else if (max < REPINF) n = count(g, node->x) * max + (max - min);
+-		else n = count(g, node->x) * (min + 1) + 2;
++		if (min == max) n = count(g, node->x, depth) * min;
++		else if (max < REPINF) n = count(g, node->x, depth) * max + (max - min);
++		else n = count(g, node->x, depth) * (min + 1) + 2;
+ 		if (n < 0 || n > REG_MAXPROG) die(g, "program too large");
+ 		return n;
+-	case P_PAR: return count(g, node->x) + 2;
+-	case P_PLA: return count(g, node->x) + 2;
+-	case P_NLA: return count(g, node->x) + 2;
++	case P_PAR: return count(g, node->x, depth) + 2;
++	case P_PLA: return count(g, node->x, depth) + 2;
++	case P_NLA: return count(g, node->x, depth) + 2;
+ 	}
+ }
+ 
+@@ -903,7 +904,7 @@ Reprog *regcompx(void *(*alloc)(void *ct
+ 	putchar('\n');
+ #endif
+ 
+-	n = 6 + count(&g, node);
++	n = 6 + count(&g, node, 0);
+ 	if (n < 0 || n > REG_MAXPROG)
+ 		die(&g, "program too large");
+ 

mujs.changes

@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed May 18 15:45:51 UTC 2022 - Илья Индиго <ilya@ilya.cf>
+
+- Added mujs-1.2.0-stack-exhaustion.patch (CVE-2022-30974, boo#1199678).
+
 -------------------------------------------------------------------
 Mon Feb 15 13:12:21 UTC 2022 - Илья Индиго <ilya@ilya.pp.ua>
 

mujs.spec

@@ -24,6 +24,7 @@ License:        AGPL-3.0-or-later
 Group:          Development/Languages/C and C++
 URL:            https://mujs.com
 Source0:        https://mujs.com/downloads/%{name}-%{version}.tar.xz
+Patch0:         %{name}-1.2.0-stack-exhaustion.patch
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(readline)