out of bounds read access in is_utf8_well_formed()

Resolves: #1201310
CVE-2014-9488

less-471-out_of_bounds_read.patch

@@ -0,0 +1,11 @@
+--- less-474/line.c	2015-01-31 00:20:29.000000000 +0100
++++ less-475/line.c	2015-03-05 20:07:08.000000000 +0100
+@@ -807,7 +807,7 @@
+ 			mbc_buf[mbc_buf_index++] = c;
+ 			if (mbc_buf_index < mbc_buf_len)
+ 				return (0);
+-			if (is_utf8_well_formed(mbc_buf))
++			if (is_utf8_well_formed(mbc_buf, mbc_buf_index))
+ 				r = do_append(get_wchar(mbc_buf), mbc_buf, mbc_pos);
+ 			else
+ 				/* Complete, but not shortest form, sequence. */

less.spec

@@ -1,7 +1,7 @@
 Summary: A text file browser similar to more, but better
 Name: less
 Version: 471
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv3+
 Group: Applications/Text
 Source: http://www.greenwoodsoftware.com/less/%{name}-%{version}.tar.gz
@@ -18,6 +18,7 @@ Patch8: less-458-lessecho-usage.patch
 Patch9: less-458-less-filters-man.patch
 Patch10: less-458-lesskey-usage.patch
 Patch11: less-458-old-bot-in-help.patch
+Patch12: less-471-out_of_bounds_read.patch
 URL: http://www.greenwoodsoftware.com/less/
 Requires: groff-base
 BuildRequires: ncurses-devel
@@ -45,6 +46,7 @@ files, and you'll use it frequently.
 %patch9 -p1 -b .less-filters-man
 %patch10 -p1 -b .lesskey-usage
 %patch11 -p1 -b .old-bot
+%patch12 -p1 -b .out_of_bounds_read.patch
 autoreconf
 
 chmod -R a+w *
@@ -75,6 +77,11 @@ ls -la $RPM_BUILD_ROOT/etc/profile.d
 rm -rf $RPM_BUILD_ROOT
 
 %changelog
+* Mon Jun 01 2015 Jozef Mlich <jmlich@redhat.com> - 471-3
+- out of bounds read access in is_utf8_well_formed()
+  Resolves: #1201310
+  CVE-2014-9488
+
 * Sat Feb 21 2015 Till Maas <opensource@till.name> - 471-2
 - Rebuilt for Fedora 23 Change
   https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code