From 84403fe0664dd97d4c5e202942067b51854481a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Zaoral?= <lzaoral@redhat.com>
Date: Wed, 10 Dec 2025 15:10:01 +0100
Subject: [PATCH] fix use of uninitialized value in sin_cos

Resolves: RHEL-35392
---
 mpfr-sin_cos-uninit-var.patch | 38 +++++++++++++++++++++++++++++++++++
 mpfr.spec                     |  9 ++++++++-
 2 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 mpfr-sin_cos-uninit-var.patch

diff --git a/mpfr-sin_cos-uninit-var.patch b/mpfr-sin_cos-uninit-var.patch
new file mode 100644
index 0000000..0a75ec5
--- /dev/null
+++ b/mpfr-sin_cos-uninit-var.patch
@@ -0,0 +1,38 @@
+From 96295d88fc03795ce6ae03ee2daabf9639fd96cc Mon Sep 17 00:00:00 2001
+From: Paul Zimmermann <Paul.Zimmermann@inria.fr>
+Date: Wed, 30 Apr 2025 17:09:57 +0200
+Subject: [PATCH] [sin_cos] fixed uninitialized value and added comments
+
+(issue reported by Jerry James,
+see https://sympa.inria.fr/sympa/arc/mpfr/2025-04/msg00039.html)
+---
+ src/sin_cos.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/sin_cos.c b/src/sin_cos.c
+index af0d87094..5279a4c29 100644
+--- a/src/sin_cos.c
++++ b/src/sin_cos.c
+@@ -331,6 +331,9 @@ sin_bs_aux (mpz_t Q0, mpz_t S0, mpz_t C0, mpz_srcptr p, mpfr_prec_t r,
+   mult[0] = r - pp_s + r0 - p_s;
+   /* we have x^3 < 1/2^mult[0] */
+ 
++  /* accu[k] is some bound for the k-th term, more precisely the k-th term
++     is bounded by 1/2^accu[k] */
++  accu[0] = 0;
+   for (i = 2, k = 0, prec_i_have = mult[0]; prec_i_have < prec; i += 2)
+     {
+       /* i is even here */
+@@ -366,7 +369,8 @@ sin_bs_aux (mpz_t Q0, mpz_t S0, mpz_t C0, mpz_srcptr p, mpfr_prec_t r,
+       MPFR_MPZ_SIZEINBASE2(mult[k], Q[k]);
+       mult[k] += 2 * r - size_ptoj[1] - 1;
+       /* the absolute contribution of the next term is 1/2^accu[k] */
+-      accu[k] = (k == 0) ? mult[k] : mult[k] + accu[k-1];
++      MPFR_ASSERTD(k > 0);
++      accu[k] = mult[k] + accu[k-1];
+       prec_i_have = accu[k]; /* the current term is < 1/2^accu[k] */
+       j = (i + 2) / 2;
+       l = 1;
+-- 
+GitLab
+
diff --git a/mpfr.spec b/mpfr.spec
index 402eaa8..07a282a 100644
--- a/mpfr.spec
+++ b/mpfr.spec
@@ -1,7 +1,7 @@
 Summary: C library for multiple-precision floating-point computations
 Name: mpfr
 Version: 4.1.0
-Release: 7%{?dist}
+Release: 8%{?dist}
 URL: https://www.mpfr.org/
 
 License: LGPLv3+
@@ -21,6 +21,10 @@ Source0: https://www.mpfr.org/%{name}-%{version}/%{name}-%{version}.tar.xz
 # - jyn-asympt-interm-zero.patch
 Patch0: https://www.mpfr.org/%{name}-%{version}/allpatches
 
+# fix use of uninitialized value in sin_cos (RHEL-35392)
+# https://gitlab.inria.fr/mpfr/mpfr/-/commit/96295d88fc03795ce6ae03ee2daabf9639fd96cc
+Patch: mpfr-sin_cos-uninit-var.patch
+
 # This can be removed when F32 reaches EOL
 Obsoletes: mpfr3 < 4.0.0
 Provides: mpfr3 = %{version}-%{release}
@@ -107,6 +111,9 @@ export LD_LIBRARY_PATH=%{buildroot}%{_libdir}
 %{_infodir}/mpfr.info*
 
 %changelog
+* Wed Dec 10 2025 Lukáš Zaoral <lzaoral@redhat.com> - 4.1.0-8
+- fix use of uninitialized value in sin_cos (RHEL-35392)
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4.1.0-7
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688