From 980edaa463516fe71f6f94555bfb4a7d03c5a2fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Thu, 12 Sep 2019 12:29:10 +0200
Subject: [PATCH] Fix a possible buffer overflow in transform_utf16_java()

---
 ...couple-of-potential-buffer-overflows.patch | 43 +++++++++++++++++++
 recode.spec                                   |  5 +++
 2 files changed, 48 insertions(+)
 create mode 100644 recode-3.7.5-Fix-a-couple-of-potential-buffer-overflows.patch

diff --git a/recode-3.7.5-Fix-a-couple-of-potential-buffer-overflows.patch b/recode-3.7.5-Fix-a-couple-of-potential-buffer-overflows.patch
new file mode 100644
index 0000000..3c56d16
--- /dev/null
+++ b/recode-3.7.5-Fix-a-couple-of-potential-buffer-overflows.patch
@@ -0,0 +1,43 @@
+From 3e566ca4b17814de8bc100e3edadbed6e539874f Mon Sep 17 00:00:00 2001
+From: Reuben Thomas <rrt@sc3d.org>
+Date: Wed, 11 Sep 2019 19:46:53 +0100
+Subject: [PATCH] Fix a couple of potential buffer overflows
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ src/java.c     | 2 +-
+ src/testdump.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/java.c b/src/java.c
+index 05367f1..4bb8bc9 100644
+--- a/src/java.c
++++ b/src/java.c
+@@ -88,7 +88,7 @@ transform_utf16_java (RECODE_SUBTASK subtask)
+       put_byte (value, subtask);
+     else
+       {
+-        char buffer[7];
++        char buffer[11];
+         char *cursor;
+ 
+         sprintf (buffer, "\\u%04x", value);
+diff --git a/src/testdump.c b/src/testdump.c
+index ff2ee9d..bd45837 100644
+--- a/src/testdump.c
++++ b/src/testdump.c
+@@ -254,7 +254,7 @@ produce_count (RECODE_SUBTASK subtask)
+ 	      delayed--;
+ 	    }
+ 
+-	sprintf (buffer, "%*u  %.4X", (int)count_width, (*cursor)->count, character);
++	snprintf (buffer, sizeof(buffer), "%*u  %.4X", (int)count_width, (*cursor)->count, character);
+         put_string (buffer, subtask);
+ 	if (mnemonic)
+ 	  {
+-- 
+2.21.0
+
diff --git a/recode.spec b/recode.spec
index 50d2549..87623fc 100644
--- a/recode.spec
+++ b/recode.spec
@@ -58,6 +58,9 @@ URL:        https://github.com/rrthomas/recode
 Source:     %{url}/releases/download/v%{version}/recode-%{version}.tar.gz
 # Make internal hash function identifiers unique
 Patch0:     recode-3.7.1-Rename-coliding-hash-functions.patch
+# Fix a possible buffer overflow in transform_utf16_java(),
+# in upstream after 3.7.5
+Patch1:     recode-3.7.5-Fix-a-couple-of-potential-buffer-overflows.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  coreutils
@@ -96,6 +99,7 @@ This package provides deader files for recode library.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 autoreconf -fi
 
 %build
@@ -145,6 +149,7 @@ rm $RPM_BUILD_ROOT%{_libdir}/*.la
 %changelog
 * Thu Sep 12 2019 Petr Pisar <ppisar@redhat.com> - 3.7.5-1
 - 3.7.5 bump
+- Fix a possible buffer overflow in transform_utf16_java()
 
 * Mon Sep 02 2019 Petr Pisar <ppisar@redhat.com> - 3.7.4-1
 - 3.7.4 bump