From 170ea8d03e2cd09d84069efa9200885c6ef4e9ae Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Wed, 15 Mar 2023 12:58:39 -0700
Subject: [PATCH] Backport PR #231 to fix a crash (#2178510)

---
 ...attrs-fix-out-of-bounds-access-again.patch | 33 +++++++++++++++++++
 squashfs-tools.spec                           | 12 ++++++-
 2 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 0001-xattrs-fix-out-of-bounds-access-again.patch

diff --git a/0001-xattrs-fix-out-of-bounds-access-again.patch b/0001-xattrs-fix-out-of-bounds-access-again.patch
new file mode 100644
index 0000000..471a632
--- /dev/null
+++ b/0001-xattrs-fix-out-of-bounds-access-again.patch
@@ -0,0 +1,33 @@
+From 5b2b9acd762e859822c99c5262d0bcbccff619de Mon Sep 17 00:00:00 2001
+From: Adam Williamson <awilliam@redhat.com>
+Date: Wed, 15 Mar 2023 12:35:38 -0700
+Subject: [PATCH] xattrs: fix out of bounds access (again)
+
+This restores the fix from c5db34e , which was somehow lost in
+83b2f3a . `j` is not available after the loop is done, we need
+to use i. We use `i - 1` because, of course, list indexes start
+at 0.
+
+Fixes https://github.com/plougher/squashfs-tools/issues/230
+
+Signed-off-by: Adam Williamson <awilliam@redhat.com>
+---
+ squashfs-tools/xattr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/squashfs-tools/xattr.c b/squashfs-tools/xattr.c
+index d48d950..32343f5 100644
+--- a/squashfs-tools/xattr.c
++++ b/squashfs-tools/xattr.c
+@@ -838,7 +838,7 @@ int read_xattrs(void *d, int type)
+ 	for(j = 1;  j < i; j++)
+ 		xattr_list[j - 1].vnext = &xattr_list[j];
+ 
+-	xattr_list[j].vnext = NULL;
++	xattr_list[i - 1].vnext = NULL;
+ 	head = xattr_list;
+ 
+ 	sort_xattr_list(&head, i);
+-- 
+2.39.2
+
diff --git a/squashfs-tools.spec b/squashfs-tools.spec
index 3324f4a..6e8a24c 100644
--- a/squashfs-tools.spec
+++ b/squashfs-tools.spec
@@ -7,7 +7,13 @@ Summary: Utility for the creation of squashfs filesystems
 %forgemeta
 URL:	 %{forgeurl}
 Source:  %{forgesource}
-Release: 0.6%{dist}
+# https://github.com/plougher/squashfs-tools/pull/231
+# https://github.com/plougher/squashfs-tools/issues/230
+# https://bugzilla.redhat.com/show_bug.cgi?id=2178510
+# Fix a crash caused by an out-of-bounds access that was inadvertently
+# re-introduced in a memory leak fix
+Patch0: 0001-xattrs-fix-out-of-bounds-access-again.patch
+Release: 0.7%{dist}
 License: GPLv2+
 
 BuildRequires: make
@@ -26,6 +32,7 @@ contains the utilities for manipulating squashfs filesystems.
 
 %prep
 %forgesetup
+%autopatch -p1
 
 %build
 %set_build_flags
@@ -50,6 +57,9 @@ make INSTALL_PREFIX=%{buildroot}/usr INSTALL_DIR=%{buildroot}%{_sbindir} INSTALL
 %{_sbindir}/sqfscat
 
 %changelog
+* Wed Mar 15 2023 Adam Williamson <awilliam@redhat.com> - 4.6-0.7.20230314git36abab0
+- Backport PR #231 to fix a crash (#2178510)
+
 * Tue Mar 14 2023 Bruno Wolff III <bruno@wolff.to> - 4.6-0.6^20230314git36abab0
 - A few minor memory leaks were fixed