Make tainted data safe

Resolves: RHEL-43596

texinfo-7.1-make-tainted-data-safe.patch

@@ -0,0 +1,12 @@
+diff -up texinfo-7.1/info/makedoc.c.orig texinfo-7.1/info/makedoc.c
+--- texinfo-7.1/info/makedoc.c.orig	2023-08-14 20:53:20.000000000 +0200
++++ texinfo-7.1/info/makedoc.c	2024-10-09 10:13:13.476369921 +0200
+@@ -296,7 +296,7 @@ process_one_file (char *filename, FILE *
+       char *func, *doc;
+       char *func_name;
+ 
+-      for (; offset < (file_size - decl_len); offset++)
++      for (; offset < (file_size - decl_len) && offset < (LONG_MAX - decl_len); offset++)
+         {
+           if (buffer[offset] == '\n')
+             {

texinfo.spec

@@ -3,7 +3,7 @@
 Summary: Tools needed to create Texinfo format documentation files
 Name: texinfo
 Version: 7.1
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPL-3.0-or-later
 Url: http://www.gnu.org/software/texinfo/
 Source0: ftp://ftp.gnu.org/gnu/texinfo/texinfo-%{version}.tar.xz
@@ -17,6 +17,8 @@ Patch1: texinfo-6.5-fix-info-dir.patch
 Patch2: texinfo-6.5-covscan-fixes.patch
 # Patch3: fixes various issues found by static analysis
 Patch3: texinfo-7.1-various-sast-fixes.patch
+# Patch4: makes tainted data safe
+Patch4: texinfo-7.1-make-tainted-data-safe.patch
 
 BuildRequires: make
 BuildRequires: gcc
@@ -150,6 +152,10 @@ export ALL_TESTS=yes
 %{_mandir}/man1/pdftexi2dvi.1*
 
 %changelog
+* Tue Dec 03 2024 Vitezslav Crhonek <vcrhonek@redhat.com> - 7.1-6
+- Make tainted data safe
+  Resolves: RHEL-43596
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 7.1-5
 - Bump release for October 2024 mass rebuild:
   Resolves: RHEL-64018