diff --git a/fix-cve-2024-38517.patch b/fix-cve-2024-38517.patch new file mode 100644 index 0000000000000000000000000000000000000000..c0b4a57a0e55bfa21a6de2bbc90b317ce6dac41c --- /dev/null +++ b/fix-cve-2024-38517.patch @@ -0,0 +1,49 @@ +From 943d45cbbc6b0f95f9fc2a9a73dc0eb23c04b588 Mon Sep 17 00:00:00 2001 +From: Yang_X_Y +Date: Tue, 6 Aug 2024 15:44:21 +0800 +Subject: [PATCH] fix-cve-2024-38517 + +--- + include/rapidjson/reader.h | 11 ++++++++++- + test/unittest/readertest.cpp | 1 + + 2 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/include/rapidjson/reader.h b/include/rapidjson/reader.h +index 19f8849..3d0af88 100644 +--- a/include/rapidjson/reader.h ++++ b/include/rapidjson/reader.h +@@ -1302,9 +1302,18 @@ private: + if (RAPIDJSON_LIKELY(s.Peek() >= '0' && s.Peek() <= '9')) { + exp = static_cast(s.Take() - '0'); + if (expMinus) { ++ // (exp + expFrac) must not underflow int => we're detecting when -exp gets ++ // dangerously close to INT_MIN (a pessimistic next digit 9 would push it into ++ // underflow territory): ++ // ++ // -(exp * 10 + 9) + expFrac >= INT_MIN ++ // <=> exp <= (expFrac - INT_MIN - 9) / 10 ++ RAPIDJSON_ASSERT(expFrac <= 0); ++ int maxExp = (expFrac + 2147483639) / 10; ++ + while (RAPIDJSON_LIKELY(s.Peek() >= '0' && s.Peek() <= '9')) { + exp = exp * 10 + static_cast(s.Take() - '0'); +- if (exp >= 214748364) { // Issue #313: prevent overflow exponent ++ if (RAPIDJSON_UNLIKELY(exp > maxExp)) { // Issue #313: prevent overflow exponent + while (RAPIDJSON_UNLIKELY(s.Peek() >= '0' && s.Peek() <= '9')) // Consume the rest of exponent + s.Take(); + } +diff --git a/test/unittest/readertest.cpp b/test/unittest/readertest.cpp +index 64a1f9c..65163de 100644 +--- a/test/unittest/readertest.cpp ++++ b/test/unittest/readertest.cpp +@@ -242,6 +242,7 @@ static void TestParseDouble() { + TEST_DOUBLE(fullPrecision, "1e-214748363", 0.0); // Maximum supported negative exponent + TEST_DOUBLE(fullPrecision, "1e-214748364", 0.0); + TEST_DOUBLE(fullPrecision, "1e-21474836311", 0.0); ++ TEST_DOUBLE(fullPrecision, "1.00000000001e-2147483638", 0.0); + TEST_DOUBLE(fullPrecision, "0.017976931348623157e+310", 1.7976931348623157e+308); // Max double in another form + + // Since +-- +2.33.0 + diff --git a/rapidjson.spec b/rapidjson.spec index ce5f6d35a034c8cb35ad8689a45ad14b75d43922..10728eaba4f50edaf56b06987a0838c0973f057c 100644 --- a/rapidjson.spec +++ b/rapidjson.spec @@ -1,4 +1,4 @@ -%define anolis_release 1 +%define anolis_release 2 %global debug_package %{nil} @@ -15,6 +15,9 @@ Patch0: rapidjson-1.1.0-do_not_include_gtest_src_dir.patch # Upstream derived patch for C++20 support Patch1: rapidjson-1.1.0-c++20.patch +#https://github.com/fmalita/rapidjson/commit/8269bc2bc289e9d343bae51cdf6d23ef0950e001 +#Patch2: fix-cve-2024-38517.patch + BuildRequires: cmake BuildRequires: make BuildRequires: gcc-c++ @@ -121,5 +124,8 @@ find %{buildroot} -type f -name 'CMake*.txt' -delete %changelog +* Tue Aug 06 2024 yangxinyu - 1.1.0-2 +- fix cve-2024-38517 + * Thu Apr 06 2023 DengXiewei - 1.1.0-1 - Initial package from upstream