From 68eab24c2c60dd8cf8466f18d6f1ab632ea6639f Mon Sep 17 00:00:00 2001
From: zhuhongbo <zhuhongbo@uniontech.com>
Date: Thu, 10 Jul 2025 15:33:22 +0800
Subject: [PATCH] fix cve CVE-2014-9474

---
 0001-fix-cve-CVE-2014-9474.patch | 25 +++++++++++++++++++++++++
 mpfr.spec                        |  8 +++++++-
 2 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 0001-fix-cve-CVE-2014-9474.patch

diff --git a/0001-fix-cve-CVE-2014-9474.patch b/0001-fix-cve-CVE-2014-9474.patch
new file mode 100644
index 0000000..f68c12f
--- /dev/null
+++ b/0001-fix-cve-CVE-2014-9474.patch
@@ -0,0 +1,25 @@
+From 90a535f40e67458fd29cdbadaaf2902d31fc3f67 Mon Sep 17 00:00:00 2001
+From: zhuhongbo <zhuhongbo@uniontech.com>
+Date: Thu, 10 Jul 2025 15:21:21 +0800
+Subject: [PATCH] fix cve CVE-2014-9474
+
+---
+ src/strtofr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/strtofr.c b/src/strtofr.c
+index ea61330..3b0f0ea 100644
+--- a/src/strtofr.c
++++ b/src/strtofr.c
+@@ -471,7 +471,7 @@ parsed_string_to_mpfr (mpfr_t x, struct parsed_string *pstr, mpfr_rnd_t rnd)
+       /* prec bits corresponds to ysize limbs */
+       ysize_bits = ysize * GMP_NUMB_BITS;
+       /* and to ysize_bits >= prec > MPFR_PREC (x) bits */
+-      y = MPFR_TMP_LIMBS_ALLOC (2 * ysize + 1);
++      y = MPFR_TMP_LIMBS_ALLOC (2 * ysize + 2);
+       y += ysize; /* y has (ysize+1) allocated limbs */
+ 
+       /* pstr_size is the number of characters we read in pstr->mant
+-- 
+2.39.3
+
diff --git a/mpfr.spec b/mpfr.spec
index 821945b..2a414c2 100644
--- a/mpfr.spec
+++ b/mpfr.spec
@@ -1,9 +1,11 @@
 Summary: A C library for multiple-precision floating-point computations
 Name: mpfr
 Version: 3.1.1
-Release: 4%{?dist}
+Release: 4%{?dist}.2
 URL: http://www.mpfr.org/
 Source0: http://www.mpfr.org/mpfr-current/%{name}-%{version}.tar.xz
+Patch0:  0001-fix-cve-CVE-2014-9474.patch
+
 # GFDL  (mpfr.texi, mpfr.info and fdl.texi)
 License: LGPLv3+ and GPLv3+ and GFDL
 Group: System Environment/Libraries
@@ -37,6 +39,7 @@ install the mpfr package.
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 %configure --disable-assert
@@ -84,6 +87,9 @@ fi
 %{_infodir}/mpfr.info*
 
 %changelog
+* Thu Jul 10 2025 zhuhongbo <zhuhongbo@uniontech.com> - 3.1.1-4.2
+- fix: fix cve CVE-2014-9474
+
 * Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 3.1.1-4
 - Mass rebuild 2014-01-24
 
-- 
Gitee