From 6176e03750da45a218019771f4e76399b81e7c01 Mon Sep 17 00:00:00 2001
From: houyingchao <1348375921@qq.com>
Date: Tue, 27 Jul 2021 11:13:20 +0800
Subject: [PATCH] CVE-2019-17544

(cherry picked from commit f52add4b55dc2caa60590b931416c0a487f40557)
---
 CVE-2019-17544.patch | 49 ++++++++++++++++++++++++++++++++++++++++++++
 aspell.spec          |  6 +++++-
 2 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2019-17544.patch

diff --git a/CVE-2019-17544.patch b/CVE-2019-17544.patch
new file mode 100644
index 0000000..69f3045
--- /dev/null
+++ b/CVE-2019-17544.patch
@@ -0,0 +1,49 @@
+From 80fa26c74279fced8d778351cff19d1d8f44fe4e Mon Sep 17 00:00:00 2001
+From: Kevin Atkinson <kevina@gnu.org>
+Date: Sun, 4 Aug 2019 04:20:29 -0400
+Subject: [PATCH] Fix various bugs found by OSS-Fuze.
+
+---
+ common/config.cpp    | 2 +-
+ common/file_util.cpp | 1 +
+ common/getdata.cpp   | 2 +-
+ 3 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/common/config.cpp b/common/config.cpp
+index 017e741..e117d3c 100644
+--- a/common/config.cpp
++++ b/common/config.cpp
+@@ -763,7 +763,7 @@ namespace acommon {
+       }
+       res.append(':');
+     }
+-    if (res.back() == ':') res.pop_back();
++    if (!res.empty() && res.back() == ':') res.pop_back();
+   }
+ 
+   struct ListAddHelper : public AddableContainer 
+diff --git a/common/file_util.cpp b/common/file_util.cpp
+index 8515832..56ea501 100644
+--- a/common/file_util.cpp
++++ b/common/file_util.cpp
+@@ -181,6 +181,7 @@ namespace acommon {
+     while ( (dir = els.next()) != 0 ) 
+     {
+       path = dir;
++      if (path.empty()) continue;
+       if (path.back() != '/') path += '/';
+       unsigned dir_len = path.size();
+       path += filename;
+diff --git a/common/getdata.cpp b/common/getdata.cpp
+index 7e822c9..1b04823 100644
+--- a/common/getdata.cpp
++++ b/common/getdata.cpp
+@@ -64,7 +64,7 @@ namespace acommon {
+   char * unescape(char * dest, const char * src)
+   {
+     while (*src) {
+-      if (*src == '\\') {
++      if (*src == '\\' && src[1]) {
+ 	++src;
+ 	switch (*src) {
+ 	case 'n': *dest = '\n'; break;
diff --git a/aspell.spec b/aspell.spec
index 84587a1..5dd198d 100644
--- a/aspell.spec
+++ b/aspell.spec
@@ -1,6 +1,6 @@
 Name:          aspell
 Version:       0.60.6.1
-Release:       26
+Release:       27
 Summary:       Spell checker
 Epoch:         12
 License:       LGPLv2+ and LGPLv2 and GPLv2+ and BSD
@@ -16,6 +16,7 @@ Patch0005:     aspell-0.60.6.1-dump-personal-abort.patch
 Patch0006:     aspell-0.60.6.1-aarch64.patch
 Patch0007:     aspell-0.60.6.1-gcc7-fixes.patch
 Patch0008:     aspell-0.60.6.1-fix-back-on-empty-vector.patch
+Patch0009:     CVE-2019-17544.patch
 
 BuildRequires: chrpath gettext ncurses-devel pkgconfig perl-interpreter gcc-c++
 
@@ -110,6 +111,9 @@ rm -rf ${RPM_BUILD_ROOT}%{_mandir}/man1/aspell-import.1
 %{_mandir}/man1/pspell-config.1*
 
 %changelog
+* Thu Jul 27 2021 houyingchao<houyingchao@huawei.com> - 12:0.60.6.1-27
+- fix CVE-2019-17544
+
 * Thu Dec 24 2020 Ge Wang<wangge20@huawei.com> - 12:0.60.6.1-26
 - Modify Source0 url
  
-- 
Gitee