From 657714c2e2c845a8ff61a378288f5e7ee006870b Mon Sep 17 00:00:00 2001
From: zouzhimin <zouzhimin@kylinos.cn>
Date: Thu, 14 Aug 2025 10:01:23 +0800
Subject: [PATCH] Fix stack buffer overflow in remove_whitespace()

(cherry picked from commit 8e77a00922f8679e34c4d9d83eeb5adddea9fdc7)
---
 ...buffer-overflow-in-remove_whitespace.patch | 28 +++++++++++++++++++
 corosync.spec                                 |  6 +++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 backport-Fix-stack-buffer-overflow-in-remove_whitespace.patch

diff --git a/backport-Fix-stack-buffer-overflow-in-remove_whitespace.patch b/backport-Fix-stack-buffer-overflow-in-remove_whitespace.patch
new file mode 100644
index 0000000..571eae9
--- /dev/null
+++ b/backport-Fix-stack-buffer-overflow-in-remove_whitespace.patch
@@ -0,0 +1,28 @@
+From 6cc3a242e167d3705a81ba704276533fe1390c79 Mon Sep 17 00:00:00 2001
+From: vikk777 <listratenko1998@mail.ru>
+Date: Wed, 16 Apr 2025 12:27:44 +0300
+Subject: [PATCH] Fix stack buffer overflow in remove_whitespace()
+
+Signed-off-by: vikk777 <listratenko1998@mail.ru>
+Reviewed-by: Jan Friesse <jfriesse@redhat.com>
+---
+ exec/coroparse.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/exec/coroparse.c b/exec/coroparse.c
+index b017aca9..6f4adf87 100644
+--- a/exec/coroparse.c
++++ b/exec/coroparse.c
+@@ -271,6 +271,9 @@ static char *remove_whitespace(char *string, int remove_colon_and_brace)
+ 	char *end;
+ 
+ 	start = string;
++	if (*start == '\0')
++		return start;
++
+ 	while (*start == ' ' || *start == '\t' || (unsigned char)*start == 0xA0)
+ 		start++;
+ 
+-- 
+2.25.1
+
diff --git a/corosync.spec b/corosync.spec
index a4436b5..62c6c40 100644
--- a/corosync.spec
+++ b/corosync.spec
@@ -18,11 +18,12 @@
 Name:           corosync
 Summary:        The Corosync Cluster Engine and Application Programming Interfaces
 Version:        3.1.9
-Release:        1
+Release:        2
 License:        BSD-3-Clause
 URL:            http://corosync.github.io/corosync/
 Source0:        http://build.clusterlabs.org/corosync/releases/%{name}-%{version}%{?gittarver}.tar.gz
 Patch0:	        backport-CVE-2025-30472.patch
+Patch1:         backport-Fix-stack-buffer-overflow-in-remove_whitespace.patch
 # Runtime bits
 # The automatic dependency overridden in favor of explicit version lock
 Requires:       corosynclib = %{version}-%{release}
@@ -288,6 +289,9 @@ network splits)
 %endif
 
 %changelog
+* Thu Aug 14 2025 zouzhimin <zouzhimin@kylinos.cn> - 3.1.9-2
+- Fix stack buffer overflow in remove_whitespace()
+
 * Wed Jun 25 2025 zouzhimin <zouzhimin@kylinos.cn> - 3.1.9-1
 - update package to version 3.1.9
 - This release contains mostly smaller bugfixes and improvements
-- 
Gitee