From 24698888e2f71df5e73684e74f21cff14d6718d8 Mon Sep 17 00:00:00 2001
From: Nathan Owens <ndowens04@gmail.com>
Date: Tue, 29 Oct 2019 01:41:24 +0000
Subject: [PATCH] file: add patch for CVE-2019-18218

CVE: https://nvd.nist.gov/vuln/detail/CVE-2019-18218
Patch: https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
---
 ...-of-elements-in-a-vector-found-by-os.patch | 59 +++++++++++++++++++
 srcpkgs/file/template                         |  2 +-
 2 files changed, 60 insertions(+), 1 deletion(-)
 create mode 100644 srcpkgs/file/patches/0001-Limit-the-number-of-elements-in-a-vector-found-by-os.patch

diff --git a/srcpkgs/file/patches/0001-Limit-the-number-of-elements-in-a-vector-found-by-os.patch b/srcpkgs/file/patches/0001-Limit-the-number-of-elements-in-a-vector-found-by-os.patch
new file mode 100644
index 00000000000..0507f75f81f
--- /dev/null
+++ b/srcpkgs/file/patches/0001-Limit-the-number-of-elements-in-a-vector-found-by-os.patch
@@ -0,0 +1,59 @@
+From ba28c7f45bc1fd8cf882ad21ce619655c2736d7b Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Mon, 26 Aug 2019 14:31:39 +0000
+Subject: [PATCH] Limit the number of elements in a vector (found by oss-fuzz)
+
+---
+ src/cdf.c | 9 ++++-----
+ src/cdf.h | 1 +
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/cdf.c b/src/cdf.c
+index 556a3ff8..e4835fef 100644
+--- src/cdf.c
++++ src/cdf.c
+@@ -35,7 +35,7 @@
+ #include "file.h"
+ 
+ #ifndef lint
+-FILE_RCSID("@(#)$File: cdf.c,v 1.114 2019/02/20 02:35:27 christos Exp $")
++FILE_RCSID("@(#)$File: cdf.c,v 1.116 2019/08/26 14:31:39 christos Exp $")
+ #endif
+ 
+ #include <assert.h>
+@@ -1013,8 +1013,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ 				goto out;
+ 			}
+ 			nelements = CDF_GETUINT32(q, 1);
+-			if (nelements == 0) {
+-				DPRINTF(("CDF_VECTOR with nelements == 0\n"));
++			if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
++				DPRINTF(("CDF_VECTOR with nelements == %"
++				    SIZE_T_FORMAT "u\n", nelements));
+ 				goto out;
+ 			}
+ 			slen = 2;
+@@ -1056,8 +1057,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ 					goto out;
+ 				inp += nelem;
+ 			}
+-			DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
+-			    nelements));
+ 			for (j = 0; j < nelements && i < sh.sh_properties;
+ 			    j++, i++)
+ 			{
+diff --git a/src/cdf.h b/src/cdf.h
+index 2f7e554b..05056668 100644
+--- src/cdf.h
++++ src/cdf.h
+@@ -48,6 +48,7 @@
+ typedef int32_t cdf_secid_t;
+ 
+ #define CDF_LOOP_LIMIT					10000
++#define CDF_ELEMENT_LIMIT				100000
+ 
+ #define CDF_SECID_NULL					0
+ #define CDF_SECID_FREE					-1
+-- 
+2.23.0
+
diff --git a/srcpkgs/file/template b/srcpkgs/file/template
index f12b0233e16..03aaa501cfb 100644
--- a/srcpkgs/file/template
+++ b/srcpkgs/file/template
@@ -1,7 +1,7 @@
 # Template file for 'file'
 pkgname=file
 version=5.37
-revision=1
+revision=2
 bootstrap=yes
 build_style=gnu-configure
 configure_args="--enable-static"