user/readstat: Update to 1.1.9 and fix issues

1.1.9 includes many big-endian fixes and other improvements.

* Fix use-after-free found after 1.1.9 release that causes GCC to error.
* Fix buffer overflow that might cause a crash.
* Fix two more big endian issues.

1 files changed, 26 insertions, 0 deletions

diff --git a/user/readstat/buf-overflow.patch b/user/readstat/buf-overflow.patch
new file mode 100644
index 000000000..f3766bb24
--- /dev/null
+++ b/user/readstat/buf-overflow.patch
@@ -0,0 +1,26 @@
+From c7baae72b36acdc24f56ad48d3e859850fdbdc2b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=A1bor=20Cs=C3=A1rdi?= <csardi.gabor@gmail.com>
+Date: Sat, 17 Feb 2024 21:23:14 +0100
+Subject: [PATCH] Fix a buffer overflow (#311)
+
+It happens if raw_str_used underflows and ends up a very large number,
+which is then used as the size of a string.
+
+Closes #285.
+---
+ src/spss/readstat_sav_read.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/spss/readstat_sav_read.c b/src/spss/readstat_sav_read.c
+index 7f49490..460bf07 100644
+--- a/src/spss/readstat_sav_read.c
++++ b/src/spss/readstat_sav_read.c
+@@ -717,7 +717,7 @@ static readstat_error_t sav_process_row(unsigned char *buffer, size_t buffer_len
+             }
+             if (++offset == col_info->width) {
+                 if (++segment_offset < var_info->n_segments) {
+-                    raw_str_used--;
++                    if (raw_str_used > 0) raw_str_used--;
+                 }
+                 offset = 0;
+                 col++;