1 files changed, 53 insertions, 0 deletions

diff --git a/system/pkgconf/0001-tuple-Ensure-buf-length-is-always-1-in-dequote.patch b/system/pkgconf/0001-tuple-Ensure-buf-length-is-always-1-in-dequote.patch
new file mode 100644
index 000000000..d1a423391
--- /dev/null
+++ b/system/pkgconf/0001-tuple-Ensure-buf-length-is-always-1-in-dequote.patch
@@ -0,0 +1,53 @@
+From 9b7affe0b1e6512c6c73d19e1220c94fdb5c8159 Mon Sep 17 00:00:00 2001
+From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
+Date: Sat, 28 Jul 2018 19:06:33 -0500
+Subject: [PATCH] tuple: Ensure buf length is always >= 1 in dequote
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If a key is defined with no value, dequote will allocate a buffer with a
+length of 0.  Since the buffer's length is 0, any manipulation of its
+content is UB.
+
+Example .pc file:
+
+prefix=/usr
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+xcflags=
+xlibs= -lSM -lICE  -lX11
+
+Name: Obt
+Description: Openbox Toolkit Library
+Version: 3.6
+Requires: glib-2.0 libxml-2.0
+Libs: -L${libdir} -lobt ${xlibs}
+Cflags: -I${includedir}/openbox/3.6 ${xcflags}
+
+Output using pkgconf 1.5.2 on x86_64 Linux/musl:
+
+% pkgconf --cflags obt-3.5
+-I/usr/include/openbox/3.6 \�\\�I\�\ -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/libxml2
+---
+ libpkgconf/tuple.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libpkgconf/tuple.c b/libpkgconf/tuple.c
+index 26dc5d5..8523709 100644
+--- a/libpkgconf/tuple.c
++++ b/libpkgconf/tuple.c
+@@ -139,7 +139,7 @@ pkgconf_tuple_find_delete(pkgconf_list_t *list, const char *key)
+ static char *
+ dequote(const char *value)
+ {
+-	char *buf = calloc(strlen(value) * 2, 1);
++	char *buf = calloc((strlen(value) + 1) * 2, 1);
+ 	char *bptr = buf;
+ 	const char *i;
+ 	char quote = 0;
+-- 
+2.17.1
+