4 files changed, 184 insertions, 0 deletions

diff --git a/user/readstat/APKBUILD b/user/readstat/APKBUILD
new file mode 100644
index 000000000..1ce3b3249
--- /dev/null
+++ b/user/readstat/APKBUILD
@@ -0,0 +1,45 @@
+# Maintainer: A. Wilcox <awilfox@adelielinux.org>
+pkgname=readstat
+pkgver=1.1.9
+pkgrel=0
+pkgdesc="Command-line tool for converting stats package files"
+url=" "
+arch="all"
+license="MIT"
+depends=""
+makedepends="zlib-dev"
+subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
+source="https://github.com/WizardMac/ReadStat/releases/download/v$pkgver/readstat-$pkgver.tar.gz
+	use-after-free.patch
+	buf-overflow.patch
+	big-endian.patch
+	"
+
+build() {
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--localstatedir=/var
+	make
+}
+
+check() {
+	make check
+}
+
+package() {
+	make DESTDIR="$pkgdir" install
+}
+
+libs() {
+	pkgdesc="C library for converting stats package files"
+	default_libs
+}
+
+sha512sums="1034d2ca4f45a5b93ed1857b9176965a1584c042bfc2316cc93d0a80f589dc55ad6fe01036a6b9a4db36080b2a9876472f9016ce01e015692430dbeb7e26ece0  readstat-1.1.9.tar.gz
+b58b0b2d5da107048c4aedbb6a8a0cd7cd3710ac6e6cd5cb759fd149288da24fb2f52022586154eba42d32441ab5a6ec307f895af2875649bb57a4d0473d9a81  use-after-free.patch
+cfcad56dfe51b1454010e6cf15961816de8b60f1d5918638b8f1f208d18713db281eb1d915db4cd79fe11d28c82a1c3c23a1a05a079b4071ba2f61c1d0c74dbc  buf-overflow.patch
+3aad51258a52c13c45bd94c7e12a9ae38923930f03dbbee650d489ef812999de82e8024ec5e74ca4ad191aa90b2c5d8dd983493121c9b874708b3f32419e1146  big-endian.patch"
diff --git a/user/readstat/big-endian.patch b/user/readstat/big-endian.patch
new file mode 100644
index 000000000..71f1db133
--- /dev/null
+++ b/user/readstat/big-endian.patch
@@ -0,0 +1,76 @@
+From 0034c8ee693563cbecae8fa8a24d3e8d5dcc6ab1 Mon Sep 17 00:00:00 2001
+From: Evan Miller <emmiller@gmail.com>
+Date: Sat, 4 May 2024 08:50:28 -0400
+Subject: [PATCH] [SAS7BCAT writer] big-endian architecture fix
+
+Closes #302
+---
+ src/sas/readstat_sas7bcat_write.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/sas/readstat_sas7bcat_write.c b/src/sas/readstat_sas7bcat_write.c
+index 6544798c..9642fdad 100644
+--- a/src/sas/readstat_sas7bcat_write.c
++++ b/src/sas/readstat_sas7bcat_write.c
+@@ -63,7 +63,8 @@ static sas7bcat_block_t *sas7bcat_block_for_label_set(readstat_label_set_t *r_la
+ 
+     for (j=0; j<r_label_set->value_labels_count; j++) {
+         readstat_value_label_t *value_label = readstat_get_value_label(r_label_set, j);
+-        lbp1[2] = 24; // size - 6
++        int16_t value_entry_len = 24; // size - 6
++        memcpy(&lbp1[2], &value_entry_len, sizeof(int16_t));
+         int32_t index = j;
+         memcpy(&lbp1[10], &index, sizeof(int32_t));
+         if (r_label_set->type == READSTAT_TYPE_STRING) {
+@@ -86,7 +87,7 @@ static sas7bcat_block_t *sas7bcat_block_for_label_set(readstat_label_set_t *r_la
+         memcpy(&lbp2[8], &label_len, sizeof(int16_t));
+         memcpy(&lbp2[10], value_label->label, label_len);
+ 
+-        lbp1 += 30;
++        lbp1 += 6 + value_entry_len;
+         lbp2 += 8 + 2 + value_label->label_len + 1;
+     }
+ 
+From 29aac3db79a5da20d1d1dcbb54a587c5ba51e7b3 Mon Sep 17 00:00:00 2001
+From: Evan Miller <emmiller@gmail.com>
+Date: Sat, 4 May 2024 10:35:27 -0400
+Subject: [PATCH] [SAS7BCAT writer] more big-endian fixes
+
+---
+ src/sas/readstat_sas7bcat_write.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/sas/readstat_sas7bcat_write.c b/src/sas/readstat_sas7bcat_write.c
+index 9642fda..c25fec0 100644
+--- a/src/sas/readstat_sas7bcat_write.c
++++ b/src/sas/readstat_sas7bcat_write.c
+@@ -46,7 +46,8 @@ static sas7bcat_block_t *sas7bcat_block_for_label_set(readstat_label_set_t *r_la
+     memcpy(&block->data[38], &count, sizeof(int32_t));
+     memcpy(&block->data[42], &count, sizeof(int32_t));
+     if (name_len > 8) {
+-        block->data[2] = (char)0x80;
++        int16_t flags = 0x80;
++        memcpy(&block->data[2], &flags, sizeof(int16_t));
+         memcpy(&block->data[8], name, 8);
+ 
+         memset(&block->data[106], ' ', 32);
+@@ -139,16 +140,15 @@ static readstat_error_t sas7bcat_begin_data(void *writer_ctx) {
+ 
+     // Page 1
+     char *xlsr = &page[856];
+-    int16_t block_idx, block_off;
+-    block_idx = 4;
+-    block_off = 16;
++    int32_t block_idx = 4;
++    int16_t block_off = 16;
+     for (i=0; i<writer->label_sets_count; i++) {
+         if (xlsr + 212 > page + hinfo->page_size)
+             break;
+ 
+         memcpy(&xlsr[0], "XLSR", 4);
+ 
+-        memcpy(&xlsr[4], &block_idx, sizeof(int16_t));
++        memcpy(&xlsr[4], &block_idx, sizeof(int32_t));
+         memcpy(&xlsr[8], &block_off, sizeof(int16_t));
+ 
+         xlsr[50] = 'O';
diff --git a/user/readstat/buf-overflow.patch b/user/readstat/buf-overflow.patch
new file mode 100644
index 000000000..f3766bb24
--- /dev/null
+++ b/user/readstat/buf-overflow.patch
@@ -0,0 +1,26 @@
+From c7baae72b36acdc24f56ad48d3e859850fdbdc2b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=A1bor=20Cs=C3=A1rdi?= <csardi.gabor@gmail.com>
+Date: Sat, 17 Feb 2024 21:23:14 +0100
+Subject: [PATCH] Fix a buffer overflow (#311)
+
+It happens if raw_str_used underflows and ends up a very large number,
+which is then used as the size of a string.
+
+Closes #285.
+---
+ src/spss/readstat_sav_read.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/spss/readstat_sav_read.c b/src/spss/readstat_sav_read.c
+index 7f49490..460bf07 100644
+--- a/src/spss/readstat_sav_read.c
++++ b/src/spss/readstat_sav_read.c
+@@ -717,7 +717,7 @@ static readstat_error_t sav_process_row(unsigned char *buffer, size_t buffer_len
+             }
+             if (++offset == col_info->width) {
+                 if (++segment_offset < var_info->n_segments) {
+-                    raw_str_used--;
++                    if (raw_str_used > 0) raw_str_used--;
+                 }
+                 offset = 0;
+                 col++;
diff --git a/user/readstat/use-after-free.patch b/user/readstat/use-after-free.patch
new file mode 100644
index 000000000..70ea38ffd
--- /dev/null
+++ b/user/readstat/use-after-free.patch
@@ -0,0 +1,37 @@
+From 718d49155e327471ed9bf4a8c157f849f285b46c Mon Sep 17 00:00:00 2001
+From: Stefan Gerlach <stefan.gerlach@uni-konstanz.de>
+Date: Wed, 20 Sep 2023 15:18:07 +0200
+Subject: [PATCH] Fix use after free (#298)
+
+---
+ src/bin/readstat.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/bin/readstat.c b/src/bin/readstat.c
+index 48b8fdd..e3fbbd1 100644
+--- a/src/bin/readstat.c
++++ b/src/bin/readstat.c
+@@ -397,8 +397,6 @@ static int convert_file(const char *input_filename, const char *catalog_filename
+         module->finish(rs_ctx->module_ctx);
+     }
+ 
+-    free(rs_ctx);
+-
+     if (error != READSTAT_OK) {
+         if (file_exists) {
+             fprintf(stderr, "Error opening %s: File exists (Use -f to overwrite)\n", output_filename);
+@@ -406,9 +404,14 @@ static int convert_file(const char *input_filename, const char *catalog_filename
+             fprintf(stderr, "Error processing %s: %s\n", rs_ctx->error_filename, readstat_error_message(error));
+             unlink(output_filename);
+         }
++
++	free(rs_ctx);
++
+         return 1;
+     }
+ 
++    free(rs_ctx);
++
+     return 0;
+ }
+