From 3b12e60407f7c093125c37aa676242f875f5db62 Mon Sep 17 00:00:00 2001
From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
Date: Tue, 28 May 2024 16:18:30 -0500
Subject: user/readstat: Update to 1.1.9 and fix issues

1.1.9 includes many big-endian fixes and other improvements.

* Fix use-after-free found after 1.1.9 release that causes GCC to error.
* Fix buffer overflow that might cause a crash.
* Fix two more big endian issues.
---
 user/readstat/APKBUILD             | 13 +++++--
 user/readstat/big-endian.patch     | 76 ++++++++++++++++++++++++++++++++++++++
 user/readstat/buf-overflow.patch   | 26 +++++++++++++
 user/readstat/use-after-free.patch | 37 +++++++++++++++++++
 4 files changed, 149 insertions(+), 3 deletions(-)
 create mode 100644 user/readstat/big-endian.patch
 create mode 100644 user/readstat/buf-overflow.patch
 create mode 100644 user/readstat/use-after-free.patch

diff --git a/user/readstat/APKBUILD b/user/readstat/APKBUILD
index bb9926267..1ce3b3249 100644
--- a/user/readstat/APKBUILD
+++ b/user/readstat/APKBUILD
@@ -1,6 +1,6 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=readstat
-pkgver=1.1.8
+pkgver=1.1.9
 pkgrel=0
 pkgdesc="Command-line tool for converting stats package files"
 url=" "
@@ -9,7 +9,11 @@ license="MIT"
 depends=""
 makedepends="zlib-dev"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
-source="https://github.com/WizardMac/ReadStat/releases/download/v$pkgver/readstat-$pkgver.tar.gz"
+source="https://github.com/WizardMac/ReadStat/releases/download/v$pkgver/readstat-$pkgver.tar.gz
+	use-after-free.patch
+	buf-overflow.patch
+	big-endian.patch
+	"
 
 build() {
 	./configure \
@@ -35,4 +39,7 @@ libs() {
 	default_libs
 }
 
-sha512sums="0b6278c2f1acae2cb6c509dbf730b121e1d8cd6e53736f060c0b79ba5fbcf56e1c4ac39568d21e90f537a0bae0341d702421eb768d384f8891f6486b7c6c2f1f  readstat-1.1.8.tar.gz"
+sha512sums="1034d2ca4f45a5b93ed1857b9176965a1584c042bfc2316cc93d0a80f589dc55ad6fe01036a6b9a4db36080b2a9876472f9016ce01e015692430dbeb7e26ece0  readstat-1.1.9.tar.gz
+b58b0b2d5da107048c4aedbb6a8a0cd7cd3710ac6e6cd5cb759fd149288da24fb2f52022586154eba42d32441ab5a6ec307f895af2875649bb57a4d0473d9a81  use-after-free.patch
+cfcad56dfe51b1454010e6cf15961816de8b60f1d5918638b8f1f208d18713db281eb1d915db4cd79fe11d28c82a1c3c23a1a05a079b4071ba2f61c1d0c74dbc  buf-overflow.patch
+3aad51258a52c13c45bd94c7e12a9ae38923930f03dbbee650d489ef812999de82e8024ec5e74ca4ad191aa90b2c5d8dd983493121c9b874708b3f32419e1146  big-endian.patch"
diff --git a/user/readstat/big-endian.patch b/user/readstat/big-endian.patch
new file mode 100644
index 000000000..71f1db133
--- /dev/null
+++ b/user/readstat/big-endian.patch
@@ -0,0 +1,76 @@
+From 0034c8ee693563cbecae8fa8a24d3e8d5dcc6ab1 Mon Sep 17 00:00:00 2001
+From: Evan Miller <emmiller@gmail.com>
+Date: Sat, 4 May 2024 08:50:28 -0400
+Subject: [PATCH] [SAS7BCAT writer] big-endian architecture fix
+
+Closes #302
+---
+ src/sas/readstat_sas7bcat_write.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/sas/readstat_sas7bcat_write.c b/src/sas/readstat_sas7bcat_write.c
+index 6544798c..9642fdad 100644
+--- a/src/sas/readstat_sas7bcat_write.c
++++ b/src/sas/readstat_sas7bcat_write.c
+@@ -63,7 +63,8 @@ static sas7bcat_block_t *sas7bcat_block_for_label_set(readstat_label_set_t *r_la
+ 
+     for (j=0; j<r_label_set->value_labels_count; j++) {
+         readstat_value_label_t *value_label = readstat_get_value_label(r_label_set, j);
+-        lbp1[2] = 24; // size - 6
++        int16_t value_entry_len = 24; // size - 6
++        memcpy(&lbp1[2], &value_entry_len, sizeof(int16_t));
+         int32_t index = j;
+         memcpy(&lbp1[10], &index, sizeof(int32_t));
+         if (r_label_set->type == READSTAT_TYPE_STRING) {
+@@ -86,7 +87,7 @@ static sas7bcat_block_t *sas7bcat_block_for_label_set(readstat_label_set_t *r_la
+         memcpy(&lbp2[8], &label_len, sizeof(int16_t));
+         memcpy(&lbp2[10], value_label->label, label_len);
+ 
+-        lbp1 += 30;
++        lbp1 += 6 + value_entry_len;
+         lbp2 += 8 + 2 + value_label->label_len + 1;
+     }
+ 
+From 29aac3db79a5da20d1d1dcbb54a587c5ba51e7b3 Mon Sep 17 00:00:00 2001
+From: Evan Miller <emmiller@gmail.com>
+Date: Sat, 4 May 2024 10:35:27 -0400
+Subject: [PATCH] [SAS7BCAT writer] more big-endian fixes
+
+---
+ src/sas/readstat_sas7bcat_write.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/sas/readstat_sas7bcat_write.c b/src/sas/readstat_sas7bcat_write.c
+index 9642fda..c25fec0 100644
+--- a/src/sas/readstat_sas7bcat_write.c
++++ b/src/sas/readstat_sas7bcat_write.c
+@@ -46,7 +46,8 @@ static sas7bcat_block_t *sas7bcat_block_for_label_set(readstat_label_set_t *r_la
+     memcpy(&block->data[38], &count, sizeof(int32_t));
+     memcpy(&block->data[42], &count, sizeof(int32_t));
+     if (name_len > 8) {
+-        block->data[2] = (char)0x80;
++        int16_t flags = 0x80;
++        memcpy(&block->data[2], &flags, sizeof(int16_t));
+         memcpy(&block->data[8], name, 8);
+ 
+         memset(&block->data[106], ' ', 32);
+@@ -139,16 +140,15 @@ static readstat_error_t sas7bcat_begin_data(void *writer_ctx) {
+ 
+     // Page 1
+     char *xlsr = &page[856];
+-    int16_t block_idx, block_off;
+-    block_idx = 4;
+-    block_off = 16;
++    int32_t block_idx = 4;
++    int16_t block_off = 16;
+     for (i=0; i<writer->label_sets_count; i++) {
+         if (xlsr + 212 > page + hinfo->page_size)
+             break;
+ 
+         memcpy(&xlsr[0], "XLSR", 4);
+ 
+-        memcpy(&xlsr[4], &block_idx, sizeof(int16_t));
++        memcpy(&xlsr[4], &block_idx, sizeof(int32_t));
+         memcpy(&xlsr[8], &block_off, sizeof(int16_t));
+ 
+         xlsr[50] = 'O';
diff --git a/user/readstat/buf-overflow.patch b/user/readstat/buf-overflow.patch
new file mode 100644
index 000000000..f3766bb24
--- /dev/null
+++ b/user/readstat/buf-overflow.patch
@@ -0,0 +1,26 @@
+From c7baae72b36acdc24f56ad48d3e859850fdbdc2b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=A1bor=20Cs=C3=A1rdi?= <csardi.gabor@gmail.com>
+Date: Sat, 17 Feb 2024 21:23:14 +0100
+Subject: [PATCH] Fix a buffer overflow (#311)
+
+It happens if raw_str_used underflows and ends up a very large number,
+which is then used as the size of a string.
+
+Closes #285.
+---
+ src/spss/readstat_sav_read.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/spss/readstat_sav_read.c b/src/spss/readstat_sav_read.c
+index 7f49490..460bf07 100644
+--- a/src/spss/readstat_sav_read.c
++++ b/src/spss/readstat_sav_read.c
+@@ -717,7 +717,7 @@ static readstat_error_t sav_process_row(unsigned char *buffer, size_t buffer_len
+             }
+             if (++offset == col_info->width) {
+                 if (++segment_offset < var_info->n_segments) {
+-                    raw_str_used--;
++                    if (raw_str_used > 0) raw_str_used--;
+                 }
+                 offset = 0;
+                 col++;
diff --git a/user/readstat/use-after-free.patch b/user/readstat/use-after-free.patch
new file mode 100644
index 000000000..70ea38ffd
--- /dev/null
+++ b/user/readstat/use-after-free.patch
@@ -0,0 +1,37 @@
+From 718d49155e327471ed9bf4a8c157f849f285b46c Mon Sep 17 00:00:00 2001
+From: Stefan Gerlach <stefan.gerlach@uni-konstanz.de>
+Date: Wed, 20 Sep 2023 15:18:07 +0200
+Subject: [PATCH] Fix use after free (#298)
+
+---
+ src/bin/readstat.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/bin/readstat.c b/src/bin/readstat.c
+index 48b8fdd..e3fbbd1 100644
+--- a/src/bin/readstat.c
++++ b/src/bin/readstat.c
+@@ -397,8 +397,6 @@ static int convert_file(const char *input_filename, const char *catalog_filename
+         module->finish(rs_ctx->module_ctx);
+     }
+ 
+-    free(rs_ctx);
+-
+     if (error != READSTAT_OK) {
+         if (file_exists) {
+             fprintf(stderr, "Error opening %s: File exists (Use -f to overwrite)\n", output_filename);
+@@ -406,9 +404,14 @@ static int convert_file(const char *input_filename, const char *catalog_filename
+             fprintf(stderr, "Error processing %s: %s\n", rs_ctx->error_filename, readstat_error_message(error));
+             unlink(output_filename);
+         }
++
++	free(rs_ctx);
++
+         return 1;
+     }
+ 
++    free(rs_ctx);
++
+     return 0;
+ }
+ 
-- 
cgit v1.2.3-60-g2f50