From c934437856bf6c0d00c319c56ce5bc348cc4cf2e Mon Sep 17 00:00:00 2001
From: Hans de Graaff <graaff@gentoo.org>
Date: Fri, 1 Sep 2017 09:10:59 +0200
Subject: dev-ruby/json: fix security bug 629484

Package-Manager: Portage-2.3.6, Repoman-2.3.2
---
 dev-ruby/json/files/json-1.8.6-heap-exposure.patch | 82 ++++++++++++++++++++++
 1 file changed, 82 insertions(+)
 create mode 100644 dev-ruby/json/files/json-1.8.6-heap-exposure.patch

(limited to 'dev-ruby/json/files')

diff --git a/dev-ruby/json/files/json-1.8.6-heap-exposure.patch b/dev-ruby/json/files/json-1.8.6-heap-exposure.patch
new file mode 100644
index 000000000000..d3da7a0f86f9
--- /dev/null
+++ b/dev-ruby/json/files/json-1.8.6-heap-exposure.patch
@@ -0,0 +1,82 @@
+diff --git ext/json/generator/generator.c ext/json/generator/generator.c
+index a135e28348..2cdca5685f 100644
+--- a/ext/json/ext/generator/generator.c
++++ b/ext/json/ext/generator/generator.c
+@@ -301,7 +301,7 @@ static char *fstrndup(const char *ptr, unsigned long len) {
+   char *result;
+   if (len <= 0) return NULL;
+   result = ALLOC_N(char, len);
+-  memccpy(result, ptr, 0, len);
++  memcpy(result, ptr, len);
+   return result;
+ }
+ 
+@@ -1055,7 +1055,7 @@ static VALUE cState_indent_set(VALUE self, VALUE indent)
+         }
+     } else {
+         if (state->indent) ruby_xfree(state->indent);
+-        state->indent = strdup(RSTRING_PTR(indent));
++        state->indent = fstrndup(RSTRING_PTR(indent), len);
+         state->indent_len = len;
+     }
+     return Qnil;
+@@ -1093,7 +1093,7 @@ static VALUE cState_space_set(VALUE self, VALUE space)
+         }
+     } else {
+         if (state->space) ruby_xfree(state->space);
+-        state->space = strdup(RSTRING_PTR(space));
++        state->space = fstrndup(RSTRING_PTR(space), len);
+         state->space_len = len;
+     }
+     return Qnil;
+@@ -1129,7 +1129,7 @@ static VALUE cState_space_before_set(VALUE self, VALUE space_before)
+         }
+     } else {
+         if (state->space_before) ruby_xfree(state->space_before);
+-        state->space_before = strdup(RSTRING_PTR(space_before));
++        state->space_before = fstrndup(RSTRING_PTR(space_before), len);
+         state->space_before_len = len;
+     }
+     return Qnil;
+@@ -1166,7 +1166,7 @@ static VALUE cState_object_nl_set(VALUE self, VALUE object_nl)
+         }
+     } else {
+         if (state->object_nl) ruby_xfree(state->object_nl);
+-        state->object_nl = strdup(RSTRING_PTR(object_nl));
++        state->object_nl = fstrndup(RSTRING_PTR(object_nl), len);
+         state->object_nl_len = len;
+     }
+     return Qnil;
+@@ -1201,7 +1201,7 @@ static VALUE cState_array_nl_set(VALUE self, VALUE array_nl)
+         }
+     } else {
+         if (state->array_nl) ruby_xfree(state->array_nl);
+-        state->array_nl = strdup(RSTRING_PTR(array_nl));
++        state->array_nl = fstrndup(RSTRING_PTR(array_nl), len);
+         state->array_nl_len = len;
+     }
+     return Qnil;
+diff --git ext/json/generator/generator.h ext/json/generator/generator.h
+index 298c0a4965..6bbf817b7d 100644
+--- a/ext/json/ext/generator/generator.h
++++ b/ext/json/ext/generator/generator.h
+@@ -1,7 +1,6 @@
+ #ifndef _GENERATOR_H_
+ #define _GENERATOR_H_
+ 
+-#include <string.h>
+ #include <math.h>
+ #include <ctype.h>
+ 
+diff --git ext/json/lib/json/version.rb ext/json/lib/json/version.rb
+index b5748334b9..cd7ddf8777 100644
+--- a/lib/json/version.rb
++++ b/lib/json/version.rb
+@@ -1,7 +1,7 @@
+ module JSON
+   # JSON version
+-  VERSION         = '1.8.6'
++  VERSION         = '1.8.6.1'
+   VERSION_ARRAY   = VERSION.split(/\./).map { |x| x.to_i } # :nodoc:
+   VERSION_MAJOR   = VERSION_ARRAY[0] # :nodoc:
+   VERSION_MINOR   = VERSION_ARRAY[1] # :nodoc:
-- 
cgit v1.2.3-65-gdbad