From 2d9f6710728b8bb89de5abcc2b4af8ff4755a62e Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 15 Jun 2017 12:16:49 +0200
Subject: [PATCH] Resolves: rhbz#1461763 CVE-2017-9433 Out-of-bounds write in
 the MsWrd1Parser::readFootnoteCorrespondence function

---
 0001-ofz-1037-resize-vector-correctly.patch | 25 +++++++++++++++++++++
 libmwaw.spec                                |  8 ++++++-
 2 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 0001-ofz-1037-resize-vector-correctly.patch

diff --git a/0001-ofz-1037-resize-vector-correctly.patch b/0001-ofz-1037-resize-vector-correctly.patch
new file mode 100644
index 0000000..df64f7b
--- /dev/null
+++ b/0001-ofz-1037-resize-vector-correctly.patch
@@ -0,0 +1,25 @@
+From 68b3b74569881248bfb6cbb4266177cc253b292f Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Sat, 8 Apr 2017 14:03:29 +0200
+Subject: [PATCH] ofz#1037 resize vector correctly
+
+---
+ src/lib/MsWrd1Parser.cxx | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lib/MsWrd1Parser.cxx b/src/lib/MsWrd1Parser.cxx
+index 63547e6..3626064 100644
+--- a/src/lib/MsWrd1Parser.cxx
++++ b/src/lib/MsWrd1Parser.cxx
+@@ -902,7 +902,7 @@ bool MsWrd1Parser::readFootnoteCorrespondance(MWAWVec2i limits)
+     int id = fIt++->second;
+     fPos[1] = fIt==footnoteMap.end() ? m_state->m_eot : fIt->first;
+     if (id >= int(m_state->m_footnotesList.size()))
+-      m_state->m_footnotesList.resize(size_t(id),MWAWVec2l(0,0));
++      m_state->m_footnotesList.resize(size_t(id)+1,MWAWVec2l(0,0));
+     m_state->m_footnotesList[size_t(id)]=fPos;
+   }
+   ascii().addDelimiter(input->tell(),'|');
+-- 
+2.13.0
+
diff --git a/libmwaw.spec b/libmwaw.spec
index aeb4760..7826b5f 100644
--- a/libmwaw.spec
+++ b/libmwaw.spec
@@ -2,13 +2,15 @@
 
 Name: libmwaw
 Version: 0.3.11
-Release: 2%{?dist}
+Release: 3%{?dist}
 Summary: A library for import of many old Mac document formats
 
 License: LGPLv2+ or MPLv2.0
 URL: http://sourceforge.net/projects/libmwaw/
 Source: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz
 
+Patch0: 0001-ofz-1037-resize-vector-correctly.patch
+
 BuildRequires: doxygen
 BuildRequires: help2man
 BuildRequires: pkgconfig(librevenge-0.0)
@@ -104,6 +106,10 @@ install -m 0644 mwaw2*.1 %{buildroot}/%{_mandir}/man1
 %{_mandir}/man1/mwaw2text.1*
 
 %changelog
+* Thu Jun 15 2017 David Tardon <dtardon@redhat.com> - 0.3.11-3
+- Resolves: rhbz#1461763 CVE-2017-9433 Out-of-bounds write in the
+  MsWrd1Parser::readFootnoteCorrespondence function
+
 * Mon May 15 2017 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.11-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_27_Mass_Rebuild