From cceb2b3617561b998007ddf3dab4284d18f3a43b Mon Sep 17 00:00:00 2001
From: MSVSphere Packaging Team <packager@msvsphere-os.ru>
Date: Thu, 14 Nov 2024 21:45:09 +0300
Subject: [PATCH] import slang-2.3.3-8.el10

---
 SOURCES/slang-sast.patch | 54 ++++++++++++++++++++++++++++++++++++++++
 SPECS/slang.spec         |  9 ++++++-
 2 files changed, 62 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/slang-sast.patch

diff --git a/SOURCES/slang-sast.patch b/SOURCES/slang-sast.patch
new file mode 100644
index 0000000..30e9ccc
--- /dev/null
+++ b/SOURCES/slang-sast.patch
@@ -0,0 +1,54 @@
+commit 99a1d340301dcee86cabc16b9721e21562691f9c
+Author: John E. Davis <jed@jedsoft.org>
+Date:   Mon May 20 00:19:16 2024 -0400
+
+    pre2.3.4-13: Initialize the variables provided by the %g operator to zero to not
+    leak uninitialized data from the stack if not set by %P. (Miroslav
+    Lichvar)
+
+diff --git a/src/sldisply.c b/src/sldisply.c
+index 2664aad..00d3acb 100644
+--- a/src/sldisply.c
++++ b/src/sldisply.c
+@@ -534,6 +534,8 @@ static unsigned int tt_sprintf(char *buf, unsigned int buflen, SLCONST char *fmt
+    parms [1] = x;	       /* p1 */
+    parms [2] = y;	       /* p2 */
+ 
++   memset (variables, 0, sizeof(variables));
++
+    offset = 0;
+    zero_pad = 0;
+    field_width = 0;
+
+commit 89d32bb2a32037ce7307b385da88e23dab6f31f6
+Author: John E. Davis <jed@jedsoft.org>
+Date:   Wed Nov 6 10:49:27 2024 -0500
+
+    pre2.3.4-16: Removed unnecessary chack for a NULL string in keymap.c:find_the_key, and corrected a potential memory leak in the sltoken.c:compile_byte_compiled_multistring function
+
+diff --git a/src/slkeymap.c b/src/slkeymap.c
+index ab9f391..0a2de96 100644
+--- a/src/slkeymap.c
++++ b/src/slkeymap.c
+@@ -335,7 +335,7 @@ static int find_the_key (SLFUTURE_CONST char *s, SLkeymap_Type *kml, SLang_Key_T
+ 	last = key;
+ 	key = key->next;
+ 
+-	if ((key != NULL) && (key->str != NULL))
++	if (key != NULL)
+ 	  {
+ 	     len = key_len = key->str[0];
+ 	     if (len > str_len) len = str_len;
+diff --git a/src/sltoken.c b/src/sltoken.c
+index d142eee..dd3142e 100644
+--- a/src/sltoken.c
++++ b/src/sltoken.c
+@@ -1999,7 +1999,7 @@ static int compile_byte_compiled_multistring (char *buf)
+ 	if ((last_type != type) && (type != 0))
+ 	  {
+ 	     SLang_verror (SL_INVALID_DATA_ERROR, "Unexpected object (0x%X) encountered in stream", (int)this_type);
+-	     return -1;
++	     goto return_error;
+ 	  }
+ 	type = last_type;
+ 
diff --git a/SPECS/slang.spec b/SPECS/slang.spec
index fd9c4cd..64913b4 100644
--- a/SPECS/slang.spec
+++ b/SPECS/slang.spec
@@ -7,12 +7,15 @@
 Summary:	Shared library for the S-Lang extension language
 Name:		slang
 Version:	2.3.3
-Release:	7%{?dist}
+Release:	8%{?dist}
 License:	GPL-2.0-or-later
 URL:		https://www.jedsoft.org/slang/
 Source:		https://www.jedsoft.org/releases/%{name}/%{name}-%{version}.tar.bz2
 # disable test that fails with SIGHUP ignored (e.g. in koji)
 Patch2:		slang-sighuptest.patch
+# fix issues found by static analysis
+Patch3:		slang-sast.patch
+
 BuildRequires: make
 BuildRequires:	gcc libpng-devel zlib-devel
 %{?with_oniguruma:BuildRequires: oniguruma-devel}
@@ -54,6 +57,7 @@ based on the S-Lang extension language.
 %prep
 %setup -q
 %patch2 -p1 -b .sighuptest
+%patch3 -p1 -b .sast
 
 %build
 %configure \
@@ -108,6 +112,9 @@ make check
 %{_includedir}/slang
 
 %changelog
+* Wed Nov 06 2024 Miroslav Lichvar <mlichvar@redhat.com> - 2.3.3-8
+- fix issues found by static analysis (RHEL-36476)
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.3.3-7
 - Bump release for October 2024 mass rebuild:
   Resolves: RHEL-64018