File CVE-2024-34403.patch of Package uriparser.33965

From bb6b9b3f25fbafeb12dac68574d9f677b09880e3 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Sun, 28 Apr 2024 21:57:27 +0200
Subject: [PATCH] Protect against integer overflow in ComposeQueryMallocExMm

Requires string input that is longer than INT_MAX / 6 - 1 to exploit.
---
 src/UriQuery.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

--- a/src/UriQuery.c
+++ b/src/UriQuery.c
@@ -162,10 +162,14 @@ int URI_FUNC(ComposeQueryMallocEx)(URI_C
 	if (res != URI_SUCCESS) {
 		return res;
 	}
+	if (charsRequired == INT_MAX) {
+	    return URI_ERROR_MALLOC;
+	}
 	charsRequired++;
 
 	/* Allocate space */
 	queryString = malloc(charsRequired * sizeof(URI_CHAR));
+	queryString = calloc(charsRequired, sizeof(URI_CHAR));
 	if (queryString == NULL) {
 		return URI_ERROR_MALLOC;
 	}