From d1c680b6c7a43ac431975d0d6711e4ff4878e24c Mon Sep 17 00:00:00 2001
From: deepin-ci-robot <packages@deepin.org>
Date: Mon, 27 Apr 2026 19:08:40 +0800
Subject: [PATCH] fix(libcpanel-json-xs-perl): CVE-2025-40929

Fix integer buffer overflow in json_atof_scan1 with fuzzed overlong numbers.

Upstream: https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2

Generated-By: glm-5.1

Co-Authored-By: hudeng <hudeng@deepin.org>
---
 debian/changelog                    |  6 ++++++
 debian/patches/cve_2025_40929.patch | 33 +++++++++++++++++++++++++++++
 debian/patches/series               |  1 +
 3 files changed, 40 insertions(+)
 create mode 100644 debian/patches/cve_2025_40929.patch
 create mode 100644 debian/patches/series

diff --git a/debian/changelog b/debian/changelog
index bfa1192..6722ead 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+libcpanel-json-xs-perl (4.39-1deepin1) unstable; urgency=medium
+
+  * Fix integer buffer overflow in json_atof_scan1 (CVE-2025-40929)
+
+ -- deepin-ci-robot <packages@deepin.org>  Mon, 27 Apr 2026 19:07:41 +0800
+
 libcpanel-json-xs-perl (4.39-1) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/patches/cve_2025_40929.patch b/debian/patches/cve_2025_40929.patch
new file mode 100644
index 0000000..45fb677
--- /dev/null
+++ b/debian/patches/cve_2025_40929.patch
@@ -0,0 +1,33 @@
+Index: github-libcpanel-json-xs-perl-CVE-2025-40929/XS.xs
+===================================================================
+--- github-libcpanel-json-xs-perl-CVE-2025-40929.orig/XS.xs
++++ github-libcpanel-json-xs-perl-CVE-2025-40929/XS.xs
+@@ -710,16 +710,16 @@ json_atof_scan1 (const char *s, NV *accu
+   /* if we recurse too deep, skip all remaining digits */
+   /* to avoid a stack overflow attack */
+   if (UNLIKELY(--maxdepth <= 0))
+-    while (((U8)*s - '0') < 10)
++    while (*s >= '0' && *s <= '9')
+       ++s;
+ 
+   for (;;)
+     {
+-      U8 dig = (U8)*s - '0';
++      U8 dig = (U8)(*s - '0');
+ 
+       if (UNLIKELY(dig >= 10))
+         {
+-          if (dig == (U8)((U8)'.' - (U8)'0'))
++          if (dig == (U8)('.' - '0'))
+             {
+               ++s;
+               json_atof_scan1 (s, accum, expo, 1, maxdepth);
+@@ -739,7 +739,7 @@ json_atof_scan1 (const char *s, NV *accu
+               else if (*s == '+')
+                 ++s;
+ 
+-              while ((dig = (U8)*s - '0') < 10)
++              while (*s >= '0' && *s <= '9')
+                 exp2 = exp2 * 10 + *s++ - '0';
+ 
+               *expo += neg ? -exp2 : exp2;
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..b597025
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+cve_2025_40929.patch