From ca3e2ad983771b90da259994b7a6d7de1fd1abdc Mon Sep 17 00:00:00 2001
From: Allen Winter <allen.winter@kdab.com>
Date: Sat, 1 Oct 2022 09:58:07 -0400
Subject: src/libical/icalparser.c - fix a fuzz issue for integer overflow

---
 ReleaseNotes.txt         | 2 +-
 src/libical/icalparser.c | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/ReleaseNotes.txt b/ReleaseNotes.txt
index 4d1cad00..11ceac75 100644
--- a/ReleaseNotes.txt
+++ b/ReleaseNotes.txt
@@ -9,7 +9,7 @@ Version 3.0.15 (UNRELEASED):
    to work properly between years 1902 and 10k.
  * Fix x-property comma handling and escaping
  * Built-in timezones updated to tzdata2022d (now with a VTIMEZONE for each time zone alias)
- * Fix a fuzzer issue
+ * Fix fuzzer issues
 
 Version 3.0.14 (05 February 2022):
 ----------------------------------
diff --git a/src/libical/icalparser.c b/src/libical/icalparser.c
index ebb10970..5ddab29b 100644
--- a/src/libical/icalparser.c
+++ b/src/libical/icalparser.c
@@ -630,6 +630,7 @@ icalcomponent *icalparser_parse(icalparser *parser,
                                 icalparser_line_gen_func line_gen_func)
 {
     char *line;
+    unsigned int cnt = 0;
     icalcomponent *c = 0;
     icalcomponent *root = 0;
     icalerrorstate es = icalerror_get_error_state(ICAL_MALFORMEDDATA_ERROR);
@@ -640,6 +641,7 @@ icalcomponent *icalparser_parse(icalparser *parser,
     icalerror_set_error_state(ICAL_MALFORMEDDATA_ERROR, ICAL_ERROR_NONFATAL);
 
     do {
+        cnt++;
         line = icalparser_get_line(parser, line_gen_func);
 
         if ((c = icalparser_add_line(parser, line)) != 0) {
@@ -679,7 +681,7 @@ icalcomponent *icalparser_parse(icalparser *parser,
             icalmemory_free_buffer(line);
             cont = 1;
         }
-    } while (cont);
+    } while (cont && cnt < TMP_BUF_SIZE);
 
     icalerror_set_error_state(ICAL_MALFORMEDDATA_ERROR, es);
 
-- 
cgit v1.2.1