gnu: indent: Add patch for CVE-2024-0911. [security fixes]

* gnu/packages/patches/indent-CVE-2024-0911.patch: Add patch here...
* gnu/local.mk: ...here...
* gnu/packages/code.scm (indent)[source]<origin>: ...and here.

3 files changed, 65 insertions, 1 deletions

diff --git a/gnu/local.mk b/gnu/local.mk
index 3b94e6cc7e..06e8f1363c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1562,6 +1562,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/idris-test-ffi008.patch			\
   %D%/packages/patches/igraph-fix-varargs-integer-size.patch	\
   %D%/packages/patches/ilmbase-fix-tests.patch			\
+  %D%/packages/patches/indent-CVE-2024-0911.patch	\
   %D%/packages/patches/instead-use-games-path.patch		\
   %D%/packages/patches/intltool-perl-compatibility.patch	\
   %D%/packages/patches/irrlicht-use-system-libs.patch		\
diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index b1523f5ac7..04ca4dfd6b 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -879,7 +879,9 @@ the C, C++, C++/CLI, Objective‑C, C#, and Java programming languages.")
             (uri (string-append "mirror://gnu/indent/indent-" version
                                 ".tar.gz"))
             (sha256
-             (base32 "15c0ayp9rib7hzvrcxm5ijs0mpagw5y8kf5w0jr9fryfqi7n6r4y"))))
+             (base32 "15c0ayp9rib7hzvrcxm5ijs0mpagw5y8kf5w0jr9fryfqi7n6r4y"))
+            ;; Remove patch when updating.
+            (patches (search-patches "indent-CVE-2024-0911.patch"))))
    (build-system gnu-build-system)
    (native-inputs
     (list texinfo))
diff --git a/gnu/packages/patches/indent-CVE-2024-0911.patch b/gnu/packages/patches/indent-CVE-2024-0911.patch
new file mode 100644
index 0000000000..4687d3f59a
--- /dev/null
+++ b/gnu/packages/patches/indent-CVE-2024-0911.patch
@@ -0,0 +1,61 @@
+Upstream issue: https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00001.html
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ regression/TEST                                     | 2 +-
+ regression/input/comment-parent-heap-underread.c    | 3 +++
+ regression/standard/comment-parent-heap-underread.c | 5 +++++
+ src/output.c                                        | 2 +-
+ 4 files changed, 10 insertions(+), 2 deletions(-)
+ create mode 100644 regression/input/comment-parent-heap-underread.c
+ create mode 100644 regression/standard/comment-parent-heap-underread.c
+
+diff --git a/regression/TEST b/regression/TEST
+index 7c07c2e..951b1a2 100755
+--- a/regression/TEST
++++ b/regression/TEST
+@@ -40,6 +40,7 @@ BUGS="case-label.c one-line-1.c one-line-2.c one-line-3.c \
+         macro.c enum.c elif.c nested.c wrapped-string.c minus_predecrement.c \
+         bug-gnu-33364.c float-constant-suffix.c block-comments.c \
+-        no-forced-nl-in-block-init.c hexadecimal_float.c binary-constant.c"
++        no-forced-nl-in-block-init.c hexadecimal_float.c binary-constant.c \
++        comment-parent-heap-underread.c"
+ 
+ INDENTSRC="args.c backup.h backup.c dirent_def.h globs.c indent.h \
+         indent.c indent_globs.h io.c lexi.c memcpy.c parse.c pr_comment.c \
+diff --git a/regression/input/comment-parent-heap-underread.c 
+b/regression/input/comment-parent-heap-underread.c
+new file mode 100644
+index 0000000..68e13cf
+--- /dev/null
++++ b/regression/input/comment-parent-heap-underread.c
+@@ -0,0 +1,3 @@
++void foo(void) {
++/*a*/(1);
++}
+diff --git a/regression/standard/comment-parent-heap-underread.c 
+b/regression/standard/comment-parent-heap-underread.c
+new file mode 100644
+index 0000000..9a1c6e3
+--- /dev/null
++++ b/regression/standard/comment-parent-heap-underread.c
+@@ -0,0 +1,5 @@
++void
++foo (void)
++{
++/*a*/ (1);
++}
+diff --git a/src/output.c b/src/output.c
+index ee01bcc..17eee6e 100644
+--- a/src/output.c
++++ b/src/output.c
+@@ -290,7 +290,7 @@ void set_buf_break (
+     /* Did we just parse a bracket that will be put on the next line
+      * by this line break? */
+ 
+-    if ((*token == '(') || (*token == '['))
++    if (level > 0 && ((*token == '(') || (*token == '[')))
+     {
+         --level;                        /* then don't take it into account */
+     }
+-- 
+2.43.0