File _service:obs_scm:backport-CVE-2024-38517.patch of Package rapidjson

From 8269bc2bc289e9d343bae51cdf6d23ef0950e001 Mon Sep 17 00:00:00 2001
From: Florin Malita <fmalita@gmail.com>
Date: Tue, 15 May 2018 22:48:07 -0400
Subject: [PATCH] Prevent int underflow when parsing exponents

When parsing negative exponents, the current implementation takes
precautions for |exp| to not underflow int.

But that is not sufficient: later on [1], |exp + expFrac| is also
stored to an int - so we must ensure that the sum stays within int
representable values.

Update the exp clamping logic to take expFrac into account.

[1] https://github.com/Tencent/rapidjson/blob/master/include/rapidjson/reader.h#L1690
---
 include/rapidjson/reader.h   | 11 ++++++++++-
 test/unittest/readertest.cpp |  1 +
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/include/rapidjson/reader.h b/include/rapidjson/reader.h
index 7441eda4..f95aef42 100644
--- a/include/rapidjson/reader.h
+++ b/include/rapidjson/reader.h
@@ -1632,9 +1632,18 @@ private:
             if (RAPIDJSON_LIKELY(s.Peek() >= '0' && s.Peek() <= '9')) {
                 exp = static_cast<int>(s.Take() - '0');
                 if (expMinus) {
+                    // (exp + expFrac) must not underflow int => we're detecting when -exp gets
+                    // dangerously close to INT_MIN (a pessimistic next digit 9 would push it into
+                    // underflow territory):
+                    //
+                    //        -(exp * 10 + 9) + expFrac >= INT_MIN
+                    //   <=>  exp <= (expFrac - INT_MIN - 9) / 10
+                    RAPIDJSON_ASSERT(expFrac <= 0);
+                    int maxExp = (expFrac + 2147483639) / 10;
+
                     while (RAPIDJSON_LIKELY(s.Peek() >= '0' && s.Peek() <= '9')) {
                         exp = exp * 10 + static_cast<int>(s.Take() - '0');
-                        if (exp >= 214748364) {                         // Issue #313: prevent overflow exponent
+                        if (RAPIDJSON_UNLIKELY(exp > maxExp)) {
                             while (RAPIDJSON_UNLIKELY(s.Peek() >= '0' && s.Peek() <= '9'))  // Consume the rest of exponent
                                 s.Take();
                         }
diff --git a/test/unittest/readertest.cpp b/test/unittest/readertest.cpp
index e5308019..c4800b93 100644
--- a/test/unittest/readertest.cpp
+++ b/test/unittest/readertest.cpp
@@ -242,6 +242,7 @@ static void TestParseDouble() {
     TEST_DOUBLE(fullPrecision, "1e-214748363", 0.0);                                  // Maximum supported negative exponent
     TEST_DOUBLE(fullPrecision, "1e-214748364", 0.0);
     TEST_DOUBLE(fullPrecision, "1e-21474836311", 0.0);
+    TEST_DOUBLE(fullPrecision, "1.00000000001e-2147483638", 0.0);
     TEST_DOUBLE(fullPrecision, "0.017976931348623157e+310", 1.7976931348623157e+308); // Max double in another form
 
     // Since
-- 
2.20.1