File _service:tar_scm:backport-0002-CVE-2024-40897.p... of Package orc

File _service:tar_scm:backport-0002-CVE-2024-40897.patch of Package orc

From abd75edff9de9a06d0531b9db50963a0da42145c Mon Sep 17 00:00:00 2001
From: "L. E. Segovia" <amy@centricular.com>
Date: Tue, 9 Jul 2024 12:03:53 -0300
Subject: [PATCH 2/2] orccompiler, orcparse: Use secure UCRT printing functions
 on Windows

See #69

Part-of: <https://gitlab.freedesktop.org/gstreamer/orc/-/merge_requests/191>
---
 orc/orccompiler.c | 5 ++++-
 orc/orcparse.c    | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/orc/orccompiler.c b/orc/orccompiler.c
index b3152e7..f3bb7c0 100644
--- a/orc/orccompiler.c
+++ b/orc/orccompiler.c
@@ -1328,11 +1328,14 @@ static void
 orc_compiler_error_valist (OrcCompiler *compiler, const char *fmt,
     va_list args)
 {
-  char *s;
+  char *s = NULL;
 
   if (compiler->error_msg) return;
 #ifdef HAVE_VASPRINTF
   vasprintf (&s, fmt, args);
+#elif defined(_UCRT)
+  s = malloc (ORC_COMPILER_ERROR_BUFFER_SIZE);
+  vsnprintf_s (s, ORC_COMPILER_ERROR_BUFFER_SIZE, _TRUNCATE, fmt, args);  
 #else
   s = malloc (ORC_COMPILER_ERROR_BUFFER_SIZE);
   vsnprintf (s, ORC_COMPILER_ERROR_BUFFER_SIZE, fmt, args);
diff --git a/orc/orcparse.c b/orc/orcparse.c
index 8888de4..3bebd1a 100644
--- a/orc/orcparse.c
+++ b/orc/orcparse.c
@@ -428,8 +428,11 @@ orc_parse_add_error_valist (OrcParser *parser, const char *format, va_list args)
     parser->error_program = parser->program;
   }
 #ifdef HAVE_VASPRINTF
-  char *text;
+  char *text = NULL;
   vasprintf (&text, format, args);
+#elif defined(_UCRT)
+  char text[ORC_ERROR_LENGTH] = { '\0' };
+  vsnprintf_s (text, ORC_ERROR_LENGTH, _TRUNCATE, format, args);  
 #else
   char text[ORC_ERROR_LENGTH] = { '\0' };
   vsnprintf (text, sizeof (text), format, args);
-- 
2.27.0