From 4e595c3b6de267bfe770c218bb38c116a3d7d59f Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Sun, 9 Oct 2011 11:42:32 +0200
Subject: [PATCH] give a diagnostic rather than a failed assertion for a
 mangled patch

* src/pch.c (another_hunk): Rather than asserting(C), issue the
"replacement text or line numbers mangled ..." diagnostic when !C.
* tests/mangled-numbers-abort: New test for the above.
* tests/Makefile.am (TESTS): Add it.
* NEWS: Mention it.
Reported by Gabriel Vlasiu via Tim Waugh.
See also http://bugzilla.redhat.com/738959
---
 NEWS                        |  1 +
 src/pch.c                   |  4 +++-
 tests/Makefile.am           |  1 +
 tests/mangled-numbers-abort | 42 +++++++++++++++++++++++++++++++++++++
 4 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 tests/mangled-numbers-abort

diff --git a/NEWS b/NEWS
index fa2c518..0e2b574 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,4 @@
+* Patch no longer gets a failed assertion for certain mangled patches.
 * Patch now ignores destination file names that are absolute or that contain
   a component of "..".  This addresses CVE-2010-4651,
 * Support for most features of the "diff --git" format: renames and copies,
diff --git a/src/pch.c b/src/pch.c
index d07c1aa..6909850 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -1513,7 +1513,9 @@ another_hunk (enum diff difftype, bool rev)
 	p_suffix_context = ((ptrn_suffix_context != -1
 			     && ptrn_suffix_context < context)
 			    ? ptrn_suffix_context : context);
-	assert (p_prefix_context != -1 && p_suffix_context != -1);
+	if (p_prefix_context == -1 || p_suffix_context == -1)
+	    fatal ("replacement text or line numbers mangled in hunk at line %s",
+		   format_linenum (numbuf0, p_hunk_beg));
 
 	if (difftype == CONTEXT_DIFF
 	    && (fillcnt
diff --git a/tests/Makefile.am b/tests/Makefile.am
index de8862c..f29d68e 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -36,6 +36,7 @@ TESTS = \
 	inname \
 	line-numbers \
 	merge \
+	mangled-numbers-abort \
 	munged-context-format \
 	need-filename \
 	no-newline-triggers-assert \
diff --git a/tests/mangled-numbers-abort b/tests/mangled-numbers-abort
new file mode 100644
index 0000000..1e1cde9
--- /dev/null
+++ b/tests/mangled-numbers-abort
@@ -0,0 +1,42 @@
+# Copyright (C) 2011 Free Software Foundation, Inc.
+#
+# Copying and distribution of this file, with or without modification,
+# in any medium, are permitted without royalty provided the copyright
+# notice and this notice are preserved.
+
+. $srcdir/test-lib.sh
+
+require_cat
+use_local_patch
+use_tmpdir
+
+# ==============================================================
+# Regression test for a failed assertion.
+# Based on a report from Gabriel Vlasiu via Tim Waugh
+# in http://bugzilla.redhat.com/738959
+
+seq 1 7 > a
+
+cat > bogus.diff <<EOF
+*** p
+--- p
+***************
+*** 405,409 ****
+--- 405,407 ----
+  a
+  b
+  c
++ d
+  x
+  y
+  z
+EOF
+
+# Before v2.6.1-148, this would trigger the failed assertion:
+# pch.c:1516: another_hunk: Assertion `p_prefix_context != -1 \
+# && p_suffix_context != -1' failed.
+
+check 'patch a < bogus.diff; echo "Status: $?"' <<EOF
+$PATCH: **** replacement text or line numbers mangled in hunk at line 4
+Status: 2
+EOF