fix undefined behavior leading to crash (rhbz #2119478)

aria2.spec

@@ -2,7 +2,7 @@
 
 Name:           aria2
 Version:        1.36.0
-Release:        5%{?dist}
+Release:        6%{?dist}
 Summary:        High speed download utility with resuming and segmented downloading
 License:        GPLv2+ with exceptions
 URL:            http://aria2.github.io/
@@ -79,6 +79,9 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/%{name}
 %{_mandir}/*/man1/aria2c.1.gz
 
 %changelog
+* Sat Oct 28 2023 Neil Hanlon <neil@shrug.pw> - 1.36.0-6
+- resolves crash due to undefined behavior in GZipEncoder (rhbz #2119478)
+
 * Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.36.0-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
 

fix-undefined-gzipencoder-42038422f6f.patch

@@ -0,0 +1,24 @@
+From 42038422f6f43926d4103c27587b5db60ebde747 Mon Sep 17 00:00:00 2001
+From: Nikita Ofitserov <himikof@gmail.com>
+Date: Wed, 24 Aug 2022 17:28:04 +0300
+Subject: [PATCH] Fix undefined behavior/crash in GZipEncoder
+
+When the output buffer is full, outbuf[produced] references past the buffer end, leading to UB and a possible assertion failure.
+Fixes #1968, #1964
+---
+ src/GZipEncoder.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/GZipEncoder.cc b/src/GZipEncoder.cc
+index 884485ee4..41cfce5ae 100644
+--- a/src/GZipEncoder.cc
++++ b/src/GZipEncoder.cc
+@@ -87,7 +87,7 @@ std::string GZipEncoder::encode(const unsigned char* in, size_t length,
+       throw DL_ABORT_EX(fmt("libz::deflate() failed. cause:%s", strm_->msg));
+     }
+     size_t produced = outbuf.size() - strm_->avail_out;
+-    out.append(&outbuf[0], &outbuf[produced]);
++    out.append(outbuf.data(), outbuf.data() + produced);
+     if (strm_->avail_out > 0) {
+       break;
+     }