Fix some errors in oss-fuzz build

Compare-variant_name-with-vimonly-if-long-enough.patch

@@ -0,0 +1,26 @@
+From c9ca77a4d415b838810fb22f85c728d211433197 Mon Sep 17 00:00:00 2001
+From: "Reece H. Dunn" <msclrhd@gmail.com>
+Date: Wed, 21 Mar 2018 21:16:08 +0000
+Subject: [PATCH] Compare variant_name with "!v" only if long enough
+
+Various places call SetVoiceStack with "" for the variant_name. This
+causes -fsanitize=address to fail with an overflow as the call to
+memcmp is checking the first 2 bytes, and there is only 1 byte
+available.
+---
+ src/libespeak-ng/readclause.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libespeak-ng/readclause.c b/src/libespeak-ng/readclause.c
+index 52362de44..26bc35b96 100644
+--- a/src/libespeak-ng/readclause.c
++++ b/src/libespeak-ng/readclause.c
+@@ -599,7 +599,7 @@ void SetVoiceStack(espeak_VOICE *v, const char *variant_name)
+ 	sp->voice_age = v->age;
+ 	sp->voice_gender = v->gender;
+ 
+-	if (memcmp(variant_name, "!v", 2) == 0)
++	if (strlen(variant_name) >= 2 && memcmp(variant_name, "!v", 2) == 0)
+ 		variant_name += 3; // strip variant directory name, !v plus PATHSEP
+ 	strncpy0(base_voice_variant_name, variant_name, sizeof(base_voice_variant_name));
+ 	memcpy(&base_voice, &current_voice_selected, sizeof(base_voice));

Copy-name-in-LoadDictionary-if-not-dictionary_name.patch

@@ -0,0 +1,30 @@
+From b60d2452c34ac6ebf01a3c09c17193b8c8e2a3fd Mon Sep 17 00:00:00 2001
+From: "Reece H. Dunn" <msclrhd@gmail.com>
+Date: Wed, 21 Mar 2018 20:37:44 +0000
+Subject: [PATCH] Copy name in LoadDictionary if not dictionary_name
+
+compiledict.c sets dict_name to dictionary_name if dict_name is
+not set, and passes that to LoadDictionary. LoadDictionary then
+copies the passed in name to dictionary_name.
+
+This causes -fsanitize=address to fail with overlapping memory
+addresses passed to strncpy (copying the string to itself). As
+such, don't copy the name in this case.
+---
+ src/libespeak-ng/dictionary.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/libespeak-ng/dictionary.c b/src/libespeak-ng/dictionary.c
+index f6bdf1823..5d1f44ba0 100644
+--- a/src/libespeak-ng/dictionary.c
++++ b/src/libespeak-ng/dictionary.c
+@@ -201,7 +201,8 @@ int LoadDictionary(Translator *tr, const char *name, int no_error)
+ 	int size;
+ 	char fname[sizeof(path_home)+20];
+ 
+-	strncpy(dictionary_name, name, 40); // currently loaded dictionary name
++	if (dictionary_name != name)
++		strncpy(dictionary_name, name, 40); // currently loaded dictionary name
+ 	strncpy(tr->dictionary_name, name, 40);
+ 
+ 	// Load a pronunciation data file into memory

Fix-running-the-tests-with-fsanitize-address.patch

@@ -0,0 +1,184 @@
+From da95f5d5c7275f6ea72110cf768939351424f18a Mon Sep 17 00:00:00 2001
+From: "Reece H. Dunn" <msclrhd@gmail.com>
+Date: Mon, 20 Aug 2018 18:48:51 +0100
+Subject: [PATCH 1/4] Update the Unicode Data Files license.
+
+---
+ COPYING.UCD | 40 +++++++++++++++++++++++++++++-----------
+ 1 file changed, 29 insertions(+), 11 deletions(-)
+
+diff --git a/COPYING.UCD b/COPYING.UCD
+index 51608df18..38ff09a13 100644
+--- a/COPYING.UCD
++++ b/COPYING.UCD
+@@ -1,8 +1,29 @@
++Unicode Data Files include all data files under the directories
++http://www.unicode.org/Public/, http://www.unicode.org/reports/,
++http://www.unicode.org/cldr/data/, http://source.icu-project.org/repos/icu/, and
++http://www.unicode.org/utility/trac/browser/.
++
++Unicode Data Files do not include PDF online code charts under the
++directory http://www.unicode.org/Public/.
++
++Software includes any source code published in the Unicode Standard
++or under the directories
++http://www.unicode.org/Public/, http://www.unicode.org/reports/,
++http://www.unicode.org/cldr/data/, http://source.icu-project.org/repos/icu/, and
++http://www.unicode.org/utility/trac/browser/.
++
++NOTICE TO USER: Carefully read the following legal agreement.
++BY DOWNLOADING, INSTALLING, COPYING OR OTHERWISE USING UNICODE INC.'S
++DATA FILES ("DATA FILES"), AND/OR SOFTWARE ("SOFTWARE"),
++YOU UNEQUIVOCALLY ACCEPT, AND AGREE TO BE BOUND BY, ALL OF THE
++TERMS AND CONDITIONS OF THIS AGREEMENT.
++IF YOU DO NOT AGREE, DO NOT DOWNLOAD, INSTALL, COPY, DISTRIBUTE OR USE
++THE DATA FILES OR SOFTWARE.
++
+ COPYRIGHT AND PERMISSION NOTICE
+ 
+-Copyright © 1991-2014 Unicode, Inc. All rights reserved.
+-Distributed under the Terms of Use in 
+-http://www.unicode.org/copyright.html.
++Copyright © 1991-2018 Unicode, Inc. All rights reserved.
++Distributed under the Terms of Use in http://www.unicode.org/copyright.html.
+ 
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of the Unicode data files and any associated documentation
+@@ -11,14 +32,11 @@ a copy of the Unicode data files and any associated documentation
+ without restriction, including without limitation the rights to use,
+ copy, modify, merge, publish, distribute, and/or sell copies of
+ the Data Files or Software, and to permit persons to whom the Data Files
+-or Software are furnished to do so, provided that
+-(a) this copyright and permission notice appear with all copies 
+-of the Data Files or Software,
+-(b) this copyright and permission notice appear in associated 
+-documentation, and
+-(c) there is clear notice in each modified Data File or in the Software
+-as well as in the documentation associated with the Data File(s) or
+-Software that the data or software has been modified.
++or Software are furnished to do so, provided that either
++(a) this copyright and permission notice appear with all copies
++of the Data Files or Software, or
++(b) this copyright and permission notice appear in associated
++Documentation.
+ 
+ THE DATA FILES AND SOFTWARE ARE PROVIDED "AS IS", WITHOUT WARRANTY OF
+ ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
+
+From 1a895f37b9cb868234a2278a410a234259b08905 Mon Sep 17 00:00:00 2001
+From: "Reece H. Dunn" <msclrhd@gmail.com>
+Date: Tue, 4 May 2021 17:51:28 +0100
+Subject: [PATCH 2/4] Fix running the tests with -fsanitize=address.
+
+---
+ src/case.c    | 8 ++++----
+ tools/case.py | 6 +++---
+ 2 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/src/ucd-tools/src/case.c b/src/ucd-tools/src/case.c
+index 04c9736af..b11c869c5 100644
+--- a/src/ucd-tools/src/case.c
++++ b/src/ucd-tools/src/case.c
+@@ -1,6 +1,6 @@
+ /* Unicode Case Conversion
+  *
+- * Copyright (C) 2012-2016 Reece H. Dunn
++ * Copyright (C) 2012-2018, 2021 Reece H. Dunn
+  *
+  * This file is part of ucd-tools.
+  *
+@@ -2664,7 +2664,7 @@ static const struct case_conversion_entry case_conversion_data[] =
+ codepoint_t ucd_toupper(codepoint_t c)
+ {
+ 	int begin = 0;
+-	int end   = sizeof(case_conversion_data)/sizeof(case_conversion_data[0]);
++	int end   = sizeof(case_conversion_data)/sizeof(case_conversion_data[0]) - 1;
+ 	while (begin <= end)
+ 	{
+ 		int pos = (begin + end) / 2;
+@@ -2682,7 +2682,7 @@ codepoint_t ucd_toupper(codepoint_t c)
+ codepoint_t ucd_tolower(codepoint_t c)
+ {
+ 	int begin = 0;
+-	int end   = sizeof(case_conversion_data)/sizeof(case_conversion_data[0]);
++	int end   = sizeof(case_conversion_data)/sizeof(case_conversion_data[0]) - 1;
+ 	while (begin <= end)
+ 	{
+ 		int pos = (begin + end) / 2;
+@@ -2700,7 +2700,7 @@ codepoint_t ucd_tolower(codepoint_t c)
+ codepoint_t ucd_totitle(codepoint_t c)
+ {
+ 	int begin = 0;
+-	int end   = sizeof(case_conversion_data)/sizeof(case_conversion_data[0]);
++	int end   = sizeof(case_conversion_data)/sizeof(case_conversion_data[0]) - 1;
+ 	while (begin <= end)
+ 	{
+ 		int pos = (begin + end) / 2;
+diff --git a/src/ucd-tools/tools/case.py b/src/ucd-tools/tools/case.py
+index 9daa57409..33cd54721 100755
+--- a/src/ucd-tools/tools/case.py
++++ b/src/ucd-tools/tools/case.py
+@@ -1,6 +1,6 @@
+ #!/usr/bin/python
+ 
+-# Copyright (C) 2012-2016 Reece H. Dunn
++# Copyright (C) 2012-2018, 2021 Reece H. Dunn
+ #
+ # This file is part of ucd-tools.
+ #
+@@ -33,7 +33,7 @@
+ if __name__ == '__main__':
+ 	sys.stdout.write("""/* Unicode Case Conversion
+  *
+- * Copyright (C) 2012-2016 Reece H. Dunn
++ * Copyright (C) 2012-2018, 2021 Reece H. Dunn
+  *
+  * This file is part of ucd-tools.
+  *
+@@ -83,7 +83,7 @@
+ 		sys.stdout.write('codepoint_t ucd_to%s(codepoint_t c)\n' % case)
+ 		sys.stdout.write('{\n')
+ 		sys.stdout.write('\tint begin = 0;\n')
+-		sys.stdout.write('\tint end   = sizeof(case_conversion_data)/sizeof(case_conversion_data[0]);\n')
++		sys.stdout.write('\tint end   = sizeof(case_conversion_data)/sizeof(case_conversion_data[0]) - 1;\n')
+ 		sys.stdout.write('\twhile (begin <= end)\n')
+ 		sys.stdout.write('\t{\n')
+ 		sys.stdout.write('\t\tint pos = (begin + end) / 2;\n')
+
+From 2b2eac1d8bede4956b1c2aa51d418a956583801e Mon Sep 17 00:00:00 2001
+From: "Reece H. Dunn" <msclrhd@gmail.com>
+Date: Tue, 4 May 2021 17:54:15 +0100
+Subject: [PATCH 3/4] Fix the note in case.py/case.c.
+
+---
+ src/case.c    | 2 +-
+ tools/case.py | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/ucd-tools/src/case.c b/src/ucd-tools/src/case.c
+index b11c869c5..dd17dc4ff 100644
+--- a/src/ucd-tools/src/case.c
++++ b/src/ucd-tools/src/case.c
+@@ -19,7 +19,7 @@
+  */
+ 
+ /* NOTE: This file is automatically generated from the UnicodeData.txt file in
+- * the Unicode Character database by the ucd-tools/tools/categories.py script.
++ * the Unicode Character database by the ucd-tools/tools/case.py script.
+  */
+ 
+ #include "ucd/ucd.h"
+diff --git a/src/ucd-tools/tools/case.py b/src/ucd-tools/tools/case.py
+index 33cd54721..b6d15efd0 100755
+--- a/src/ucd-tools/tools/case.py
++++ b/src/ucd-tools/tools/case.py
+@@ -52,7 +52,7 @@
+  */
+ 
+ /* NOTE: This file is automatically generated from the UnicodeData.txt file in
+- * the Unicode Character database by the ucd-tools/tools/categories.py script.
++ * the Unicode Character database by the ucd-tools/tools/case.py script.
+  */
+ 
+ #include "ucd/ucd.h"
+

Simplify-the-vimcomparison-and-check-PATHSEP.patch

@@ -0,0 +1,34 @@
+From 444e4544d24632d5ba6ce90bb14c12d80fbb006e Mon Sep 17 00:00:00 2001
+From: "Reece H. Dunn" <msclrhd@gmail.com>
+Date: Wed, 21 Mar 2018 21:24:03 +0000
+Subject: [PATCH] Simplify the !v comparison and check PATHSEP
+
+SetVoiceStack looks for "!v" in variant_name and skips the first
+three characters if "!v" is found. The problem here is that it
+does not check that the third character is the path separator, so
+may advance into unknown memory if variant_name is exactly "!v".
+
+This fixes that problem by checking for the path separator. It
+also simplifies the logic by checking the bytes explicitly.
+
+NOTE: This is not strictly needed, as the only code paths this is
+relevant for is in espeak_ng_SetVoiceByName, and the variant name
+comes from ExtractVoiceVariantName, which sets up the variant name
+correctly.
+---
+ src/libespeak-ng/readclause.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libespeak-ng/readclause.c b/src/libespeak-ng/readclause.c
+index 26bc35b96..aa884d59e 100644
+--- a/src/libespeak-ng/readclause.c
++++ b/src/libespeak-ng/readclause.c
+@@ -599,7 +599,7 @@ void SetVoiceStack(espeak_VOICE *v, const char *variant_name)
+ 	sp->voice_age = v->age;
+ 	sp->voice_gender = v->gender;
+ 
+-	if (strlen(variant_name) >= 2 && memcmp(variant_name, "!v", 2) == 0)
++	if (variant_name[0] == '!' && variant_name[1] == 'v' && variant_name[2] == PATHSEP)
+ 		variant_name += 3; // strip variant directory name, !v plus PATHSEP
+ 	strncpy0(base_voice_variant_name, variant_name, sizeof(base_voice_variant_name));
+ 	memcpy(&base_voice, &current_voice_selected, sizeof(base_voice));

espeak-ng.spec

@@ -1,6 +1,6 @@
 Name:           espeak-ng
 Version:        1.49.2
-Release:        5
+Release:        6
 Summary:        eSpeak NG is an open source speech synthesizer
 License:        GPLv3+
 URL:            https://github.com/espeak-ng/espeak-ng
@@ -9,6 +9,11 @@ BuildRequires:  make autoconf automake libtool pkgconfig rubygem-ronn rubygem-kr
 Provides:       espeak-ng-vim = %{version}-%{release}
 Obsoletes:      espeak-ng-vim < %{version}-%{release}
 
+Patch0001:      Fix-running-the-tests-with-fsanitize-address.patch
+Patch0002:      Copy-name-in-LoadDictionary-if-not-dictionary_name.patch
+Patch0003:      Compare-variant_name-with-vimonly-if-long-enough.patch
+Patch0004:      Simplify-the-vimcomparison-and-check-PATHSEP.patch
+
 %description
 The eSpeak NG is a compact open source software text-to-speech synthesizer for
 Linux, Windows, Android and other operating systems. It supports 70 languages
@@ -32,7 +37,7 @@ Obsoletes:      espeak-ng-doc < %{version}-%{release}
 Documentation for espeak-ng.
 
 %prep
-%autosetup -n espeak-ng-%{version}
+%autosetup -n espeak-ng-%{version} -p1
 rm -rf src/include/compat/endian.h src/compat/getopt.c android/
 %build
 ./autogen.sh
@@ -73,5 +78,8 @@ ESPEAK_DATA_PATH=`pwd` LD_LIBRARY_PATH=src:${LD_LIBRARY_PATH} src/espeak-ng ...
 %{_mandir}/man1/{speak-ng.1.gz,espeak-ng.1.gz}
 
 %changelog
+* Thu Jun 17 2021 lingsheng <lingsheng@huawei.com> - 1.49.2-6
+- Fix some errors in oss-fuzz build
+
 * Tue Dec 3 2019 Ling Yang <lingyang2@huawei.com> - 1.49.2-5
 - Package init