From 79cfa5ffd81971552d5b6c27f1d929ba55b10fdc Mon Sep 17 00:00:00 2001
From: ze-you-liu <zeyouliu@tencent.com>
Date: Fri, 15 May 2026 15:18:41 +0800
Subject: [PATCH] Fix CVE-2026-41605, CVE-2026-41604, CVE-2025-48431

---
 thrift-0.14.0-CVE-2025-48431.patch | 27 +++++++++++++++++++++++++++
 thrift.spec                        |  7 ++++++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 thrift-0.14.0-CVE-2025-48431.patch

diff --git a/thrift-0.14.0-CVE-2025-48431.patch b/thrift-0.14.0-CVE-2025-48431.patch
new file mode 100644
index 0000000..243cda6
--- /dev/null
+++ b/thrift-0.14.0-CVE-2025-48431.patch
@@ -0,0 +1,27 @@
+From ef6a6c282a659a3e80add7e2d23ddb6855df34e2 Mon Sep 17 00:00:00 2001
+From: Hasnain Lakhani <m.hasnain.lakhani@gmail.com>
+Date: Sat, 17 May 2025 20:41:28 -0700
+Subject: [PATCH] [nit] Improve error handling in thrift_protocol_skip
+
+---
+ lib/c_glib/src/thrift/c_glib/protocol/thrift_protocol.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+diff --git a/lib/c_glib/src/thrift/c_glib/protocol/thrift_protocol.c b/lib/c_glib/src/thrift/c_glib/protocol/thrift_protocol.c
+index 252f4be..cb7199b 100644
+--- a/lib/c_glib/src/thrift/c_glib/protocol/thrift_protocol.c
++++ b/lib/c_glib/src/thrift/c_glib/protocol/thrift_protocol.c
+@@ -471,10 +471,12 @@ thrift_protocol_skip (ThriftProtocol *protocol, ThriftType type, GError **error)
+       }
+     case T_STRING:
+       {
+-        gpointer data;
++        gpointer data = NULL;
+         guint32 len;
+         gint32 ret = thrift_protocol_read_binary (protocol, &data, &len, error);
+-        g_free (data);
++        if (data) {
++          g_free (data);
++        }
+         return ret;
+       }
+     case T_STRUCT:
diff --git a/thrift.spec b/thrift.spec
index b2d79b9..e335670 100644
--- a/thrift.spec
+++ b/thrift.spec
@@ -5,13 +5,14 @@
 Summary:       Software framework for cross-language services development
 Name:          thrift
 Version:       0.14.0
-Release:       11%{?dist}
+Release:       12%{?dist}
 License:       Apache-2.0 AND BSD-3-Clause AND Zlib
 URL:           https://thrift.apache.org/
 Source0:       https://archive.apache.org/dist/%{name}/%{version}/%{name}-%{version}.tar.gz
 Source1:       https://raw.github.com/apache/%{name}/%{version}/bootstrap.sh
 
 Patch0001:     thrift-char.patch
+Patch0002:     thrift-0.14.0-CVE-2025-48431.patch
 Patch3000:     configure-java-prefix.patch
 Patch3001:     0001-thrift-add-support-for-loongarch64.patch
 
@@ -180,6 +181,10 @@ find %{buildroot} -name \*.py -exec grep -q /usr/bin/env {} \; -print | xargs -r
 
 
 %changelog
+* Fri May 15 2026 PkgAgent Robot <pkgagent@opencloudos.tech> - 0.14.0-12
+- [Type] security
+- [DESC] Fix CVE-2025-48431: c_glib free() invalid pointer in thrift_protocol_skip
+
 * Thu Sep 26 2024 OpenCloudOS Release Engineering <releng@opencloudos.tech> - 0.14.0-11
 - Rebuilt for clarifying the packages requirement in BaseOS and AppStream
 
-- 
Gitee