--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/mpfr/patches/002-CVE-2014-9474-strtofr.c.patch Wed Jan 28 11:07:54 2015 -0800
@@ -0,0 +1,18 @@
+# Original patch for libmpfr 3.1.2 is here:
+# http://www.mpfr.org/mpfr-3.1.2/patch11
+# Backported to libmpfr 2.4.2.
+--- strtofr.c 2009-11-29 18:43:08.000000000 -0800
++++ strtofr.c 2015-01-23 11:30:29.242406530 -0800
+@@ -464,8 +464,10 @@
+ /* prec bits corresponds to ysize limbs */
+ ysize_bits = ysize * BITS_PER_MP_LIMB;
+ /* and to ysize_bits >= prec > MPFR_PREC (x) bits */
+- y = (mp_limb_t*) MPFR_TMP_ALLOC ((2 * ysize + 1) * sizeof (mp_limb_t));
+- y += ysize; /* y has (ysize+1) allocated limbs */
++ /* we need to allocate one more limb to work around
++ * https://gmplib.org/list-archives/gmp-bugs/2013-December/003267.html */
++ y = (mp_limb_t*) MPFR_TMP_ALLOC ((2 * ysize + 2) * sizeof (mp_limb_t));
++ y += ysize; /* y has (ysize+2) allocated limbs */
+
+ /* pstr_size is the number of characters we read in pstr->mant
+ to have at least ysize full limbs.