openeuler-ci-bot
Gitee
commit
558ce30918
@ -1,114 +0,0 @@
|
||||
Backported of:
|
||||
|
||||
From b7d08bc04a4296982fcef8b6b8a354a9e4e7afca Mon Sep 17 00:00:00 2001
|
||||
From: Frank Tang <ftang@chromium.org>
|
||||
Date: Sat, 1 Feb 2020 02:39:04 +0000
|
||||
Subject: [PATCH] ICU-20958 Prevent SEGV_MAPERR in append
|
||||
|
||||
See #971
|
||||
diff --git a/source/common/unistr.cpp b/source/common/unistr.cpp
|
||||
index 1bfb71a..e8a7f12 100644
|
||||
--- a/source/common/unistr.cpp
|
||||
+++ b/source/common/unistr.cpp
|
||||
@@ -1546,7 +1557,11 @@ UnicodeString::doAppend(const UChar *srcChars, int32_t srcStart, int32_t srcLeng
|
||||
}
|
||||
|
||||
int32_t oldLength = length();
|
||||
- int32_t newLength = oldLength + srcLength;
|
||||
+ int32_t newLength;
|
||||
+ if (uprv_add32_overflow(oldLength, srcLength, &newLength)) {
|
||||
+ setToBogus();
|
||||
+ return *this;
|
||||
+ }
|
||||
// optimize append() onto a large-enough, owned string
|
||||
if((newLength <= getCapacity() && isBufferWritable()) ||
|
||||
cloneArrayIfNeeded(newLength, getGrowCapacity(newLength))) {
|
||||
diff --git a/source/test/intltest/ustrtest.cpp b/source/test/intltest/ustrtest.cpp
|
||||
index b361e20..9b613d3 100644
|
||||
--- a/source/test/intltest/ustrtest.cpp
|
||||
+++ b/source/test/intltest/ustrtest.cpp
|
||||
@@ -64,6 +64,7 @@ void UnicodeStringTest::runIndexedTest( int32_t index, UBool exec, const char* &
|
||||
TESTCASE_AUTO(TestUInt16Pointers);
|
||||
TESTCASE_AUTO(TestWCharPointers);
|
||||
TESTCASE_AUTO(TestNullPointers);
|
||||
+ TESTCASE_AUTO(TestLargeAppend);
|
||||
TESTCASE_AUTO_END;
|
||||
}
|
||||
|
||||
@@ -2253,3 +2254,64 @@ UnicodeStringTest::TestNullPointers() {
|
||||
UnicodeString(u"def").extract(nullptr, 0, errorCode);
|
||||
assertEquals("buffer overflow extracting to nullptr", U_BUFFER_OVERFLOW_ERROR, errorCode);
|
||||
}
|
||||
+
|
||||
+void UnicodeStringTest::TestLargeAppend() {
|
||||
+ if(quick) return;
|
||||
+
|
||||
+ IcuTestErrorCode status(*this, "TestLargeAppend");
|
||||
+ // Make a large UnicodeString
|
||||
+ int32_t len = 0xAFFFFFF;
|
||||
+ UnicodeString str;
|
||||
+ char16_t *buf = str.getBuffer(len);
|
||||
+ // A fast way to set buffer to valid Unicode.
|
||||
+ // 4E4E is a valid unicode character
|
||||
+ uprv_memset(buf, 0x4e, len * 2);
|
||||
+ str.releaseBuffer(len);
|
||||
+ UnicodeString dest;
|
||||
+ // Append it 16 times
|
||||
+ // 0xAFFFFFF times 16 is 0xA4FFFFF1,
|
||||
+ // which is greater than INT32_MAX, which is 0x7FFFFFFF.
|
||||
+ int64_t total = 0;
|
||||
+ for (int32_t i = 0; i < 16; i++) {
|
||||
+ dest.append(str);
|
||||
+ total += len;
|
||||
+ if (total <= INT32_MAX) {
|
||||
+ assertFalse("dest is not bogus", dest.isBogus());
|
||||
+ } else {
|
||||
+ assertTrue("dest should be bogus", dest.isBogus());
|
||||
+ }
|
||||
+ }
|
||||
+ dest.remove();
|
||||
+ total = 0;
|
||||
+ for (int32_t i = 0; i < 16; i++) {
|
||||
+ dest.append(str);
|
||||
+ total += len;
|
||||
+ if (total + len <= INT32_MAX) {
|
||||
+ assertFalse("dest is not bogus", dest.isBogus());
|
||||
+ } else if (total <= INT32_MAX) {
|
||||
+ // Check that a string of exactly the maximum size works
|
||||
+ UnicodeString str2;
|
||||
+ int32_t remain = INT32_MAX - total;
|
||||
+ char16_t *buf2 = str2.getBuffer(remain);
|
||||
+ if (buf2 == nullptr) {
|
||||
+ // if somehow memory allocation fail, return the test
|
||||
+ return;
|
||||
+ }
|
||||
+ uprv_memset(buf2, 0x4e, remain * 2);
|
||||
+ str2.releaseBuffer(remain);
|
||||
+ dest.append(str2);
|
||||
+ total += remain;
|
||||
+ assertEquals("When a string of exactly the maximum size works", (int64_t)INT32_MAX, total);
|
||||
+ assertEquals("When a string of exactly the maximum size works", INT32_MAX, dest.length());
|
||||
+ assertFalse("dest is not bogus", dest.isBogus());
|
||||
+
|
||||
+ // Check that a string size+1 goes bogus
|
||||
+ str2.truncate(1);
|
||||
+ dest.append(str2);
|
||||
+ total++;
|
||||
+ assertTrue("dest should be bogus", dest.isBogus());
|
||||
+ } else {
|
||||
+ assertTrue("dest should be bogus", dest.isBogus());
|
||||
+ }
|
||||
+ }
|
||||
+}
|
||||
diff --git a/source/test/intltest/ustrtest.h b/source/test/intltest/ustrtest.h
|
||||
index 4ba348c..d2d5ee1 100644
|
||||
--- a/source/test/intltest/ustrtest.h
|
||||
+++ b/source/test/intltest/ustrtest.h
|
||||
@@ -96,6 +96,7 @@ public:
|
||||
void TestUInt16Pointers();
|
||||
void TestWCharPointers();
|
||||
void TestNullPointers();
|
||||
+ void TestLargeAppend();
|
||||
};
|
||||
|
||||
#endif
|
||||
@ -1,26 +0,0 @@
|
||||
From 35a6cf2313357f9b58e60a000ea3f1d22e21dd65 Mon Sep 17 00:00:00 2001
|
||||
From: songnannan2 <songnannan2@huawei.com>
|
||||
Date: Tue, 18 Feb 2020 23:42:45 +0800
|
||||
Subject: [PATCH] b
|
||||
|
||||
---
|
||||
icu/source/common/uloc_tag.cpp | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/icu/source/common/uloc_tag.cpp b/icu/source/common/uloc_tag.cpp
|
||||
index 87b9f63..6948e14 100644
|
||||
--- a/source/common/uloc_tag.cpp
|
||||
+++ b/source/common/uloc_tag.cpp
|
||||
@@ -1242,7 +1242,8 @@ _appendLDMLExtensionAsKeywords(const char* ldmlext, ExtensionListEntry** appendT
|
||||
attrBufIdx += (len + 1);
|
||||
} else {
|
||||
*status = U_ILLEGAL_ARGUMENT_ERROR;
|
||||
- goto cleanup;
|
||||
+ uprv_free(attr);
|
||||
+ goto cleanup;
|
||||
}
|
||||
|
||||
if (!_addAttributeToList(&attrFirst, attr)) {
|
||||
--
|
||||
2.19.1
|
||||
|
||||
17
icu.spec
17
icu.spec
@ -1,21 +1,18 @@
|
||||
Name: icu
|
||||
Version: 62.1
|
||||
Release: 5
|
||||
Version: 67.1
|
||||
Release: 1
|
||||
Summary: International Components for Unicode
|
||||
License: MIT and UCD and Public Domain
|
||||
URL: http://site.icu-project.org/
|
||||
Source0: https://github.com/unicode-org/icu/releases/download/release-63-2/icu4c-62_1-src.tgz
|
||||
Source0: https://github.com/unicode-org/icu/releases/download/release-67-1/icu4c-67_1-src.tgz
|
||||
Source1: icu-config.sh
|
||||
|
||||
BuildRequires: gcc gcc-c++ doxygen autoconf python2 icu libicu-devel
|
||||
BuildRequires: gcc gcc-c++ doxygen autoconf python2 libicu
|
||||
Requires: lib%{name} = %{version}-%{release}
|
||||
|
||||
Patch1: gennorm2-man.patch
|
||||
Patch2: icuinfo-man.patch
|
||||
|
||||
Patch6000: icu-fix-memory-leak.patch
|
||||
Patch6001: CVE-2020-10531.patch
|
||||
|
||||
%description
|
||||
Tools and utilities for developing with icu.
|
||||
|
||||
@ -27,7 +24,7 @@ libs package for icu
|
||||
e
|
||||
%package -n libicu-devel
|
||||
Summary: header files for libicu
|
||||
Requires: lib%{name} = %{version}-%{release} pkgconfig
|
||||
Requires: libicu = %{version}-%{release} pkgconfig
|
||||
|
||||
%description -n libicu-devel
|
||||
header files for libicu
|
||||
@ -78,6 +75,7 @@ chmod +x $RPM_BUILD_ROOT%{_libdir}/*.so.*
|
||||
)
|
||||
install -p -m755 -D %{SOURCE1} $RPM_BUILD_ROOT%{_bindir}/icu-config
|
||||
|
||||
cp -a %{_libdir}/libicu*.so.62* %{buildroot}%{_libdir}
|
||||
|
||||
%check
|
||||
if grep -q @VERSION@ source/tools/*/*.8 source/tools/*/*.1 source/config/*.1; then
|
||||
@ -129,6 +127,9 @@ LD_LIBRARY_PATH=lib:stubdata:tools/ctestfw:$LD_LIBRARY_PATH bin/uconv -l
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Jul 16 2020 hanhui <hanhui15@huawei.com> - 67.1
|
||||
- update to icu4c-67.1
|
||||
|
||||
* Fri Mar 20 2020 gulining <gulining1@huawei.com> - 62.1-5
|
||||
- fix CVE-2020-10531
|
||||
|
||||
|
||||
Binary file not shown.
Loading…
x
Reference in New Issue
Block a user