Browse Source

Merge pull request #11592 from nxhack/icu_66_1

icu: update to 66.1 & fix CVE-2020-10531
lilik-openwrt-22.03
Rosen Penev 5 years ago
committed by GitHub
parent
commit
c8d7a48a5d
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 123 additions and 3 deletions
  1. +5
    -3
      libs/icu/Makefile
  2. +118
    -0
      libs/icu/patches/020-ICU-20958_CVE-2020-10531.patch

+ 5
- 3
libs/icu/Makefile View File

@ -8,14 +8,14 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=icu4c
MAJOR_VERSION:=65
MAJOR_VERSION:=66
MINOR_VERSION:=1
PKG_VERSION:=$(MAJOR_VERSION).$(MINOR_VERSION)
PKG_RELEASE:=2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(MAJOR_VERSION)_$(MINOR_VERSION)-src.tgz
PKG_SOURCE_URL:=https://github.com/unicode-org/icu/releases/download/release-$(MAJOR_VERSION)-$(MINOR_VERSION)
PKG_HASH:=53e37466b3d6d6d01ead029e3567d873a43a5d1c668ed2278e253b683136d948
PKG_HASH:=52a3f2209ab95559c1cf0a14f24338001f389615bf00e2585ef3dbc43ecf0a2e
PKG_LICENSE:=ICU
PKG_LICENSE_FILES:=LICENSE
@ -137,6 +137,8 @@ define Host/Install
$(INSTALL_BIN) $(HOST_BUILD_DIR)/bin/icupkg $(STAGING_DIR_HOSTPKG)/share/icu/$(PKG_VERSION)/bin/
$(INSTALL_BIN) $(HOST_BUILD_DIR)/bin/pkgdata $(STAGING_DIR_HOSTPKG)/share/icu/$(PKG_VERSION)/bin/
$(CP) $(HOST_BUILD_DIR)/lib/*.so* $(STAGING_DIR_HOSTPKG)/share/icu/$(PKG_VERSION)/lib/
$(RM) $(STAGING_DIR_HOSTPKG)/share/icu/current
(cd $(STAGING_DIR_HOSTPKG)/share/icu;$(LN) $(PKG_VERSION) current)
endef
define Package/icu/install


+ 118
- 0
libs/icu/patches/020-ICU-20958_CVE-2020-10531.patch View File

@ -0,0 +1,118 @@
From 1d824ede675782fcf9367e4bbcba1d998cdc33f1 Mon Sep 17 00:00:00 2001
From: Frank Tang <ftang@chromium.org>
Date: Sat, 1 Feb 2020 02:39:04 +0000
Subject: [PATCH] ICU-20958 Prevent SEGV_MAPERR in append
See #971
---
icu4c/source/common/unistr.cpp | 6 ++-
icu4c/source/test/intltest/ustrtest.cpp | 62 +++++++++++++++++++++++++
icu4c/source/test/intltest/ustrtest.h | 1 +
3 files changed, 68 insertions(+), 1 deletion(-)
diff --git a/icu4c/source/common/unistr.cpp b/icu4c/source/common/unistr.cpp
index 901bb3358ba..077b4d6ef20 100644
--- a/common/unistr.cpp
+++ b/common/unistr.cpp
@@ -1563,7 +1563,11 @@ UnicodeString::doAppend(const UChar *srcChars, int32_t srcStart, int32_t srcLeng
}
int32_t oldLength = length();
- int32_t newLength = oldLength + srcLength;
+ int32_t newLength;
+ if (uprv_add32_overflow(oldLength, srcLength, &newLength)) {
+ setToBogus();
+ return *this;
+ }
// Check for append onto ourself
const UChar* oldArray = getArrayStart();
diff --git a/icu4c/source/test/intltest/ustrtest.cpp b/icu4c/source/test/intltest/ustrtest.cpp
index b6515ea813c..ad38bdf53a3 100644
--- a/test/intltest/ustrtest.cpp
+++ b/test/intltest/ustrtest.cpp
@@ -67,6 +67,7 @@ void UnicodeStringTest::runIndexedTest( int32_t index, UBool exec, const char* &
TESTCASE_AUTO(TestWCharPointers);
TESTCASE_AUTO(TestNullPointers);
TESTCASE_AUTO(TestUnicodeStringInsertAppendToSelf);
+ TESTCASE_AUTO(TestLargeAppend);
TESTCASE_AUTO_END;
}
@@ -2310,3 +2311,64 @@ void UnicodeStringTest::TestUnicodeStringInsertAppendToSelf() {
str.insert(2, sub);
assertEquals("", u"abbcdcde", str);
}
+
+void UnicodeStringTest::TestLargeAppend() {
+ if(quick) return;
+
+ IcuTestErrorCode status(*this, "TestLargeAppend");
+ // Make a large UnicodeString
+ int32_t len = 0xAFFFFFF;
+ UnicodeString str;
+ char16_t *buf = str.getBuffer(len);
+ // A fast way to set buffer to valid Unicode.
+ // 4E4E is a valid unicode character
+ uprv_memset(buf, 0x4e, len * 2);
+ str.releaseBuffer(len);
+ UnicodeString dest;
+ // Append it 16 times
+ // 0xAFFFFFF times 16 is 0xA4FFFFF1,
+ // which is greater than INT32_MAX, which is 0x7FFFFFFF.
+ int64_t total = 0;
+ for (int32_t i = 0; i < 16; i++) {
+ dest.append(str);
+ total += len;
+ if (total <= INT32_MAX) {
+ assertFalse("dest is not bogus", dest.isBogus());
+ } else {
+ assertTrue("dest should be bogus", dest.isBogus());
+ }
+ }
+ dest.remove();
+ total = 0;
+ for (int32_t i = 0; i < 16; i++) {
+ dest.append(str);
+ total += len;
+ if (total + len <= INT32_MAX) {
+ assertFalse("dest is not bogus", dest.isBogus());
+ } else if (total <= INT32_MAX) {
+ // Check that a string of exactly the maximum size works
+ UnicodeString str2;
+ int32_t remain = INT32_MAX - total;
+ char16_t *buf2 = str2.getBuffer(remain);
+ if (buf2 == nullptr) {
+ // if somehow memory allocation fail, return the test
+ return;
+ }
+ uprv_memset(buf2, 0x4e, remain * 2);
+ str2.releaseBuffer(remain);
+ dest.append(str2);
+ total += remain;
+ assertEquals("When a string of exactly the maximum size works", (int64_t)INT32_MAX, total);
+ assertEquals("When a string of exactly the maximum size works", INT32_MAX, dest.length());
+ assertFalse("dest is not bogus", dest.isBogus());
+
+ // Check that a string size+1 goes bogus
+ str2.truncate(1);
+ dest.append(str2);
+ total++;
+ assertTrue("dest should be bogus", dest.isBogus());
+ } else {
+ assertTrue("dest should be bogus", dest.isBogus());
+ }
+ }
+}
diff --git a/icu4c/source/test/intltest/ustrtest.h b/icu4c/source/test/intltest/ustrtest.h
index 218befdcc68..4a356a92c7a 100644
--- a/test/intltest/ustrtest.h
+++ b/test/intltest/ustrtest.h
@@ -97,6 +97,7 @@ class UnicodeStringTest: public IntlTest {
void TestWCharPointers();
void TestNullPointers();
void TestUnicodeStringInsertAppendToSelf();
+ void TestLargeAppend();
};
#endif

Loading…
Cancel
Save