diff options
author | Eike Rathke <erack@redhat.com> | 2013-10-16 16:39:20 +0200 |
---|---|---|
committer | Caolán McNamara <caolanm@redhat.com> | 2013-10-17 15:53:32 +0000 |
commit | 640e86b4ba06a7c8381857d79627ec43416d72b3 (patch) | |
tree | 01f28707ff21c2fa5a87d582902324d2c914d78a | |
parent | 4bbded0631e37f30c09c95ea9f5b624aa91ccae6 (diff) |
Resolves: rhbz#1015594 CVE-2013-2924 use-after-free
Added icu4c.10318.CVE-2013-2924_changeset_34076_icu-49.patch from
https://ssl.icu-project.org/trac/changeset/34076 assigned to
https://ssl.icu-project.org/trac/ticket/10318
Backported to 4-0 and ICU 49 from
970eca0d3040dbf61a9c91943b4b1281fdbcf48c
Change-Id: I33ba5569919878123909d032a0ed7bed43a4c549
Reviewed-on: https://gerrit.libreoffice.org/6271
Reviewed-by: Björn Michaelsen <bjoern.michaelsen@canonical.com>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
-rw-r--r-- | icu/icu4c.10318.CVE-2013-2924_changeset_34076_icu-49.patch | 43 | ||||
-rw-r--r-- | icu/makefile.mk | 1 |
2 files changed, 44 insertions, 0 deletions
diff --git a/icu/icu4c.10318.CVE-2013-2924_changeset_34076_icu-49.patch b/icu/icu4c.10318.CVE-2013-2924_changeset_34076_icu-49.patch new file mode 100644 index 000000000000..360a96ca61f5 --- /dev/null +++ b/icu/icu4c.10318.CVE-2013-2924_changeset_34076_icu-49.patch @@ -0,0 +1,43 @@ +diff -ru orig.icu/source/i18n/csrucode.cpp icu/source/i18n/csrucode.cpp +--- misc/build/orig.icu/source/i18n/csrucode.cpp 2012-04-05 22:45:54.000000000 +0200 ++++ misc/build/icu/source/i18n/csrucode.cpp 2013-10-09 18:56:06.521791271 +0200 +@@ -1,6 +1,6 @@ + /* + ********************************************************************** +- * Copyright (C) 2005-2006, International Business Machines ++ * Copyright (C) 2005-2013, International Business Machines + * Corporation and others. All Rights Reserved. + ********************************************************************** + */ +@@ -31,8 +31,9 @@ + int32_t CharsetRecog_UTF_16_BE::match(InputText* textIn) + { + const uint8_t *input = textIn->fRawInput; ++ int32_t length = textIn->fRawLength; + +- if (input[0] == 0xFE && input[1] == 0xFF) { ++ if (length >=2 && input[0] == 0xFE && input[1] == 0xFF) { + return 100; + } + +@@ -53,8 +54,9 @@ + int32_t CharsetRecog_UTF_16_LE::match(InputText* textIn) + { + const uint8_t *input = textIn->fRawInput; ++ int32_t length = textIn->fRawLength; + +- if (input[0] == 0xFF && input[1] == 0xFE && (input[2] != 0x00 || input[3] != 0x00)) { ++ if (length >= 4 && input[0] == 0xFF && input[1] == 0xFE && (input[2] != 0x00 || input[3] != 0x00)) { + return 100; + } + +@@ -76,7 +78,7 @@ + bool hasBOM = FALSE; + int32_t confidence = 0; + +- if (getChar(input, 0) == 0x0000FEFFUL) { ++ if (limit > 0 && getChar(input, 0) == 0x0000FEFFUL) { + hasBOM = TRUE; + } + +Only in icu/source/i18n: csrucode.cpp.orig diff --git a/icu/makefile.mk b/icu/makefile.mk index 1f6e8e8f5652..35894cc2485c 100644 --- a/icu/makefile.mk +++ b/icu/makefile.mk @@ -46,6 +46,7 @@ TARFILE_ROOTDIR=icu #http://bugs.icu-project.org/trac/ticket/8198 rendering with 0D30 and 0D31 PATCH_FILES=\ + icu4c.10318.CVE-2013-2924_changeset_34076_icu-49.patch \ icu4c.10129.wintz.patch \ icu4c.9948.mlym-crash.patch \ icu4c-bsd.patch \ |