summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEike Rathke <erack@redhat.com>2013-10-16 16:39:20 +0200
committerCaolán McNamara <caolanm@redhat.com>2013-10-17 15:53:48 +0000
commit6d348beb63e8adf052503bc7921b91fd9e3ec51d (patch)
tree8af827580e9ad42d1c003d5e36c4d9d60c892e97
parent2afaef576d0567e7137a439fc98804960cd7c17c (diff)
Resolves: rhbz#1015594 CVE-2013-2924 use-after-free
Added icu4c.10318.CVE-2013-2924_changeset_34076_icu-49.patch from https://ssl.icu-project.org/trac/changeset/34076 assigned to https://ssl.icu-project.org/trac/ticket/10318 Backported to 4-0 and ICU 49 from 970eca0d3040dbf61a9c91943b4b1281fdbcf48c Change-Id: I33ba5569919878123909d032a0ed7bed43a4c549 Reviewed-on: https://gerrit.libreoffice.org/6270 Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com>
-rw-r--r--icu/icu4c.10318.CVE-2013-2924_changeset_34076_icu-49.patch43
-rw-r--r--icu/makefile.mk1
2 files changed, 44 insertions, 0 deletions
diff --git a/icu/icu4c.10318.CVE-2013-2924_changeset_34076_icu-49.patch b/icu/icu4c.10318.CVE-2013-2924_changeset_34076_icu-49.patch
new file mode 100644
index 000000000000..360a96ca61f5
--- /dev/null
+++ b/icu/icu4c.10318.CVE-2013-2924_changeset_34076_icu-49.patch
@@ -0,0 +1,43 @@
+diff -ru orig.icu/source/i18n/csrucode.cpp icu/source/i18n/csrucode.cpp
+--- misc/build/orig.icu/source/i18n/csrucode.cpp 2012-04-05 22:45:54.000000000 +0200
++++ misc/build/icu/source/i18n/csrucode.cpp 2013-10-09 18:56:06.521791271 +0200
+@@ -1,6 +1,6 @@
+ /*
+ **********************************************************************
+- * Copyright (C) 2005-2006, International Business Machines
++ * Copyright (C) 2005-2013, International Business Machines
+ * Corporation and others. All Rights Reserved.
+ **********************************************************************
+ */
+@@ -31,8 +31,9 @@
+ int32_t CharsetRecog_UTF_16_BE::match(InputText* textIn)
+ {
+ const uint8_t *input = textIn->fRawInput;
++ int32_t length = textIn->fRawLength;
+
+- if (input[0] == 0xFE && input[1] == 0xFF) {
++ if (length >=2 && input[0] == 0xFE && input[1] == 0xFF) {
+ return 100;
+ }
+
+@@ -53,8 +54,9 @@
+ int32_t CharsetRecog_UTF_16_LE::match(InputText* textIn)
+ {
+ const uint8_t *input = textIn->fRawInput;
++ int32_t length = textIn->fRawLength;
+
+- if (input[0] == 0xFF && input[1] == 0xFE && (input[2] != 0x00 || input[3] != 0x00)) {
++ if (length >= 4 && input[0] == 0xFF && input[1] == 0xFE && (input[2] != 0x00 || input[3] != 0x00)) {
+ return 100;
+ }
+
+@@ -76,7 +78,7 @@
+ bool hasBOM = FALSE;
+ int32_t confidence = 0;
+
+- if (getChar(input, 0) == 0x0000FEFFUL) {
++ if (limit > 0 && getChar(input, 0) == 0x0000FEFFUL) {
+ hasBOM = TRUE;
+ }
+
+Only in icu/source/i18n: csrucode.cpp.orig
diff --git a/icu/makefile.mk b/icu/makefile.mk
index 1f6e8e8f5652..35894cc2485c 100644
--- a/icu/makefile.mk
+++ b/icu/makefile.mk
@@ -46,6 +46,7 @@ TARFILE_ROOTDIR=icu
#http://bugs.icu-project.org/trac/ticket/8198 rendering with 0D30 and 0D31
PATCH_FILES=\
+ icu4c.10318.CVE-2013-2924_changeset_34076_icu-49.patch \
icu4c.10129.wintz.patch \
icu4c.9948.mlym-crash.patch \
icu4c-bsd.patch \