Resolves: CVE-2011-4599

2 files changed, 22 insertions, 1 deletions

diff --git a/icu/CVE-2011-4599.patch b/icu/CVE-2011-4599.patch
new file mode 100644
index 000000000000..fd8b12111c6b
--- /dev/null
+++ b/icu/CVE-2011-4599.patch
@@ -0,0 +1,20 @@
+--- misc/icu/source/source/common/uloc.c
++++ misc/build/icu/source/common/uloc.c
+@@ -1797,7 +1797,7 @@
+                 int32_t variantLen = _deleteVariant(variant, uprv_min(variantSize, (nameCapacity-len)), variantToCompare, n);
+                 len -= variantLen;
+                 if (variantLen > 0) {
+-                    if (name[len-1] == '_') { /* delete trailing '_' */
++                    if (len > 0 && name[len-1] == '_') { /* delete trailing '_' */
+                         --len;
+                     }
+                     addKeyword = VARIANT_MAP[j].keyword;
+@@ -1805,7 +1805,7 @@
+                     break;
+                 }
+             }
+-            if (name[len-1] == '_') { /* delete trailing '_' */
++            if (len > 0 && len <= nameCapacity && name[len-1] == '_') { /* delete trailing '_' */
+                 --len;
+             }
+         }
diff --git a/icu/makefile.mk b/icu/makefile.mk
index 595ed2028354..cb024752625d 100644
--- a/icu/makefile.mk
+++ b/icu/makefile.mk
@@ -52,7 +52,8 @@ PATCH_FILES=\
     icu4c-4_4_2-wchar_t.patch \
     icu4c-warnings.patch \
     icu4c-escapespace.patch \
-    icu4c-strict-c.patch
+    icu4c-strict-c.patch \
+    CVE-2011-4599.patch
 
 .IF "$(OS)"=="ANDROID"
 PATCH_FILES+=\