diff options
| author | Eike Rathke <erack@redhat.com> | 2013-10-16 16:10:46 +0200 |
|---|---|---|
| committer | Eike Rathke <erack@redhat.com> | 2013-10-16 16:13:21 +0200 |
| commit | 7693a4b9fbb60105d8438465db51c7afef4c3eb1 (patch) | |
| tree | e44943bd8369b2dcadbddcb175fc7512a67a5cee /icu | |
| parent | 628f572791c559cecd400ed402aa0d8140bfd180 (diff) | |
Resolves: rhbz#1015594 CVE-2013-2924 use-after-free
Added icu.10318.CVE-2013-2924_changeset_34076.patch from
https://ssl.icu-project.org/trac/changeset/34076 assigned to
https://ssl.icu-project.org/trac/ticket/10318
Change-Id: I93a33e59aec9b79fb8d4b1517cd0990c79ee65fb
Diffstat (limited to 'icu')
| -rw-r--r-- | icu/UnpackedTarball_icu.mk | 1 | ||||
| -rw-r--r-- | icu/icu4c.10318.CVE-2013-2924_changeset_34076.patch | 36 |
2 files changed, 37 insertions, 0 deletions
diff --git a/icu/UnpackedTarball_icu.mk b/icu/UnpackedTarball_icu.mk index ef56ce9fa0be..dac90d579e0e 100644 --- a/icu/UnpackedTarball_icu.mk +++ b/icu/UnpackedTarball_icu.mk @@ -18,6 +18,7 @@ $(eval $(call gb_UnpackedTarball_set_pre_action,icu,\ )) $(eval $(call gb_UnpackedTarball_add_patches,icu,\ + icu/icu4c.10318.CVE-2013-2924_changeset_34076.patch \ icu/icu4c.10129.wintz.patch \ icu/icu4c-build.patch \ icu/icu4c-aix.patch \ diff --git a/icu/icu4c.10318.CVE-2013-2924_changeset_34076.patch b/icu/icu4c.10318.CVE-2013-2924_changeset_34076.patch new file mode 100644 index 000000000000..90f50ab0318f --- /dev/null +++ b/icu/icu4c.10318.CVE-2013-2924_changeset_34076.patch @@ -0,0 +1,36 @@ +Index: /icu/trunk/source/i18n/csrucode.cpp +=================================================================== +--- a/orig.icu/source/i18n/csrucode.cpp (revision 34075) ++++ b/icu/source/i18n/csrucode.cpp (revision 34076) +@@ -1,5 +1,5 @@ + /* + ********************************************************************** +- * Copyright (C) 2005-2012, International Business Machines ++ * Copyright (C) 2005-2013, International Business Machines + * Corporation and others. All Rights Reserved. + ********************************************************************** +@@ -34,6 +34,7 @@ + const uint8_t *input = textIn->fRawInput; + int32_t confidence = 0; ++ int32_t length = textIn->fRawLength; + +- if (input[0] == 0xFE && input[1] == 0xFF) { ++ if (length >=2 && input[0] == 0xFE && input[1] == 0xFF) { + confidence = 100; + } +@@ -58,6 +59,7 @@ + const uint8_t *input = textIn->fRawInput; + int32_t confidence = 0; ++ int32_t length = textIn->fRawLength; + +- if (input[0] == 0xFF && input[1] == 0xFE && (input[2] != 0x00 || input[3] != 0x00)) { ++ if (length >= 4 && input[0] == 0xFF && input[1] == 0xFE && (input[2] != 0x00 || input[3] != 0x00)) { + confidence = 100; + } +@@ -82,5 +84,5 @@ + int32_t confidence = 0; + +- if (getChar(input, 0) == 0x0000FEFFUL) { ++ if (limit > 0 && getChar(input, 0) == 0x0000FEFFUL) { + hasBOM = TRUE; + } |