diff options
| -rw-r--r-- | external/icu/CVE-2018-18928.patch.2 | 63 | ||||
| -rw-r--r-- | external/icu/UnpackedTarball_icu.mk | 1 |
2 files changed, 64 insertions, 0 deletions
diff --git a/external/icu/CVE-2018-18928.patch.2 b/external/icu/CVE-2018-18928.patch.2 new file mode 100644 index 000000000000..f92cee05ceed --- /dev/null +++ b/external/icu/CVE-2018-18928.patch.2 @@ -0,0 +1,63 @@ +From 6cbd62e59e30f73b444be89ea71fd74275ac53a4 Mon Sep 17 00:00:00 2001 +From: Shane Carr <shane@unicode.org> +Date: Mon, 29 Oct 2018 23:52:44 -0700 +Subject: [PATCH] ICU-20246 Fixing another integer overflow in number parsing. + +(cherry picked from commit 53d8c8f3d181d87a6aa925b449b51c4a2c922a51) +--- + icu4c/source/i18n/fmtable.cpp | 2 +- + icu4c/source/i18n/number_decimalquantity.cpp | 5 ++++- + icu4c/source/test/intltest/numfmtst.cpp | 8 ++++++++ + .../icu/impl/number/DecimalQuantity_AbstractBCD.java | 5 ++++- + .../impl/number/DecimalQuantity_DualStorageBCD.java | 10 +++++++++- + .../com/ibm/icu/dev/test/format/NumberFormatTest.java | 5 +++++ + 6 files changed, 31 insertions(+), 4 deletions(-) + +diff --git a/icu4c/source/i18n/fmtable.cpp b/icu4c/source/i18n/fmtable.cpp +index 45c7024fc29..8601d95f4a6 100644 +--- a/icu4c/source/i18n/fmtable.cpp ++++ b/icu4c/source/i18n/fmtable.cpp +@@ -734,7 +734,7 @@ CharString *Formattable::internalGetCharString(UErrorCode &status) { + // not print scientific notation for magnitudes greater than -5 and smaller than some amount (+5?). + if (fDecimalQuantity->isZero()) { + fDecimalStr->append("0", -1, status); +- } else if (std::abs(fDecimalQuantity->getMagnitude()) < 5) { ++ } else if (fDecimalQuantity->getMagnitude() != INT32_MIN && std::abs(fDecimalQuantity->getMagnitude()) < 5) { + fDecimalStr->appendInvariantChars(fDecimalQuantity->toPlainString(), status); + } else { + fDecimalStr->appendInvariantChars(fDecimalQuantity->toScientificString(), status); +diff --git a/icu4c/source/i18n/number_decimalquantity.cpp b/icu4c/source/i18n/number_decimalquantity.cpp +index 2c4182b1c6e..f6f2b20fab0 100644 +--- a/icu4c/source/i18n/number_decimalquantity.cpp ++++ b/icu4c/source/i18n/number_decimalquantity.cpp +@@ -820,7 +820,10 @@ UnicodeString DecimalQuantity::toScientificString() const { + } + result.append(u'E'); + int32_t _scale = upperPos + scale; +- if (_scale < 0) { ++ if (_scale == INT32_MIN) { ++ result.append({u"-2147483648", -1}); ++ return result; ++ } else if (_scale < 0) { + _scale *= -1; + result.append(u'-'); + } else { +diff --git a/icu4c/source/test/intltest/numfmtst.cpp b/icu4c/source/test/intltest/numfmtst.cpp +index 34355939113..8d52dc122bf 100644 +--- a/icu4c/source/test/intltest/numfmtst.cpp ++++ b/icu4c/source/test/intltest/numfmtst.cpp +@@ -9226,6 +9226,14 @@ void NumberFormatTest::Test20037_ScientificIntegerOverflow() { + assertEquals(u"Should not overflow and should parse only the first exponent", + u"1E-2147483647", + {sp.data(), sp.length(), US_INV}); ++ ++ // Test edge case overflow of exponent ++ result = Formattable(); ++ nf->parse(u".0003e-2147483644", result, status); ++ sp = result.getDecimalNumber(status); ++ assertEquals(u"Should not overflow", ++ u"3E-2147483648", ++ {sp.data(), sp.length(), US_INV}); + } + + void NumberFormatTest::Test13840_ParseLongStringCrash() { diff --git a/external/icu/UnpackedTarball_icu.mk b/external/icu/UnpackedTarball_icu.mk index b241e8db7c13..9e5f7974a700 100644 --- a/external/icu/UnpackedTarball_icu.mk +++ b/external/icu/UnpackedTarball_icu.mk @@ -38,6 +38,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,icu,\ external/icu/icu4c-61-werror-shadow.patch.1 \ external/icu/gcc9.patch \ external/icu/char8_t.patch \ + external/icu/CVE-2018-18928.patch.2 \ )) $(eval $(call gb_UnpackedTarball_add_file,icu,source/data/brkitr/khmerdict.dict,external/icu/khmerdict.dict)) |