diff options
Diffstat (limited to 'external/icu/CVE-2018-18928.patch.2')
| -rw-r--r-- | external/icu/CVE-2018-18928.patch.2 | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/external/icu/CVE-2018-18928.patch.2 b/external/icu/CVE-2018-18928.patch.2 new file mode 100644 index 000000000000..f92cee05ceed --- /dev/null +++ b/external/icu/CVE-2018-18928.patch.2 @@ -0,0 +1,63 @@ +From 6cbd62e59e30f73b444be89ea71fd74275ac53a4 Mon Sep 17 00:00:00 2001 +From: Shane Carr <shane@unicode.org> +Date: Mon, 29 Oct 2018 23:52:44 -0700 +Subject: [PATCH] ICU-20246 Fixing another integer overflow in number parsing. + +(cherry picked from commit 53d8c8f3d181d87a6aa925b449b51c4a2c922a51) +--- + icu4c/source/i18n/fmtable.cpp | 2 +- + icu4c/source/i18n/number_decimalquantity.cpp | 5 ++++- + icu4c/source/test/intltest/numfmtst.cpp | 8 ++++++++ + .../icu/impl/number/DecimalQuantity_AbstractBCD.java | 5 ++++- + .../impl/number/DecimalQuantity_DualStorageBCD.java | 10 +++++++++- + .../com/ibm/icu/dev/test/format/NumberFormatTest.java | 5 +++++ + 6 files changed, 31 insertions(+), 4 deletions(-) + +diff --git a/icu4c/source/i18n/fmtable.cpp b/icu4c/source/i18n/fmtable.cpp +index 45c7024fc29..8601d95f4a6 100644 +--- a/icu4c/source/i18n/fmtable.cpp ++++ b/icu4c/source/i18n/fmtable.cpp +@@ -734,7 +734,7 @@ CharString *Formattable::internalGetCharString(UErrorCode &status) { + // not print scientific notation for magnitudes greater than -5 and smaller than some amount (+5?). + if (fDecimalQuantity->isZero()) { + fDecimalStr->append("0", -1, status); +- } else if (std::abs(fDecimalQuantity->getMagnitude()) < 5) { ++ } else if (fDecimalQuantity->getMagnitude() != INT32_MIN && std::abs(fDecimalQuantity->getMagnitude()) < 5) { + fDecimalStr->appendInvariantChars(fDecimalQuantity->toPlainString(), status); + } else { + fDecimalStr->appendInvariantChars(fDecimalQuantity->toScientificString(), status); +diff --git a/icu4c/source/i18n/number_decimalquantity.cpp b/icu4c/source/i18n/number_decimalquantity.cpp +index 2c4182b1c6e..f6f2b20fab0 100644 +--- a/icu4c/source/i18n/number_decimalquantity.cpp ++++ b/icu4c/source/i18n/number_decimalquantity.cpp +@@ -820,7 +820,10 @@ UnicodeString DecimalQuantity::toScientificString() const { + } + result.append(u'E'); + int32_t _scale = upperPos + scale; +- if (_scale < 0) { ++ if (_scale == INT32_MIN) { ++ result.append({u"-2147483648", -1}); ++ return result; ++ } else if (_scale < 0) { + _scale *= -1; + result.append(u'-'); + } else { +diff --git a/icu4c/source/test/intltest/numfmtst.cpp b/icu4c/source/test/intltest/numfmtst.cpp +index 34355939113..8d52dc122bf 100644 +--- a/icu4c/source/test/intltest/numfmtst.cpp ++++ b/icu4c/source/test/intltest/numfmtst.cpp +@@ -9226,6 +9226,14 @@ void NumberFormatTest::Test20037_ScientificIntegerOverflow() { + assertEquals(u"Should not overflow and should parse only the first exponent", + u"1E-2147483647", + {sp.data(), sp.length(), US_INV}); ++ ++ // Test edge case overflow of exponent ++ result = Formattable(); ++ nf->parse(u".0003e-2147483644", result, status); ++ sp = result.getDecimalNumber(status); ++ assertEquals(u"Should not overflow", ++ u"3E-2147483648", ++ {sp.data(), sp.length(), US_INV}); + } + + void NumberFormatTest::Test13840_ParseLongStringCrash() { |