Google Git
Sign in
skia / external / github.com / unicode-org / icu / 7369eff4eddf3a83c03f25eaaf73ee33f46b4499
commit7369eff4eddf3a83c03f25eaaf73ee33f46b4499[log] [tgz]
authorTobias Stoeckmann <tobias@stoeckmann.org>Sat Jan 19 14:24:56 2019 +0100
committerSteven R. Loomis <srl295@gmail.com>Wed Feb 13 10:23:19 2019 -0800
tree1772a7f70ad44eba51266816a9c36ae61a954bcd
parentc04f9f1c01d1f36d8c47fdc0e233d253014d236d [diff]
ICU-20362 segfault/leftover files with long lines

If a file with an input line larger than INT32_MAX (i.e. 2 GB) contains
an UTF8 character after that limit, escapesrc crashes on 64 bit systems
or does not remove incomplete files on 32 bit systems.

The issue is that an unchecked cast from size_t to int32_t can turn
negative, which results in negative offsets during array access.

This will eventually lead to an out of boundary read, which most likely
crashes the tool.

This patch sets a fixed limit on 1 GB to make sure that no side effects
occur if the line is exactly INT32_MAX or a few bytes less. It should
still be way more than anyone would really need.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
1 file changed
tree: 1772a7f70ad44eba51266816a9c36ae61a954bcd
  1. .ci-builds/
  2. .github/
  3. icu4c/
  4. icu4j/
  5. tools/
  6. vendor/
  7. .appveyor.yml
  8. .cpyskip.txt
  9. .gitattributes
  10. .gitignore
  11. .travis.yml
  12. README.md
README.md

International Components for Unicode

This is the repository for the International Components for Unicode. The ICU project is under the stewardship of The Unicode Consortium.

ICU Logo

Build Status

BuildStatus
TravisCIBuild Status
Win x64 ReleaseBuild status
Win x86 ReleaseBuild status

Subdirectories and Information

License

Please see ./icu4c/LICENSE (C and J are under an identical license file.)

Copyright © 2016 and later Unicode, Inc. and others. All Rights Reserved. Unicode and the Unicode Logo are registered trademarks of Unicode, Inc. in the U.S. and other countries. Terms of Use and License