From d9c7961121bf8736e65af669719caceb0236f7b4 Mon Sep 17 00:00:00 2001
From: Sukhikh Alexander <sukhikh.alexander@huawei-partners.com>
Date: Tue, 9 Sep 2025 12:21:36 +0300
Subject: [PATCH] Fix UB in compiler

Fix UB found by int32array_join.ets tests
Issue: https://gitee.com/openharmony/arkcompiler_runtime_core/issues/ICX60J
Signed-off-by: Sukhikh Alexander <sukhikh.alexander@huawei-partners.com>
---
 static_core/libpandabase/utils/utf.cpp | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/static_core/libpandabase/utils/utf.cpp b/static_core/libpandabase/utils/utf.cpp
index 872a2d4b82..e90aa54ae5 100644
--- a/static_core/libpandabase/utils/utf.cpp
+++ b/static_core/libpandabase/utils/utf.cpp
@@ -22,6 +22,8 @@
 #include <tuple>
 #include <utility>
 
+#include "securec.h"
+
 // NOLINTNEXTLINE(hicpp-signed-bitwise)
 static constexpr uint32_t U16_SURROGATE_OFFSET = (0xd800 << 10UL) + 0xdc00 - 0x10000;
 // NOLINTNEXTLINE(cppcoreguidelines-macro-usage)
@@ -616,23 +618,25 @@ void UInt64ToUtf16Array(uint64_t v, uint16_t *outUtf16Buf, uint32_t nDigits, boo
     constexpr uint64_t POW10_1 = 10U;
     constexpr uint64_t POW10_2 = 100U;
 
-    Span<uint16_t> outSpan(outUtf16Buf, nDigits);
-    // NOLINTNEXTLINE(cppcoreguidelines-pro-bounds-pointer-arithmetic)
-    auto *out = reinterpret_cast<uint32_t *>(outUtf16Buf + nDigits);
-    int i = 0;
+    auto *bufEnd = outUtf16Buf + nDigits;
+    constexpr uint64_t endShift = 2;  // uint32_t = 2 * uint16_t
     while (v >= POW10_2) {
-        // NOLINTNEXTLINE(cppcoreguidelines-pro-bounds-pointer-arithmetic)
-        out[--i] = BIDIGITS_CODE_TAB[v % POW10_2];
+        bufEnd -= endShift;
+        if (memcpy_s(bufEnd, endShift * sizeof(uint16_t), &BIDIGITS_CODE_TAB[v % POW10_2], sizeof(uint32_t))) {
+            UNREACHABLE();
+        }
         v /= POW10_2;
     }
     if (v >= POW10_1) {
-        // NOLINTNEXTLINE(cppcoreguidelines-pro-bounds-pointer-arithmetic)
-        out[--i] = BIDIGITS_CODE_TAB[v];
+        bufEnd -= endShift;
+        if (memcpy_s(bufEnd, endShift * sizeof(uint16_t), &BIDIGITS_CODE_TAB[v], sizeof(uint32_t))) {
+            UNREACHABLE();
+        }
     } else {
-        outSpan[negative ? 1U : 0] = v + '0';
+        *(outUtf16Buf + negative) = v + '0';
     }
     if (negative) {
-        outSpan[0] = '-';
+        *outUtf16Buf = '-';
     }
 }
 
-- 
Gitee