From 80f469e7df57bae016daf59741ba43bbc98174ea Mon Sep 17 00:00:00 2001 From: sun_hai_10 Date: Wed, 28 Jun 2023 14:51:34 +0800 Subject: [PATCH] fix wild addr read pos SEGV on unknown address --- ...ddr-read-pos-SEGV-on-unknown-address.patch | 69 +++++++++++++++++++ icu.spec | 6 +- 2 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 bugfix-wild-addr-read-pos-SEGV-on-unknown-address.patch diff --git a/bugfix-wild-addr-read-pos-SEGV-on-unknown-address.patch b/bugfix-wild-addr-read-pos-SEGV-on-unknown-address.patch new file mode 100644 index 0000000..416a5c2 --- /dev/null +++ b/bugfix-wild-addr-read-pos-SEGV-on-unknown-address.patch @@ -0,0 +1,69 @@ +From d90f77b71a77cbd05ea53dc4788d941e7ff8158c Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 28 Jun 2023 12:40:27 +0800 +Subject: [PATCH] fix wild addr read pos SEGV on unknown address + +--- + source/common/ucharstrie.cpp | 4 ++++ + source/common/unicode/ucharstrie.h | 7 ++++++- + source/i18n/collationiterator.cpp | 3 ++- + 3 files changed, 12 insertions(+), 2 deletions(-) + +diff --git a/source/common/ucharstrie.cpp b/source/common/ucharstrie.cpp +index 24ab425..ff151cb 100644 +--- a/source/common/ucharstrie.cpp ++++ b/source/common/ucharstrie.cpp +@@ -101,6 +101,10 @@ UCharsTrie::branchNext(const UChar *pos, int32_t length, int32_t uchar) { + } + // end readValue() + pos+=delta; ++ if ((end_ != NULL) && (pos > end_)) { ++ stop(); ++ return USTRINGTRIE_NO_MATCH; ++ } + node=*pos; + result= node>=kMinValueLead ? valueResult(node) : USTRINGTRIE_NO_VALUE; + } +diff --git a/source/common/unicode/ucharstrie.h b/source/common/unicode/ucharstrie.h +index 064244a..2cafb33 100644 +--- a/source/common/unicode/ucharstrie.h ++++ b/source/common/unicode/ucharstrie.h +@@ -67,8 +67,12 @@ public: + * @stable ICU 4.8 + */ + UCharsTrie(ConstChar16Ptr trieUChars) ++ : ownedArray_(NULL), uchars_(trieUChars), ++ pos_(uchars_), remainingMatchLength_(-1), end_(NULL) {} ++ ++ UCharsTrie(ConstChar16Ptr trieUChars, ConstChar16Ptr end) + : ownedArray_(NULL), uchars_(trieUChars), +- pos_(uchars_), remainingMatchLength_(-1) {} ++ pos_(uchars_), remainingMatchLength_(-1), end_(end) {} + + /** + * Destructor. +@@ -612,6 +616,7 @@ private: + + // Pointer to next trie unit to read. NULL if no more matches. + const char16_t *pos_; ++ const char16_t *end_; + // Remaining length of a linear-match node, minus 1. Negative if not in such a node. + int32_t remainingMatchLength_; + }; +diff --git a/source/i18n/collationiterator.cpp b/source/i18n/collationiterator.cpp +index a47b3d8..a8a79a5 100644 +--- a/source/i18n/collationiterator.cpp ++++ b/source/i18n/collationiterator.cpp +@@ -500,7 +500,8 @@ CollationIterator::nextCE32FromContraction(const CollationData *d, uint32_t cont + // Normally we only need a contiguous match, + // and therefore need not remember the suffixes state from before a mismatch for retrying. + // If we are already processing skipped combining marks, then we do track the state. +- UCharsTrie suffixes(p); ++ const UChar *end = d->contexts + d->contextsLength; ++ UCharsTrie suffixes(p, end); + if(skipped != NULL && !skipped->isEmpty()) { skipped->saveTrieState(suffixes); } + UStringTrieResult match = suffixes.firstForCodePoint(c); + for(;;) { +-- +2.23.0 + diff --git a/icu.spec b/icu.spec index 8579030..a3b1cfc 100644 --- a/icu.spec +++ b/icu.spec @@ -1,6 +1,6 @@ Name: icu Version: 72.1 -Release: 6 +Release: 7 Summary: International Components for Unicode License: MIT and UCD and Public Domain URL: http://site.icu-project.org/ @@ -20,6 +20,7 @@ Patch4: 0001-add-support-loongarch64.patch Patch5: icu-Add-sw64-architecture.patch %endif Patch9000: delete-taboo-words.patch +Patch9001: bugfix-wild-addr-read-pos-SEGV-on-unknown-address.patch %description Tools and utilities for developing with icu. @@ -133,6 +134,9 @@ LD_LIBRARY_PATH=lib:stubdata:tools/ctestfw:$LD_LIBRARY_PATH bin/uconv -l %changelog +* Tue Jun 13 2023 zhangpan - 72.1-7 +- fix wild addr read pos SEGV on unknown address + * Tue Jun 13 2023 zhangpan - 72.1-6 - delete taboo words -- Gitee