Re: Wheezy update of icu?

To: Bálint Réczey <balint@balintreczey.hu>
Cc: Chris Lamb <lamby@debian.org>, Laszlo Boszormenyi <gcs@debian.org>, Debian LTS <debian-lts@lists.debian.org>
Subject: Re: Wheezy update of icu?
From: Roberto C. Sánchez <roberto@connexer.com>
Date: Wed, 7 Sep 2016 08:25:36 -0400
Message-id: <[🔎] 20160907122535.GB29230@connexer.com>
Mail-followup-to: Bálint Réczey <balint@balintreczey.hu>, Chris Lamb <lamby@debian.org>, Laszlo Boszormenyi <gcs@debian.org>, Debian LTS <debian-lts@lists.debian.org>
In-reply-to: <[🔎] CAK0Odpw6r=V-XJ3Jv43Xz4NeAD9Zn8Ewbqyjgz91Vdj0pbZsaw@mail.gmail.com>
References: <1469390323.3619334.675373689.4833195A@webmail.messagingengine.com> <20160724202620.GG17851@connexer.com> <20160817132900.GC23741@connexer.com> <[🔎] CAK0OdpybMxHVpJfhDxwE65EC5dHgxzBp6f=aCCThbPcYaMQ+mQ@mail.gmail.com> <[🔎] 20160907020619.GA14152@connexer.com> <[🔎] CAK0Odpw6r=V-XJ3Jv43Xz4NeAD9Zn8Ewbqyjgz91Vdj0pbZsaw@mail.gmail.com>

On Wed, Sep 07, 2016 at 11:07:16AM +0200, Bálint Réczey wrote:
> 
> I have not found however the proposed fix on the list thus I did not
> know if you used the upstream fix.
> 
> I think it would be a good idea to send the patch to the list before the
> final upload.
> 
Good point.  I have attached the patch to this email.  I intend to
upload tonight or tomorrow (the last few days have been quite busy and I
am playing catch up).

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com

Description: fix for null termination in uloc_acceptLanguageFromHTTP
Origin: upstream, http://bugs.icu-project.org/trac/changeset/39109
Index: icu-4.8.1.1/source/test/cintltst/cloctst.c
===================================================================
--- icu-4.8.1.1.orig/source/test/cintltst/cloctst.c
+++ icu-4.8.1.1/source/test/cintltst/cloctst.c
@@ -2568,16 +2568,20 @@ static void TestAcceptLanguage(void) {
         const char *icuSet;    /**< ? */
         const char *expect;    /**< The expected locale result */
         UAcceptResult res;     /**< The expected error code */
+        UErrorCode expectStatus; /**< expected status */
     } tests[] = { 
-        /*0*/{ 0, NULL, "mt_MT", ULOC_ACCEPT_VALID },
-        /*1*/{ 1, NULL, "en", ULOC_ACCEPT_VALID },
-        /*2*/{ 2, NULL, "en", ULOC_ACCEPT_FALLBACK },
-        /*3*/{ 3, NULL, "", ULOC_ACCEPT_FAILED },
-        /*4*/{ 4, NULL, "es", ULOC_ACCEPT_VALID },
-        
-        /*5*/{ 5, NULL, "en", ULOC_ACCEPT_VALID },  /* XF */
-        /*6*/{ 6, NULL, "ja", ULOC_ACCEPT_FALLBACK },  /* XF */
-        /*7*/{ 7, NULL, "zh", ULOC_ACCEPT_FALLBACK },  /* XF */
+        /*0*/{ 0, NULL, "mt_MT", ULOC_ACCEPT_VALID, U_ZERO_ERROR},
+        /*1*/{ 1, NULL, "en", ULOC_ACCEPT_VALID, U_ZERO_ERROR},
+        /*2*/{ 2, NULL, "en", ULOC_ACCEPT_FALLBACK, U_ZERO_ERROR},
+        /*3*/{ 3, NULL, "", ULOC_ACCEPT_FAILED, U_ZERO_ERROR},
+        /*4*/{ 4, NULL, "es", ULOC_ACCEPT_VALID, U_ZERO_ERROR},
+        /*5*/{ 5, NULL, "en", ULOC_ACCEPT_VALID, U_ZERO_ERROR},  /* XF */
+        /*6*/{ 6, NULL, "ja", ULOC_ACCEPT_FALLBACK, U_ZERO_ERROR},  /* XF */
+        /*7*/{ 7, NULL, "zh", ULOC_ACCEPT_FALLBACK, U_ZERO_ERROR},  /* XF */
+        /*8*/{ 8, NULL, "", ULOC_ACCEPT_FAILED, U_ZERO_ERROR },  /*  */
+        /*9*/{ 9, NULL, "", ULOC_ACCEPT_FAILED, U_ZERO_ERROR },  /*  */
+        /*10*/{10, NULL, "", ULOC_ACCEPT_FAILED, U_BUFFER_OVERFLOW_ERROR },  /*  */
+        /*11*/{11, NULL, "", ULOC_ACCEPT_FAILED, U_BUFFER_OVERFLOW_ERROR },  /*  */
     };
     const int32_t numTests = sizeof(tests)/sizeof(tests[0]);
     static const char *http[] = {
@@ -2597,6 +2601,22 @@ static void TestAcceptLanguage(void) {
         /*5*/ "zh-xx;q=0.9, en;q=0.6",
         /*6*/ "ja-JA",
         /*7*/ "zh-xx;q=0.9",
+        /*08*/ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+               "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+               "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+               "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", /* 156 */
+        /*09*/ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+               "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+               "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+               "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB", /* 157 (this hits U_STRING_NOT_TERMINATED_WARNING ) */
+        /*10*/ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+               "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+               "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+               "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABC", /* 158 */
+        /*11*/ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+               "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+               "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+               "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", /* 163 bytes */
     };
 
     for(i=0;i<numTests;i++) {
@@ -2610,17 +2630,22 @@ static void TestAcceptLanguage(void) {
         rc = uloc_acceptLanguageFromHTTP(tmp, 199, &outResult, http[tests[i].httpSet], available, &status);
         uenum_close(available);
         log_verbose(" got %s, %s [%s]\n", tmp[0]?tmp:"(EMPTY)", acceptResult(outResult), u_errorName(status));
-        if(outResult != tests[i].res) {
-            log_err_status(status, "FAIL: #%d: expected outResult of %s but got %s\n", i, 
-                acceptResult( tests[i].res), 
+        if(status != tests[i].expectStatus) {
+          log_err_status(status, "FAIL: expected status %s but got %s\n", u_errorName(tests[i].expectStatus), u_errorName(status));
+        } else if(U_SUCCESS(tests[i].expectStatus)) {
+            /* don't check content if expected failure */
+            if(outResult != tests[i].res) {
+            log_err_status(status, "FAIL: #%d: expected outResult of %s but got %s\n", i,
+                acceptResult( tests[i].res),
                 acceptResult( outResult));
-            log_info("test #%d: http[%s], ICU[%s], expect %s, %s\n", 
+            log_info("test #%d: http[%s], ICU[%s], expect %s, %s\n",
                 i, http[tests[i].httpSet], tests[i].icuSet, tests[i].expect,acceptResult(tests[i].res));
-        }
-        if((outResult>0)&&uprv_strcmp(tmp, tests[i].expect)) {
-            log_err_status(status, "FAIL: #%d: expected %s but got %s\n", i, tests[i].expect, tmp);
-            log_info("test #%d: http[%s], ICU[%s], expect %s, %s\n", 
-                i, http[tests[i].httpSet], tests[i].icuSet, tests[i].expect, acceptResult(tests[i].res));
+            }
+            if((outResult>0)&&uprv_strcmp(tmp, tests[i].expect)) {
+              log_err_status(status, "FAIL: #%d: expected %s but got %s\n", i, tests[i].expect, tmp);
+              log_info("test #%d: http[%s], ICU[%s], expect %s, %s\n",
+                       i, http[tests[i].httpSet], tests[i].icuSet, tests[i].expect, acceptResult(tests[i].res));
+            }
         }
     }
 }
Index: icu-4.8.1.1/source/common/uloc.c
===================================================================
--- icu-4.8.1.1.orig/source/common/uloc.c
+++ icu-4.8.1.1/source/common/uloc.c
@@ -2212,7 +2212,7 @@ _uloc_strtod(const char *start, char **e
 typedef struct { 
     float q;
     int32_t dummy;  /* to avoid uninitialized memory copy from qsort */
-    char *locale;
+    char locale[ULOC_FULLNAME_CAPACITY+1];
 } _acceptLangItem;
 
 static int32_t U_CALLCONV
@@ -2267,7 +2267,6 @@ uloc_acceptLanguageFromHTTP(char *result
     int32_t i;
     int32_t l = (int32_t)uprv_strlen(httpAcceptLanguage);
     int32_t jSize;
-    char *tempstr; /* Use for null pointer check */
 
     j = smallBuffer;
     jSize = sizeof(smallBuffer)/sizeof(smallBuffer[0]);
@@ -2309,16 +2308,19 @@ uloc_acceptLanguageFromHTTP(char *result
         for(t=(paramEnd-1);(paramEnd>s)&&isspace(*t);t--)
             ;
         /* Check for null pointer from uprv_strndup */
-        tempstr = uprv_strndup(s,(int32_t)((t+1)-s));
-        if (tempstr == NULL) {
-            *status = U_MEMORY_ALLOCATION_ERROR;
-            return -1;
-        }
-        j[n].locale = tempstr;
-        uloc_canonicalize(j[n].locale,tmp,sizeof(tmp)/sizeof(tmp[0]),status);
-        if(strcmp(j[n].locale,tmp)) {
-            uprv_free(j[n].locale);
-            j[n].locale=uprv_strdup(tmp);
+        int32_t slen = ((t+1)-s);
+        if(slen > ULOC_FULLNAME_CAPACITY) {
+          *status = U_BUFFER_OVERFLOW_ERROR;
+          return -1; /* too big */
+        }
+        uprv_strncpy(j[n].locale, s, slen);
+        j[n].locale[slen]=0; /* terminate */
+        int32_t clen = uloc_canonicalize(j[n].locale,tmp,sizeof(tmp)/sizeof(tmp[0]),status);
+        if(U_FAILURE(*status)) return -1;
+        if((clen!=slen) || (uprv_strncmp(j[n].locale, tmp, slen))) {
+            /* canonicalization had an effect- copy back */
+            uprv_strncpy(j[n].locale, tmp, clen);
+            j[n].locale[clen] = 0; /* terminate */
         }
 #if defined(ULOC_DEBUG)
         /*fprintf(stderr,"%d: s <%s> q <%g>\n", n, j[n].locale, j[n].q);*/
@@ -2375,9 +2377,6 @@ uloc_acceptLanguageFromHTTP(char *result
     }
     res =  uloc_acceptLanguage(result, resultAvailable, outResult, 
         (const char**)strs, n, availableLocales, status);
-    for(i=0;i<n;i++) {
-        uprv_free(strs[i]);
-    }
     uprv_free(strs);
     if(j != smallBuffer) {
 #if defined(ULOC_DEBUG)

Reply to:

Follow-Ups:
- Re: Wheezy update of icu?
  - From: Moritz Muehlenhoff <jmm@debian.org>

References:
- Re: Wheezy update of icu?
  - From: Bálint Réczey <balint@balintreczey.hu>
- Re: Wheezy update of icu?
  - From: Roberto C. Sánchez <roberto@connexer.com>
- Re: Wheezy update of icu?
  - From: Bálint Réczey <balint@balintreczey.hu>

Prev by Date: Re: Wheezy update of libtomcrypt?
Next by Date: Wheezy update for qemu ?
Previous by thread: Re: Wheezy update of icu?
Next by thread: Re: Wheezy update of icu?
Index(es):
- Date
- Thread