diff options
Diffstat (limited to 'meta/recipes-support/icu/icu/CVE-2018-18928.patch')
| -rw-r--r-- | meta/recipes-support/icu/icu/CVE-2018-18928.patch | 63 |
1 files changed, 0 insertions, 63 deletions
diff --git a/meta/recipes-support/icu/icu/CVE-2018-18928.patch b/meta/recipes-support/icu/icu/CVE-2018-18928.patch deleted file mode 100644 index 19c50e4e76..0000000000 --- a/meta/recipes-support/icu/icu/CVE-2018-18928.patch +++ /dev/null @@ -1,63 +0,0 @@ -CVE: CVE-2018-18928 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From 53d8c8f3d181d87a6aa925b449b51c4a2c922a51 Mon Sep 17 00:00:00 2001 -From: Shane Carr <shane@unicode.org> -Date: Mon, 29 Oct 2018 23:52:44 -0700 -Subject: [PATCH] ICU-20246 Fixing another integer overflow in number parsing. - ---- - i18n/fmtable.cpp | 2 +- - i18n/number_decimalquantity.cpp | 5 ++++- - test/intltest/numfmtst.cpp | 8 ++++++++ - 6 files changed, 31 insertions(+), 4 deletions(-) - -diff --git a/i18n/fmtable.cpp b/i18n/fmtable.cpp -index 45c7024fc29..8601d95f4a6 100644 ---- a/i18n/fmtable.cpp -+++ b/i18n/fmtable.cpp -@@ -734,7 +734,7 @@ CharString *Formattable::internalGetCharString(UErrorCode &status) { - // not print scientific notation for magnitudes greater than -5 and smaller than some amount (+5?). - if (fDecimalQuantity->isZero()) { - fDecimalStr->append("0", -1, status); -- } else if (std::abs(fDecimalQuantity->getMagnitude()) < 5) { -+ } else if (fDecimalQuantity->getMagnitude() != INT32_MIN && std::abs(fDecimalQuantity->getMagnitude()) < 5) { - fDecimalStr->appendInvariantChars(fDecimalQuantity->toPlainString(), status); - } else { - fDecimalStr->appendInvariantChars(fDecimalQuantity->toScientificString(), status); -diff --git a/i18n/number_decimalquantity.cpp b/i18n/number_decimalquantity.cpp -index 47b930a564b..d5dd7ae694c 100644 ---- a/i18n/number_decimalquantity.cpp -+++ b/i18n/number_decimalquantity.cpp -@@ -898,7 +898,10 @@ UnicodeString DecimalQuantity::toScientificString() const { - } - result.append(u'E'); - int32_t _scale = upperPos + scale; -- if (_scale < 0) { -+ if (_scale == INT32_MIN) { -+ result.append({u"-2147483648", -1}); -+ return result; -+ } else if (_scale < 0) { - _scale *= -1; - result.append(u'-'); - } else { -diff --git a/test/intltest/numfmtst.cpp b/test/intltest/numfmtst.cpp -index 34355939113..8d52dc122bf 100644 ---- a/test/intltest/numfmtst.cpp -+++ b/test/intltest/numfmtst.cpp -@@ -9226,6 +9226,14 @@ void NumberFormatTest::Test20037_ScientificIntegerOverflow() { - assertEquals(u"Should not overflow and should parse only the first exponent", - u"1E-2147483647", - {sp.data(), sp.length(), US_INV}); -+ -+ // Test edge case overflow of exponent -+ result = Formattable(); -+ nf->parse(u".0003e-2147483644", result, status); -+ sp = result.getDecimalNumber(status); -+ assertEquals(u"Should not overflow", -+ u"3E-2147483648", -+ {sp.data(), sp.length(), US_INV}); - } - - void NumberFormatTest::Test13840_ParseLongStringCrash() { |