Resolves: rhbz#1015594 CVE-2013-2924 use-after-free
Added icu.10318.CVE-2013-2924_changeset_34076.patch from https://ssl.icu-project.org/trac/changeset/34076 assigned to https://ssl.icu-project.org/trac/ticket/10318
This commit is contained in:
parent
590981edcd
commit
0006de77b5
36
icu.10318.CVE-2013-2924_changeset_34076.patch
Normal file
36
icu.10318.CVE-2013-2924_changeset_34076.patch
Normal file
@ -0,0 +1,36 @@
|
||||
Index: /icu/trunk/source/i18n/csrucode.cpp
|
||||
===================================================================
|
||||
--- orig.icu/source/i18n/csrucode.cpp (revision 34075)
|
||||
+++ icu/source/i18n/csrucode.cpp (revision 34076)
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
**********************************************************************
|
||||
- * Copyright (C) 2005-2012, International Business Machines
|
||||
+ * Copyright (C) 2005-2013, International Business Machines
|
||||
* Corporation and others. All Rights Reserved.
|
||||
**********************************************************************
|
||||
@@ -34,6 +34,7 @@
|
||||
const uint8_t *input = textIn->fRawInput;
|
||||
int32_t confidence = 0;
|
||||
+ int32_t length = textIn->fRawLength;
|
||||
|
||||
- if (input[0] == 0xFE && input[1] == 0xFF) {
|
||||
+ if (length >=2 && input[0] == 0xFE && input[1] == 0xFF) {
|
||||
confidence = 100;
|
||||
}
|
||||
@@ -58,6 +59,7 @@
|
||||
const uint8_t *input = textIn->fRawInput;
|
||||
int32_t confidence = 0;
|
||||
+ int32_t length = textIn->fRawLength;
|
||||
|
||||
- if (input[0] == 0xFF && input[1] == 0xFE && (input[2] != 0x00 || input[3] != 0x00)) {
|
||||
+ if (length >= 4 && input[0] == 0xFF && input[1] == 0xFE && (input[2] != 0x00 || input[3] != 0x00)) {
|
||||
confidence = 100;
|
||||
}
|
||||
@@ -82,5 +84,5 @@
|
||||
int32_t confidence = 0;
|
||||
|
||||
- if (getChar(input, 0) == 0x0000FEFFUL) {
|
||||
+ if (limit > 0 && getChar(input, 0) == 0x0000FEFFUL) {
|
||||
hasBOM = TRUE;
|
||||
}
|
7
icu.spec
7
icu.spec
@ -1,6 +1,6 @@
|
||||
Name: icu
|
||||
Version: 50.1.2
|
||||
Release: 8%{?dist}
|
||||
Release: 9%{?dist}
|
||||
Summary: International Components for Unicode
|
||||
Group: Development/Tools
|
||||
License: MIT and UCD and Public Domain
|
||||
@ -20,6 +20,7 @@ Patch4: icu.9948.mlym-crash.patch
|
||||
Patch5: gennorm2-man.patch
|
||||
Patch6: icuinfo-man.patch
|
||||
Patch7: icu.10143.memory.leak.crash.patch
|
||||
Patch8: icu.10318.CVE-2013-2924_changeset_34076.patch
|
||||
|
||||
%description
|
||||
Tools and utilities for developing with icu.
|
||||
@ -70,6 +71,7 @@ BuildArch: noarch
|
||||
%patch5 -p1 -b .gennorm2-man.patch
|
||||
%patch6 -p1 -b .icuinfo-man.patch
|
||||
%patch7 -p1 -b .icu10143.memory.leak.crash.patch
|
||||
%patch8 -p1 -b .icu10318.CVE-2013-2924_changeset_34076.patch
|
||||
|
||||
%build
|
||||
cd source
|
||||
@ -177,6 +179,9 @@ make %{?_smp_mflags} -C source check
|
||||
%doc source/__docs/%{name}/html/*
|
||||
|
||||
%changelog
|
||||
* Wed Oct 09 2013 Eike Rathke <erack@redhat.com> - 50.1.2-9
|
||||
- Resolves: rhbz#1015594 CVE-2013-2924 use-after-free
|
||||
|
||||
* Fri Oct 04 2013 Eike Rathke <erack@redhat.com> - 50.1.2-8
|
||||
- added %{?_isa} to Requires for multi-arch systems
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user