Resolves: rhbz#1646703 CVE-2018-18928

This commit is contained in:
Eike Rathke 2018-11-06 12:33:18 +01:00
parent 6abff1c197
commit 7148b867f7
2 changed files with 56 additions and 1 deletions

View File

@ -2,7 +2,7 @@
Name: icu Name: icu
Version: 62.1 Version: 62.1
Release: 2%{?dist} Release: 3%{?dist}
Summary: International Components for Unicode Summary: International Components for Unicode
License: MIT and UCD and Public Domain License: MIT and UCD and Public Domain
@ -17,6 +17,7 @@ Requires: lib%{name}%{?_isa} = %{version}-%{release}
Patch4: gennorm2-man.patch Patch4: gennorm2-man.patch
Patch5: icuinfo-man.patch Patch5: icuinfo-man.patch
Patch6: rhbz1646703-icu4c-ICU-20246-integer-overflow.patch
Patch100: armv7hl-disable-tests.patch Patch100: armv7hl-disable-tests.patch
%description %description
@ -60,6 +61,7 @@ BuildArch: noarch
%setup -q -n %{name} %setup -q -n %{name}
%patch4 -p1 -b .gennorm2-man.patch %patch4 -p1 -b .gennorm2-man.patch
%patch5 -p1 -b .icuinfo-man.patch %patch5 -p1 -b .icuinfo-man.patch
%patch6 -p2 -b .rhbz1646703-icu4c-ICU-20246-integer-overflow.patch
%ifarch armv7hl %ifarch armv7hl
%patch100 -p1 -b .armv7hl-disable-tests.patch %patch100 -p1 -b .armv7hl-disable-tests.patch
%endif %endif
@ -187,6 +189,9 @@ LD_LIBRARY_PATH=lib:stubdata:tools/ctestfw:$LD_LIBRARY_PATH bin/uconv -l
%changelog %changelog
* Tue Nov 06 2018 Eike Rathke <erack@redhat.com> - 62.1-3
- Resolves: rhbz#1646703 CVE-2018-18928
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 62.1-2 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 62.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

View File

@ -0,0 +1,50 @@
From 53d8c8f3d181d87a6aa925b449b51c4a2c922a51 Mon Sep 17 00:00:00 2001
From: Shane Carr <shane@unicode.org>
Date: Mon, 29 Oct 2018 23:52:44 -0700
Subject: [PATCH] ICU-20246 Fixing another integer overflow in number parsing.
---
icu4c/source/i18n/fmtable.cpp | 2 +-
icu4c/source/i18n/number_decimalquantity.cpp | 5 ++++-
icu4c/source/test/intltest/numfmtst.cpp | 8 ++++++++
.../icu/impl/number/DecimalQuantity_AbstractBCD.java | 5 ++++-
.../impl/number/DecimalQuantity_DualStorageBCD.java | 10 +++++++++-
.../com/ibm/icu/dev/test/format/NumberFormatTest.java | 5 +++++
6 files changed, 31 insertions(+), 4 deletions(-)
erAck:
* obviously removed the icu4j *.java patch parts
* stripped the icu4c/source/test/intltest/numfmtst.cpp part because it
added code to a test that does not exist yet in ICU 62.1
* TODO: when upgrading to ICU 63.1 add that back in from
https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51.patch
diff --git a/icu4c/source/i18n/fmtable.cpp b/icu4c/source/i18n/fmtable.cpp
index 45c7024fc29..8601d95f4a6 100644
--- a/icu4c/source/i18n/fmtable.cpp
+++ b/icu4c/source/i18n/fmtable.cpp
@@ -734,7 +734,7 @@ CharString *Formattable::internalGetCharString(UErrorCode &status) {
// not print scientific notation for magnitudes greater than -5 and smaller than some amount (+5?).
if (fDecimalQuantity->isZero()) {
fDecimalStr->append("0", -1, status);
- } else if (std::abs(fDecimalQuantity->getMagnitude()) < 5) {
+ } else if (fDecimalQuantity->getMagnitude() != INT32_MIN && std::abs(fDecimalQuantity->getMagnitude()) < 5) {
fDecimalStr->appendInvariantChars(fDecimalQuantity->toPlainString(), status);
} else {
fDecimalStr->appendInvariantChars(fDecimalQuantity->toScientificString(), status);
diff --git a/icu4c/source/i18n/number_decimalquantity.cpp b/icu4c/source/i18n/number_decimalquantity.cpp
index 47b930a564b..d5dd7ae694c 100644
--- a/icu4c/source/i18n/number_decimalquantity.cpp
+++ b/icu4c/source/i18n/number_decimalquantity.cpp
@@ -898,7 +898,10 @@ UnicodeString DecimalQuantity::toScientificString() const {
}
result.append(u'E');
int32_t _scale = upperPos + scale;
- if (_scale < 0) {
+ if (_scale == INT32_MIN) {
+ result.append({u"-2147483648", -1});
+ return result;
+ } else if (_scale < 0) {
_scale *= -1;
result.append(u'-');
} else {