diff --git a/icu.icuXXXX.malayalam.bysyllable.patch b/icu.icuXXXX.malayalam.bysyllable.patch index eb54425..2826fed 100644 --- a/icu.icuXXXX.malayalam.bysyllable.patch +++ b/icu.icuXXXX.malayalam.bysyllable.patch @@ -167,12 +167,12 @@ diff -ruN icu.orig/source/layout/MalayalamLayoutEngine.cpp icu/source/layout/Mal + le_int32 prev = 0; + while (prev < count) + { -+ le_int32 outCharCount=0, fakeGlyphCount=0; ++ le_int32 outCharCount=0, fakeGlyphCount=0,fSyllableCount=0; + LEUnicode *outChars = NULL; + LEGlyphStorage fakeGlyphStorage; + + le_int32 syllable = IndicReordering::findSyllable(classTable, chars+offset, prev, count); -+ outCharCount = characterProcessing(chars+prev, offset, syllable-prev, max, rightToLeft, outChars, fakeGlyphStorage, success); ++ outCharCount = characterProcessing(chars+prev, offset, syllable-prev, max, rightToLeft, outChars, fakeGlyphStorage, success, ++fSyllableCount); + + if (LE_FAILURE(success)) { + return 0; @@ -258,3 +258,247 @@ diff -ru icu.orig/source/layout/MalayalamLayoutEngine.cpp icu/source/layout/Mala if (!from.fGlyphCount) return; +diff -ru icu/source/layout/ArabicLayoutEngine.cpp icu.works/source/layout/ArabicLayoutEngine.cpp +--- icu.orig/source/layout/ArabicLayoutEngine.cpp 2007-12-12 18:58:06.000000000 +0000 ++++ icu/source/layout/ArabicLayoutEngine.cpp 2008-01-25 12:19:42.000000000 +0000 +@@ -64,7 +64,7 @@ + // Output: characters, char indices, tags + // Returns: output character count + le_int32 ArabicOpenTypeLayoutEngine::characterProcessing(const LEUnicode chars[], le_int32 offset, le_int32 count, le_int32 max, le_bool rightToLeft, +- LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success) ++ LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success, le_int32) + { + if (LE_FAILURE(success)) { + return 0; +diff -ru icu/source/layout/ArabicLayoutEngine.h icu.works/source/layout/ArabicLayoutEngine.h +--- icu.orig/source/layout/ArabicLayoutEngine.h 2007-12-12 18:58:06.000000000 +0000 ++++ icu/source/layout/ArabicLayoutEngine.h 2008-01-25 12:20:14.000000000 +0000 +@@ -112,7 +112,7 @@ + * @internal + */ + virtual le_int32 characterProcessing(const LEUnicode chars[], le_int32 offset, le_int32 count, le_int32 max, le_bool rightToLeft, +- LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success); ++ LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success, le_int32 fSyllableCount); + + /** + * This method applies the GPOS table if it is present, otherwise it ensures that all vowel +diff -ru icu/source/layout/HangulLayoutEngine.cpp icu.works/source/layout/HangulLayoutEngine.cpp +--- icu.orig/source/layout/HangulLayoutEngine.cpp 2007-12-12 18:58:06.000000000 +0000 ++++ icu/source/layout/HangulLayoutEngine.cpp 2008-01-25 12:20:38.000000000 +0000 +@@ -207,7 +207,7 @@ + } + + le_int32 HangulOpenTypeLayoutEngine::characterProcessing(const LEUnicode chars[], le_int32 offset, le_int32 count, le_int32 max, le_bool rightToLeft, +- LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success) ++ LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success, le_int32) + { + if (LE_FAILURE(success)) { + return 0; +diff -ru icu/source/layout/HangulLayoutEngine.h icu.works/source/layout/HangulLayoutEngine.h +--- icu.orig/source/layout/HangulLayoutEngine.h 2007-12-12 18:58:06.000000000 +0000 ++++ icu/source/layout/HangulLayoutEngine.h 2008-01-25 12:21:15.000000000 +0000 +@@ -117,7 +117,7 @@ + * @internal + */ + virtual le_int32 characterProcessing(const LEUnicode chars[], le_int32 offset, le_int32 count, le_int32 max, le_bool rightToLeft, +- LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success); ++ LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success, le_int32 fSyllableCount=0); + }; + + U_NAMESPACE_END +diff -ru icu/source/layout/HanLayoutEngine.cpp icu.works/source/layout/HanLayoutEngine.cpp +--- icu.orig/source/layout/HanLayoutEngine.cpp 2007-12-12 18:58:06.000000000 +0000 ++++ icu/source/layout/HanLayoutEngine.cpp 2008-01-25 12:21:25.000000000 +0000 +@@ -52,7 +52,7 @@ + } + + le_int32 HanOpenTypeLayoutEngine::characterProcessing(const LEUnicode chars[], le_int32 offset, le_int32 count, le_int32 max, le_bool /*rightToLeft*/, +- LEUnicode *&/*outChars*/, LEGlyphStorage &glyphStorage, LEErrorCode &success) ++ LEUnicode *&/*outChars*/, LEGlyphStorage &glyphStorage, LEErrorCode &success, le_int32) + { + if (LE_FAILURE(success)) { + return 0; +diff -ru icu/source/layout/HanLayoutEngine.h icu.works/source/layout/HanLayoutEngine.h +--- icu.orig/source/layout/HanLayoutEngine.h 2007-12-12 18:58:06.000000000 +0000 ++++ icu/source/layout/HanLayoutEngine.h 2008-01-25 12:21:32.000000000 +0000 +@@ -96,7 +96,7 @@ + * @internal + */ + virtual le_int32 characterProcessing(const LEUnicode chars[], le_int32 offset, le_int32 count, le_int32 max, le_bool rightToLeft, +- LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success); ++ LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success, le_int32 fSyllableCount=0); + + }; + +diff -ru icu/source/layout/IndicLayoutEngine.cpp icu.works/source/layout/IndicLayoutEngine.cpp +--- icu.orig/source/layout/IndicLayoutEngine.cpp 2007-12-12 18:58:06.000000000 +0000 ++++ icu/source/layout/IndicLayoutEngine.cpp 2008-01-25 12:13:41.000000000 +0000 +@@ -75,7 +75,7 @@ + // Output: characters, char indices, tags + // Returns: output character count + le_int32 IndicOpenTypeLayoutEngine::characterProcessing(const LEUnicode chars[], le_int32 offset, le_int32 count, le_int32 max, le_bool rightToLeft, +- LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success) ++ LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success, le_int32 fSyllableCount) + { + if (LE_FAILURE(success)) { + return 0; +@@ -105,7 +105,7 @@ + + // NOTE: assumes this allocates featureTags... + // (probably better than doing the worst case stuff here...) +- le_int32 outCharCount = IndicReordering::reorder(&chars[offset], count, fScriptCode, outChars, glyphStorage, &fMPreFixups); ++ le_int32 outCharCount = IndicReordering::reorder(&chars[offset], count, fScriptCode, outChars, glyphStorage, &fMPreFixups, fSyllableCount); + + glyphStorage.adoptGlyphCount(outCharCount); + return outCharCount; +diff -ru icu/source/layout/IndicLayoutEngine.h icu.works/source/layout/IndicLayoutEngine.h +--- icu.orig/source/layout/IndicLayoutEngine.h 2007-12-12 18:58:06.000000000 +0000 ++++ icu/source/layout/IndicLayoutEngine.h 2008-01-25 12:13:12.000000000 +0000 +@@ -119,7 +119,7 @@ + * @internal + */ + virtual le_int32 characterProcessing(const LEUnicode chars[], le_int32 offset, le_int32 count, le_int32 max, le_bool rightToLeft, +- LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success); ++ LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success, le_int32 fSyllableCount = 0); + + /** + * This method does character to glyph mapping, applies the GSUB table and applies +diff -ru icu/source/layout/IndicReordering.cpp icu.works/source/layout/IndicReordering.cpp +--- icu.orig/source/layout/IndicReordering.cpp 2008-01-25 12:23:56.000000000 +0000 ++++ icu/source/layout/IndicReordering.cpp 2008-01-25 12:15:32.000000000 +0000 +@@ -138,8 +138,8 @@ + } + + public: +- IndicReorderingOutput(LEUnicode *outChars, LEGlyphStorage &glyphStorage, MPreFixups *mpreFixups) +- : fSyllableCount(0), fOutIndex(0), fOutChars(outChars), fGlyphStorage(glyphStorage), ++ IndicReorderingOutput(LEUnicode *outChars, LEGlyphStorage &glyphStorage, MPreFixups *mpreFixups,le_int32 fSyllableCount_) ++ : fSyllableCount(fSyllableCount_), fOutIndex(0), fOutChars(outChars), fGlyphStorage(glyphStorage), + fMpre(0), fMpreIndex(0), fMbelow(0), fMbelowIndex(0), fMabove(0), fMaboveIndex(0), + fMpost(0), fMpostIndex(0), fLengthMark(0), fLengthMarkIndex(0), fVirama(0), fViramaIndex(0), + fMatraFeatures(0), fMPreOutIndex(-1), fMPreFixups(mpreFixups), +@@ -480,7 +480,7 @@ + + le_int32 IndicReordering::reorder(const LEUnicode *chars, le_int32 charCount, le_int32 scriptCode, + LEUnicode *outChars, LEGlyphStorage &glyphStorage, +- MPreFixups **outMPreFixups) ++ MPreFixups **outMPreFixups, le_int32 fSyllableCount) + { + MPreFixups *mpreFixups = NULL; + const IndicClassTable *classTable = IndicClassTable::getScriptClassTable(scriptCode); +@@ -489,7 +489,7 @@ + mpreFixups = new MPreFixups(charCount); + } + +- IndicReorderingOutput output(outChars, glyphStorage, mpreFixups); ++ IndicReorderingOutput output(outChars, glyphStorage, mpreFixups, fSyllableCount); + le_int32 i, prev = 0; + le_bool lastInWord = FALSE; + +diff -ru icu/source/layout/IndicReordering.h icu.works/source/layout/IndicReordering.h +--- icu.orig/source/layout/IndicReordering.h 2008-01-25 12:23:56.000000000 +0000 ++++ icu/source/layout/IndicReordering.h 2008-01-25 12:13:59.000000000 +0000 +@@ -132,7 +132,7 @@ + + static le_int32 reorder(const LEUnicode *theChars, le_int32 charCount, le_int32 scriptCode, + LEUnicode *outChars, LEGlyphStorage &glyphStorage, +- MPreFixups **outMPreFixups); ++ MPreFixups **outMPreFixups, le_int32 fSyllableCount = 0); + + static void adjustMPres(MPreFixups *mpreFixups, LEGlyphStorage &glyphStorage); + +diff -ru icu/source/layout/KhmerLayoutEngine.cpp icu.works/source/layout/KhmerLayoutEngine.cpp +--- icu.orig/source/layout/KhmerLayoutEngine.cpp 2007-12-12 18:58:06.000000000 +0000 ++++ icu/source/layout/KhmerLayoutEngine.cpp 2008-01-25 12:21:48.000000000 +0000 +@@ -42,7 +42,7 @@ + // Output: characters, char indices, tags + // Returns: output character count + le_int32 KhmerOpenTypeLayoutEngine::characterProcessing(const LEUnicode chars[], le_int32 offset, le_int32 count, le_int32 max, le_bool rightToLeft, +- LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success) ++ LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success, le_int32) + { + if (LE_FAILURE(success)) { + return 0; +diff -ru icu/source/layout/KhmerLayoutEngine.h icu.works/source/layout/KhmerLayoutEngine.h +--- icu.orig/source/layout/KhmerLayoutEngine.h 2007-12-12 18:58:06.000000000 +0000 ++++ icu/source/layout/KhmerLayoutEngine.h 2008-01-25 12:21:56.000000000 +0000 +@@ -120,7 +120,7 @@ + * @internal + */ + virtual le_int32 characterProcessing(const LEUnicode chars[], le_int32 offset, le_int32 count, le_int32 max, le_bool rightToLeft, +- LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success); ++ LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success, le_int32 fSyllableCount=0); + + }; + +diff -ru icu/source/layout/LayoutEngine.cpp icu.works/source/layout/LayoutEngine.cpp +--- icu.orig/source/layout/LayoutEngine.cpp 2008-01-25 12:23:56.000000000 +0000 ++++ icu/source/layout/LayoutEngine.cpp 2008-01-25 12:22:05.000000000 +0000 +@@ -180,7 +180,7 @@ + } + + le_int32 LayoutEngine::characterProcessing(const LEUnicode chars[], le_int32 offset, le_int32 count, le_int32 max, le_bool rightToLeft, +- LEUnicode *&outChars, LEGlyphStorage &/*glyphStorage*/, LEErrorCode &success) ++ LEUnicode *&outChars, LEGlyphStorage &/*glyphStorage*/, LEErrorCode &success, le_int32) + { + if (LE_FAILURE(success)) { + return 0; +diff -ru icu/source/layout/LayoutEngine.h icu.works/source/layout/LayoutEngine.h +--- icu.orig/source/layout/LayoutEngine.h 2007-12-12 18:58:06.000000000 +0000 ++++ icu/source/layout/LayoutEngine.h 2008-01-25 12:22:14.000000000 +0000 +@@ -164,7 +164,7 @@ + * @internal + */ + virtual le_int32 characterProcessing(const LEUnicode chars[], le_int32 offset, le_int32 count, le_int32 max, le_bool rightToLeft, +- LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success); ++ LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success, le_int32 fSyllableCount=0); + + /** + * This method does the glyph processing. It converts an array of characters +diff -ru icu/source/layout/OpenTypeLayoutEngine.cpp icu.works/source/layout/OpenTypeLayoutEngine.cpp +--- icu.orig/source/layout/OpenTypeLayoutEngine.cpp 2007-12-12 18:58:06.000000000 +0000 ++++ icu/source/layout/OpenTypeLayoutEngine.cpp 2008-01-25 12:22:32.000000000 +0000 +@@ -149,7 +149,7 @@ + } + + le_int32 OpenTypeLayoutEngine::characterProcessing(const LEUnicode chars[], le_int32 offset, le_int32 count, le_int32 max, le_bool rightToLeft, +- LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success) ++ LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success, le_int32) + { + if (LE_FAILURE(success)) { + return 0; +diff -ru icu/source/layout/OpenTypeLayoutEngine.h icu.works/source/layout/OpenTypeLayoutEngine.h +--- icu.orig/source/layout/OpenTypeLayoutEngine.h 2007-12-12 18:58:06.000000000 +0000 ++++ icu/source/layout/OpenTypeLayoutEngine.h 2008-01-25 12:22:39.000000000 +0000 +@@ -247,7 +247,7 @@ + * @internal + */ + virtual le_int32 characterProcessing(const LEUnicode /*chars*/[], le_int32 offset, le_int32 count, le_int32 max, le_bool /*rightToLeft*/, +- LEUnicode *&/*outChars*/, LEGlyphStorage &glyphStorage, LEErrorCode &success); ++ LEUnicode *&/*outChars*/, LEGlyphStorage &glyphStorage, LEErrorCode &success, le_int32 fSyllableCount=0); + + /** + * This method does character to glyph mapping, and applies the GSUB table. The +diff -ru icu/source/layout/TibetanLayoutEngine.cpp icu.works/source/layout/TibetanLayoutEngine.cpp +--- icu.orig/source/layout/TibetanLayoutEngine.cpp 2007-12-12 18:58:06.000000000 +0000 ++++ icu/source/layout/TibetanLayoutEngine.cpp 2008-01-25 12:22:52.000000000 +0000 +@@ -48,7 +48,7 @@ + // Output: characters, char indices, tags + // Returns: output character count + le_int32 TibetanOpenTypeLayoutEngine::characterProcessing(const LEUnicode chars[], le_int32 offset, le_int32 count, le_int32 max, le_bool rightToLeft, +- LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success) ++ LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success, le_int32) + { + if (LE_FAILURE(success)) { + return 0; +diff -ru icu/source/layout/TibetanLayoutEngine.h icu.works/source/layout/TibetanLayoutEngine.h +--- icu.orig/source/layout/TibetanLayoutEngine.h 2007-12-12 18:58:06.000000000 +0000 ++++ icu/source/layout/TibetanLayoutEngine.h 2008-01-25 12:22:59.000000000 +0000 +@@ -120,7 +120,7 @@ + * @internal + */ + virtual le_int32 characterProcessing(const LEUnicode chars[], le_int32 offset, le_int32 count, le_int32 max, le_bool rightToLeft, +- LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success); ++ LEUnicode *&outChars, LEGlyphStorage &glyphStorage, LEErrorCode &success, le_int32 fSyllableCount=0); + + }; diff --git a/icu.regexp.patch b/icu.regexp.patch new file mode 100644 index 0000000..b88c8b7 --- /dev/null +++ b/icu.regexp.patch @@ -0,0 +1,301 @@ +Index: source/i18n/regexcmp.cpp +=================================================================== +--- source/i18n/regexcmp.cpp (revision 23291) ++++ source/i18n/regexcmp.cpp (revision 23292) +@@ -1186,14 +1186,17 @@ + // Because capture groups can be forward-referenced by back-references, + // we fill the operand with the capture group number. At the end + // of compilation, it will be changed to the variable's location. +- U_ASSERT(groupNum > 0); +- int32_t op; +- if (fModeFlags & UREGEX_CASE_INSENSITIVE) { +- op = URX_BUILD(URX_BACKREF_I, groupNum); ++ if (groupNum < 1) { ++ error(U_REGEX_INVALID_BACK_REF); + } else { +- op = URX_BUILD(URX_BACKREF, groupNum); ++ int32_t op; ++ if (fModeFlags & UREGEX_CASE_INSENSITIVE) { ++ op = URX_BUILD(URX_BACKREF_I, groupNum); ++ } else { ++ op = URX_BUILD(URX_BACKREF, groupNum); ++ } ++ fRXPat->fCompiledPat->addElement(op, *fStatus); + } +- fRXPat->fCompiledPat->addElement(op, *fStatus); + } + break; + +Index: source/i18n/rematch.cpp +=================================================================== +--- source/i18n/rematch.cpp (revision 23291) ++++ source/i18n/rematch.cpp (revision 23292) +@@ -30,6 +30,15 @@ + + U_NAMESPACE_BEGIN + ++// Limit the size of the back track stack, to avoid system failures caused ++// by heap exhaustion. Units are in 32 bit words, not bytes. ++// This value puts ICU's limits higher than most other regexp implementations, ++// which use recursion rather than the heap, and take more storage per ++// backtrack point. ++// This constant is _temporary_. Proper API to control the value will added. ++// ++static const int32_t BACKTRACK_STACK_CAPACITY = 8000000; ++ + //----------------------------------------------------------------------------- + // + // Constructor and Destructor +@@ -53,8 +62,9 @@ + } + if (fStack == NULL || fData == NULL) { + fDeferredStatus = U_MEMORY_ALLOCATION_ERROR; ++ } else { ++ fStack->setMaxCapacity(BACKTRACK_STACK_CAPACITY); + } +- + reset(RegexStaticSets::gStaticSets->fEmptyString); + } + +@@ -78,6 +88,8 @@ + } + if (fStack == NULL || fData == NULL) { + status = U_MEMORY_ALLOCATION_ERROR; ++ } else { ++ fStack->setMaxCapacity(BACKTRACK_STACK_CAPACITY); + } + reset(input); + } +@@ -102,6 +114,8 @@ + } + if (fStack == NULL || fData == NULL) { + status = U_MEMORY_ALLOCATION_ERROR; ++ } else { ++ fStack->setMaxCapacity(BACKTRACK_STACK_CAPACITY); + } + reset(RegexStaticSets::gStaticSets->fEmptyString); + } +@@ -1014,6 +1028,14 @@ + inline REStackFrame *RegexMatcher::StateSave(REStackFrame *fp, int32_t savePatIdx, int32_t frameSize, UErrorCode &status) { + // push storage for a new frame. + int32_t *newFP = fStack->reserveBlock(frameSize, status); ++ if (newFP == NULL) { ++ // Heap allocation error on attempted stack expansion. ++ // We need to return a writable stack frame, so just return the ++ // previous frame. The match operation will stop quickly ++ // becuase of the error status, after which the frame will never ++ // be looked at again. ++ return fp; ++ } + fp = (REStackFrame *)(newFP - frameSize); // in case of realloc of stack. + + // New stack frame = copy of old top frame. +@@ -1029,8 +1051,8 @@ + fp->fPatIdx = savePatIdx; + return (REStackFrame *)newFP; + } +- +- ++ ++ + //-------------------------------------------------------------------------------- + // + // MatchAt This is the actual matching engine. +@@ -2261,6 +2283,7 @@ + } + + if (U_FAILURE(status)) { ++ isMatch = FALSE; + break; + } + } +Index: source/test/intltest/regextst.h +=================================================================== +--- source/test/intltest/regextst.h (revision 23291) ++++ source/test/intltest/regextst.h (revision 23292) +@@ -30,6 +30,7 @@ + virtual void Extended(); + virtual void Errors(); + virtual void PerlTests(); ++ virtual void Bug6149(); + + // The following functions are internal to the regexp tests. + virtual UBool doRegexLMTest(const char *pat, const char *text, UBool looking, UBool match, int32_t line); +Index: source/test/intltest/regextst.cpp +=================================================================== +--- source/test/intltest/regextst.cpp (revision 23291) ++++ source/test/intltest/regextst.cpp (revision 23292) +@@ -66,6 +66,10 @@ + case 6: name = "PerlTests"; + if (exec) PerlTests(); + break; ++ case 7: name = "Bug 6149"; ++ if (exec) Bug6149(); ++ break; ++ + + + default: name = ""; +@@ -1639,6 +1643,12 @@ + + // Ticket 5389 + REGEX_ERR("*c", 1, 1, U_REGEX_RULE_SYNTAX); ++ ++ // Invalid Back Reference \0 ++ // For ICU 3.8 and earlier ++ // For ICU versions newer than 3.8, \0 introduces an octal escape. ++ // ++ REGEX_ERR("(ab)\\0", 1, 6, U_REGEX_INVALID_BACK_REF); + + } + +@@ -2122,6 +2132,26 @@ + } + + ++//-------------------------------------------------------------- ++// ++// Bug6149 Verify limits to heap expansion for backtrack stack. ++// Use this pattern, ++// "(a?){1,}" ++// The zero-length match will repeat forever. ++// (That this goes into a loop is another bug) ++// ++//--------------------------------------------------------------- ++void RegexTest::Bug6149() { ++ UnicodeString pattern("(a?){1,}"); ++ UnicodeString s("xyz"); ++ uint32_t flags = 0; ++ UErrorCode status = U_ZERO_ERROR; ++ ++ RegexMatcher matcher(pattern, s, flags, status); ++ UBool result = false; ++ REGEX_ASSERT_FAIL(result=matcher.matches(status), U_BUFFER_OVERFLOW_ERROR); ++ REGEX_ASSERT(result == FALSE); ++ } + + #endif /* !UCONFIG_NO_REGULAR_EXPRESSIONS */ + +Index: source/common/uvectr32.cpp +=================================================================== +--- source/common/uvectr32.cpp (revision 23291) ++++ source/common/uvectr32.cpp (revision 23292) +@@ -26,6 +26,7 @@ + UVector32::UVector32(UErrorCode &status) : + count(0), + capacity(0), ++ maxCapacity(0), + elements(NULL) + { + _init(DEFUALT_CAPACITY, status); +@@ -34,6 +35,7 @@ + UVector32::UVector32(int32_t initialCapacity, UErrorCode &status) : + count(0), + capacity(0), ++ maxCapacity(0), + elements(0) + { + _init(initialCapacity, status); +@@ -46,6 +48,9 @@ + if (initialCapacity < 1) { + initialCapacity = DEFUALT_CAPACITY; + } ++ if (maxCapacity>0 && maxCapacity= minimumCapacity) { + return TRUE; +- } else { +- int32_t newCap = capacity * 2; +- if (newCap < minimumCapacity) { +- newCap = minimumCapacity; +- } +- int32_t* newElems = (int32_t *)uprv_malloc(sizeof(int32_t)*newCap); +- if (newElems == 0) { +- status = U_MEMORY_ALLOCATION_ERROR; +- return FALSE; +- } +- uprv_memcpy(newElems, elements, sizeof(elements[0]) * count); +- uprv_free(elements); +- elements = newElems; +- capacity = newCap; +- return TRUE; + } ++ if (maxCapacity>0 && minimumCapacity>maxCapacity) { ++ status = U_BUFFER_OVERFLOW_ERROR; ++ return FALSE; ++ } ++ int32_t newCap = capacity * 2; ++ if (newCap < minimumCapacity) { ++ newCap = minimumCapacity; ++ } ++ if (maxCapacity > 0 && newCap > maxCapacity) { ++ newCap = maxCapacity; ++ } ++ int32_t* newElems = (int32_t *)uprv_malloc(sizeof(int32_t)*newCap); ++ if (newElems == 0) { ++ status = U_MEMORY_ALLOCATION_ERROR; ++ return FALSE; ++ } ++ uprv_memcpy(newElems, elements, sizeof(elements[0]) * count); ++ uprv_free(elements); ++ elements = newElems; ++ capacity = newCap; ++ return TRUE; + } + ++void UVector32::setMaxCapacity(int32_t limit) { ++ U_ASSERT(limit >= 0); ++ maxCapacity = limit; ++ if (maxCapacity < 0) { ++ maxCapacity = 0; ++ } ++} ++ + /** + * Change the size of this vector as follows: If newSize is smaller, + * then truncate the array, possibly deleting held elements for i >= +Index: source/common/uvectr32.h +=================================================================== +--- source/common/uvectr32.h (revision 23291) ++++ source/common/uvectr32.h (revision 23292) +@@ -61,6 +61,8 @@ + int32_t count; + + int32_t capacity; ++ ++ int32_t maxCapacity; // Limit beyond which capacity is not permitted to grow. + + int32_t* elements; + +@@ -162,6 +164,14 @@ + int32_t *getBuffer() const; + + /** ++ * Set the maximum allowed buffer capacity for this vector/stack. ++ * Default with no limit set is unlimited, go until malloc() fails. ++ * A Limit of zero means unlimited capacity. ++ * Units are vector elements (32 bits each), not bytes. ++ */ ++ void setMaxCapacity(int32_t limit); ++ ++ /** + * ICU "poor man's RTTI", returns a UClassID for this class. + */ + static UClassID U_EXPORT2 getStaticClassID(); +@@ -221,7 +231,9 @@ + } + + inline int32_t *UVector32::reserveBlock(int32_t size, UErrorCode &status) { +- ensureCapacity(count+size, status); ++ if (ensureCapacity(count+size, status) == FALSE) { ++ return NULL; ++ } + int32_t *rp = elements+count; + count += size; + return rp; diff --git a/icu.spec b/icu.spec index 37e7bd4..c37b97e 100644 --- a/icu.spec +++ b/icu.spec @@ -1,6 +1,6 @@ Name: icu Version: 3.8.1 -Release: 2%{?dist} +Release: 3%{?dist} Summary: International Components for Unicode Group: Development/Tools License: MIT @@ -17,8 +17,9 @@ Patch5: icu.icuXXXX.virama.prevnext.patch Patch6: icu.icu5557.safety.patch Patch7: icu.icu5506.multiplevowels.patch Patch8: icu.icuXXXX.malayalam.bysyllable.patch -Patch9: icu.icu6008.arm.padding.patch +Patch9: icu.icu6008.arm.padding.patch Patch10: icu.icu5498.openoffice.org.patch +Patch11: icu.regexp.patch %description Tools and utilities for developing with icu. @@ -66,6 +67,7 @@ Group: Documentation %patch8 -p1 -b .icuXXXX.malayalam.bysyllable.patch %patch9 -p1 -b .icu6008.arm.padding.patch %patch10 -p1 -b .icu5498.openoffice.org.patch +%patch11 -p0 -b .regexp.patch %build cd source @@ -143,6 +145,11 @@ rm -rf $RPM_BUILD_ROOT %doc source/__docs/%{name}/html/* %changelog +* Fri Jan 25 2008 Caolan McNamara - 3.8.1-3 +- CVE-2007-4770 CVE-2007-4771 add icu.regexp.patch +- Resolves: rhbz#423211 fix malalayam stuff in light of syllable + changes + * Fri Jan 11 2008 Caolan McNamara - 3.8.1-2 - remove icu.icu5365.dependantvowels.patch and cleanup icu.icu5506.multiplevowels.patch as they patch and unpatch