diff --git a/ICU-22973-Fix-buffer-overflow-by-using-CharString.patch b/ICU-22973-Fix-buffer-overflow-by-using-CharString.patch new file mode 100644 index 0000000..9a64c46 --- /dev/null +++ b/ICU-22973-Fix-buffer-overflow-by-using-CharString.patch @@ -0,0 +1,151 @@ +Backport of [PATCH] ICU-22973 Fix buffer overflow by using CharString to icu 67.1 + +diff -ru icu.orig/source/tools/genrb/parse.cpp icu/source/tools/genrb/parse.cpp +--- icu.orig/source/tools/genrb/parse.cpp 2020-04-22 22:04:20.000000000 +0200 ++++ icu/source/tools/genrb/parse.cpp 2025-07-08 12:20:47.216586739 +0200 +@@ -818,7 +818,7 @@ + struct UString *tokenValue; + struct UString comment; + enum ETokenType token; +- char subtag[1024]; ++ CharString subtag; + UnicodeString rules; + UBool haveRules = FALSE; + UVersionInfo version; +@@ -854,15 +854,15 @@ + return NULL; + } + +- u_UCharsToChars(tokenValue->fChars, subtag, u_strlen(tokenValue->fChars) + 1); +- ++ subtag.clear(); ++ subtag.appendInvariantChars(tokenValue->fChars, u_strlen(tokenValue->fChars), *status); + if (U_FAILURE(*status)) + { + res_close(result); + return NULL; + } + +- member = parseResource(state, subtag, NULL, status); ++ member = parseResource(state, subtag.data(), NULL, status); + + if (U_FAILURE(*status)) + { +@@ -873,7 +873,7 @@ + { + // Ignore the parsed resources, continue parsing. + } +- else if (uprv_strcmp(subtag, "Version") == 0 && member->isString()) ++ else if (uprv_strcmp(subtag.data(), "Version") == 0 && member->isString()) + { + StringResource *sr = static_cast(member); + char ver[40]; +@@ -890,11 +890,11 @@ + result->add(member, line, *status); + member = NULL; + } +- else if(uprv_strcmp(subtag, "%%CollationBin")==0) ++ else if(uprv_strcmp(subtag.data(), "%%CollationBin")==0) + { + /* discard duplicate %%CollationBin if any*/ + } +- else if (uprv_strcmp(subtag, "Sequence") == 0 && member->isString()) ++ else if (uprv_strcmp(subtag.data(), "Sequence") == 0 && member->isString()) + { + StringResource *sr = static_cast(member); + rules = sr->fString; +@@ -1047,7 +1047,7 @@ + struct UString *tokenValue; + struct UString comment; + enum ETokenType token; +- char subtag[1024], typeKeyword[1024]; ++ CharString subtag, typeKeyword; + uint32_t line; + + result = table_open(state->bundle, tag, NULL, status); +@@ -1089,7 +1089,8 @@ + return NULL; + } + +- u_UCharsToChars(tokenValue->fChars, subtag, u_strlen(tokenValue->fChars) + 1); ++ subtag.clear(); ++ subtag.appendInvariantChars(tokenValue->fChars, u_strlen(tokenValue->fChars), *status); + + if (U_FAILURE(*status)) + { +@@ -1097,9 +1098,9 @@ + return NULL; + } + +- if (uprv_strcmp(subtag, "default") == 0) ++ if (uprv_strcmp(subtag.data(), "default") == 0) + { +- member = parseResource(state, subtag, NULL, status); ++ member = parseResource(state, subtag.data(), NULL, status); + + if (U_FAILURE(*status)) + { +@@ -1118,22 +1119,29 @@ + if(token == TOK_OPEN_BRACE) { + token = getToken(state, &tokenValue, &comment, &line, status); + TableResource *collationRes; +- if (keepCollationType(subtag)) { +- collationRes = table_open(state->bundle, subtag, NULL, status); ++ if (keepCollationType(subtag.data())) { ++ collationRes = table_open(state->bundle, subtag.data(), NULL, status); + } else { + collationRes = NULL; + } + // need to parse the collation data regardless +- collationRes = addCollation(state, collationRes, subtag, startline, status); ++ collationRes = addCollation(state, collationRes, subtag.data(), startline, status); + if (collationRes != NULL) { + result->add(collationRes, startline, *status); + } + } else if(token == TOK_COLON) { /* right now, we'll just try to see if we have aliases */ + /* we could have a table too */ + token = peekToken(state, 1, &tokenValue, &line, &comment, status); +- u_UCharsToChars(tokenValue->fChars, typeKeyword, u_strlen(tokenValue->fChars) + 1); +- if(uprv_strcmp(typeKeyword, "alias") == 0) { +- member = parseResource(state, subtag, NULL, status); ++ typeKeyword.clear(); ++ typeKeyword.appendInvariantChars(tokenValue->fChars, u_strlen(tokenValue->fChars), *status); ++ if (U_FAILURE(*status)) ++ { ++ res_close(result); ++ return NULL; ++ } ++ ++ if(uprv_strcmp(typeKeyword.data(), "alias") == 0) { ++ member = parseResource(state, subtag.data(), NULL, status); + if (U_FAILURE(*status)) + { + res_close(result); +@@ -1175,7 +1183,7 @@ + struct UString *tokenValue=NULL; + struct UString comment; + enum ETokenType token; +- char subtag[1024]; ++ CharString subtag; + uint32_t line; + UBool readToken = FALSE; + +@@ -1214,7 +1222,8 @@ + } + + if(uprv_isInvariantUString(tokenValue->fChars, -1)) { +- u_UCharsToChars(tokenValue->fChars, subtag, u_strlen(tokenValue->fChars) + 1); ++ subtag.clear(); ++ subtag.appendInvariantChars(tokenValue->fChars, u_strlen(tokenValue->fChars), *status); + } else { + *status = U_INVALID_FORMAT_ERROR; + error(line, "invariant characters required for table keys"); +@@ -1227,7 +1236,7 @@ + return NULL; + } + +- member = parseResource(state, subtag, &comment, status); ++ member = parseResource(state, subtag.data(), &comment, status); + + if (member == NULL || U_FAILURE(*status)) + { diff --git a/icu.spec b/icu.spec index 0fad01c..ff17b57 100644 --- a/icu.spec +++ b/icu.spec @@ -2,10 +2,10 @@ Name: icu Version: 67.1 -Release: 9%{?dist} +Release: 10%{?dist} Summary: International Components for Unicode -License: MIT and UCD and Public Domain +License: Unicode-DFS-2016 AND BSD-2-Clause AND BSD-3-Clause AND LicenseRef-Fedora-Public-Domain URL: http://site.icu-project.org/ Source0: https://github.com/unicode-org/icu/releases/download/release-67-1/icu4c-67_1-src.tgz Source1: icu-config.sh @@ -20,6 +20,8 @@ Patch4: gennorm2-man.patch Patch5: icuinfo-man.patch Patch6: coverity.patch +Patch20: ICU-22973-Fix-buffer-overflow-by-using-CharString.patch + %description Tools and utilities for developing with icu. @@ -181,6 +183,10 @@ LD_LIBRARY_PATH=lib:stubdata:tools/ctestfw:$LD_LIBRARY_PATH bin/uconv -l %changelog +* Tue Jul 08 2025 Mike FABIAN - 67.1-10 +- ICU-22973 Fix buffer overflow by using CharString + Resolves: RHEL-96664 + * Wed Aug 18 2021 Mike FABIAN - 67.1-9 - Resolves: rhbz#1938741 Fix coverity scan problems