From ecbc40f40b154a47ea82410d86ef580907338ef1 Mon Sep 17 00:00:00 2001
From: Erik van Pienbroek <epienbro@fedoraproject.org>
Date: Thu, 29 May 2014 16:33:13 +0200
Subject: [PATCH] Fix CVE-2013-2924 (RHBZ #1015595)

---
 icu.10318.CVE-2013-2924_changeset_34076.patch | 36 +++++++++++++++++++
 mingw-icu.spec                                |  5 +++
 2 files changed, 41 insertions(+)
 create mode 100644 icu.10318.CVE-2013-2924_changeset_34076.patch

diff --git a/icu.10318.CVE-2013-2924_changeset_34076.patch b/icu.10318.CVE-2013-2924_changeset_34076.patch
new file mode 100644
index 0000000..165d843
--- /dev/null
+++ b/icu.10318.CVE-2013-2924_changeset_34076.patch
@@ -0,0 +1,36 @@
+Index: /icu/trunk/source/i18n/csrucode.cpp
+===================================================================
+--- orig.icu/source/i18n/csrucode.cpp	(revision 34075)
++++ icu/source/i18n/csrucode.cpp	(revision 34076)
+@@ -1,5 +1,5 @@
+ /*
+  **********************************************************************
+- *   Copyright (C) 2005-2012, International Business Machines
++ *   Copyright (C) 2005-2013, International Business Machines
+  *   Corporation and others.  All Rights Reserved.
+  **********************************************************************
+@@ -34,6 +34,7 @@
+     const uint8_t *input = textIn->fRawInput;
+     int32_t confidence = 0;
++    int32_t length = textIn->fRawLength;
+ 
+-    if (input[0] == 0xFE && input[1] == 0xFF) {
++    if (length >=2 && input[0] == 0xFE && input[1] == 0xFF) {
+         confidence = 100;
+     }
+@@ -58,6 +59,7 @@
+     const uint8_t *input = textIn->fRawInput;
+     int32_t confidence = 0;
++    int32_t length = textIn->fRawLength;
+ 
+-    if (input[0] == 0xFF && input[1] == 0xFE && (input[2] != 0x00 || input[3] != 0x00)) {
++    if (length >= 4 && input[0] == 0xFF && input[1] == 0xFE && (input[2] != 0x00 || input[3] != 0x00)) {
+         confidence = 100;
+     }
+@@ -82,5 +84,5 @@
+     int32_t confidence = 0;
+ 
+-    if (getChar(input, 0) == 0x0000FEFFUL) {
++    if (limit > 0 && getChar(input, 0) == 0x0000FEFFUL) {
+         hasBOM = TRUE;
+     }
diff --git a/mingw-icu.spec b/mingw-icu.spec
index dbd568c..e6b914b 100644
--- a/mingw-icu.spec
+++ b/mingw-icu.spec
@@ -17,6 +17,7 @@ BuildArch:      noarch
 Patch0:         icu4c-4_6_1-crossbuild.patch
 Patch1:         icu4c-4_6_1-use-correct-genccode-assembly-on-win32-and-win64.patch
 Patch2:         icu4c-4_6_1-mingw-w64-mkdir-compatibility.patch
+Patch3:         icu.10318.CVE-2013-2924_changeset_34076.patch
 
 BuildRequires:  mingw32-filesystem >= 95
 BuildRequires:  mingw32-gcc
@@ -77,6 +78,7 @@ line, and sentence breaking, etc.
 %patch0 -p1 -b .crossbuild
 %patch1 -p1 -b .genccode
 %patch2 -p1 -b .mingw-w64
+%patch3 -p1 -b .CVE-2013-2924
 
 # Needed for patch1
 pushd source
@@ -232,6 +234,9 @@ rm -fr $RPM_BUILD_ROOT%{mingw64_libdir}/icu/pkgdata.inc
 
 
 %changelog
+* Thu May 29 2014 Erik van Pienbroek <epienbro@fedoraproject.org> - 50.1.2-3
+- Fix CVE-2013-2924 (RHBZ #1015595)
+
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 50.1.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild