source/common/uloc.c - Issue 8822005: Fix buffer overflow in _canonicalize.

Side by Side Diff: source/common/uloc.c

Issue 8822005: Fix buffer overflow in _canonicalize. (Closed) Base URL: svn://chrome-svn/chrome/trunk/deps/third_party/icu46/

Patch Set: '' Created 9 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 /*	1 /*

2 **********************************************************************	2 **********************************************************************

3 * Copyright (C) 1997-2010, International Business Machines	3 * Copyright (C) 1997-2010, International Business Machines

4 * Corporation and others. All Rights Reserved.	4 * Corporation and others. All Rights Reserved.

5 **********************************************************************	5 **********************************************************************

6 *	6 *

7 * File ULOC.CPP	7 * File ULOC.CPP

8 *	8 *

9 * Modification History:	9 * Modification History:

10 *	10 *

(...skipping 1779 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1790 }	1790 }

1791	1791

1792 /* Handle generic variants first */	1792 /* Handle generic variants first */

1793 if (variant) {	1793 if (variant) {

1794 for (j=0; j<(int32_t)(sizeof(VARIANT_MAP)/sizeof(VARIANT_MAP[0])); j ++) {	1794 for (j=0; j<(int32_t)(sizeof(VARIANT_MAP)/sizeof(VARIANT_MAP[0])); j ++) {

1795 const char* variantToCompare = VARIANT_MAP[j].variant;	1795 const char* variantToCompare = VARIANT_MAP[j].variant;

1796 int32_t n = (int32_t)uprv_strlen(variantToCompare);	1796 int32_t n = (int32_t)uprv_strlen(variantToCompare);

1797 int32_t variantLen = _deleteVariant(variant, uprv_min(variantSiz e, (nameCapacity-len)), variantToCompare, n);	1797 int32_t variantLen = _deleteVariant(variant, uprv_min(variantSiz e, (nameCapacity-len)), variantToCompare, n);

1798 len -= variantLen;	1798 len -= variantLen;

1799 if (variantLen > 0) {	1799 if (variantLen > 0) {

1800 if (name[len-1] == '_') { /* delete trailing '_' */	1800 if (len > 0 && name[len-1] == '_') { /* delete trailing '_' */

1801 --len;	1801 --len;

1802 }	1802 }

1803 addKeyword = VARIANT_MAP[j].keyword;	1803 addKeyword = VARIANT_MAP[j].keyword;

1804 addValue = VARIANT_MAP[j].value;	1804 addValue = VARIANT_MAP[j].value;

1805 break;	1805 break;

1806 }	1806 }

1807 }	1807 }

1808 if (name[len-1] == '_') { /* delete trailing '_' */	1808 if (len > 0 && len <= nameCapacity && name[len-1] == '_') { /* delet e trailing '_' */

1809 --len;	1809 --len;

1810 }	1810 }

1811 }	1811 }

1812	1812

1813 /* Look up the ID in the canonicalization map */	1813 /* Look up the ID in the canonicalization map */

1814 for (j=0; j<(int32_t)(sizeof(CANONICALIZE_MAP)/sizeof(CANONICALIZE_MAP[0 ])); j++) {	1814 for (j=0; j<(int32_t)(sizeof(CANONICALIZE_MAP)/sizeof(CANONICALIZE_MAP[0 ])); j++) {

1815 const char* id = CANONICALIZE_MAP[j].id;	1815 const char* id = CANONICALIZE_MAP[j].id;

1816 int32_t n = (int32_t)uprv_strlen(id);	1816 int32_t n = (int32_t)uprv_strlen(id);

1817 if (len == n && uprv_strncmp(name, id, n) == 0) {	1817 if (len == n && uprv_strncmp(name, id, n) == 0) {

1818 if (n == 0 && tmpLocaleID != NULL) {	1818 if (n == 0 && tmpLocaleID != NULL) {

(...skipping 673 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2492 }	2492 }

2493 }	2493 }

2494 for(i=0;i<acceptListCount;i++) {	2494 for(i=0;i<acceptListCount;i++) {

2495 uprv_free(fallbackList[i]);	2495 uprv_free(fallbackList[i]);

2496 }	2496 }

2497 uprv_free(fallbackList);	2497 uprv_free(fallbackList);

2498 return -1;	2498 return -1;

2499 }	2499 }

2500	2500

2501 /eof/	2501 /eof/

OLD	NEW

« no previous file with comments | « patches/canonicalize.patch ('k') | no next file » | no next file with comments »