Home | History | Annotate | Download | only in patches 
      1 Index: source/common/uloc.c
      2 ===================================================================
      3 --- source/common/uloc.c	(revision 68397)
      4 +++ source/common/uloc.c	(working copy)
      5 @@ -693,6 +693,13 @@
      6                      keywordList[numKeywords].keyword[n++] = uprv_tolower(pos[i]);
      7                  }
      8              }
      9 +
     10 +            /* zero-length keyword is an error. */
     11 +            if (n == 0) {
     12 +                *status = U_INVALID_FORMAT_ERROR;
     13 +                return 0;
     14 +            }
     15 +
     16              keywordList[numKeywords].keyword[n] = 0;
     17              keywordList[numKeywords].keywordLen = n;
     18              /* now grab the value part. First we skip the '=' */
     19 @@ -701,8 +708,15 @@
     20              while(*equalSign == ' ') {
     21                  equalSign++;
     22              }
     23 +
     24 +            /* Premature end or zero-length value */
     25 +            if (!equalSign || equalSign == semicolon) {
     26 +                *status = U_INVALID_FORMAT_ERROR;
     27 +                return 0;
     28 +            }
     29 +
     30              keywordList[numKeywords].valueStart = equalSign;
     31 -            
     32 +
     33              pos = semicolon;
     34              i = 0;
     35              if(pos) {
     36 @@ -713,7 +727,7 @@
     37                  pos++;
     38              } else {
     39                  i = (int32_t)uprv_strlen(equalSign);
     40 -                while(equalSign[i-1] == ' ') {
     41 +                while(i && equalSign[i-1] == ' ') {
     42                      i--;
     43                  }
     44                  keywordList[numKeywords].valueLen = i;
     45 @@ -1797,7 +1811,7 @@
     46                  int32_t variantLen = _deleteVariant(variant, uprv_min(variantSize, (nameCapacity-len)), variantToCompare, n);
     47                  len -= variantLen;
     48                  if (variantLen > 0) {
     49 -                    if (name[len-1] == '_') { /* delete trailing '_' */
     50 +                    if (len > 0 && name[len-1] == '_') { /* delete trailing '_' */
     51                          --len;
     52                      }
     53                      addKeyword = VARIANT_MAP[j].keyword;
     54 @@ -1805,7 +1819,7 @@
     55                      break;
     56                  }
     57              }
     58 -            if (name[len-1] == '_') { /* delete trailing '_' */
     59 +            if (len > 0 && len <= nameCapacity && name[len-1] == '_') { /* delete trailing '_' */
     60                  --len;
     61              }
     62          }
     63 Index: source/common/uresbund.c
     64 ===================================================================
     65 --- source/common/uresbund.c	(revision 122103)
     66 +++ source/common/uresbund.c	(working copy)
     67 @@ -319,7 +319,7 @@
     68      UResourceDataEntry *r = NULL;
     69      UResourceDataEntry find;
     70      /*int32_t hashValue;*/
     71 -    char name[96];
     72 +    char name[100];
     73      char aliasName[100] = { 0 };
     74      int32_t aliasLen = 0;
     75      /*UBool isAlias = FALSE;*/
     76 @@ -528,8 +528,8 @@
     77      UBool hasChopped = TRUE;
     78      UBool usingUSRData = U_USE_USRDATA && ( path == NULL || uprv_strncmp(path,U_ICUDATA_NAME,8) == 0);
     79  
     80 -    char name[96];
     81 -    char usrDataPath[96];
     82 +    char name[100];
     83 +    char usrDataPath[100];
     84  
     85      initCache(status);
     86  
     87