head	1.1;
access;
symbols
	pkgsrc-2017Q1:1.1.0.2;
locks; strict;
comment	@// @;


1.1
date	2017.04.25.17.54.53;	author bsiegert;	state dead;
branches
	1.1.2.1;
next	;
commitid	g88b3A1OaDGrtWOz;

1.1.2.1
date	2017.04.25.17.54.53;	author bsiegert;	state Exp;
branches;
next	;
commitid	g88b3A1OaDGrtWOz;


desc
@@


1.1
log
@file patch-common_rbbiscan.cpp was initially added on branch pkgsrc-2017Q1.
@
text
@@


1.1.2.1
log
@Pullup ticket #5357 - requested by maya
textproc/icu: security fix (backported)

ICU had a vulnerability (CVE-2017-786[78])
Unfortunately they fixed it by doing a major release and have previously
broken other packages at runtime with such updates.

I've made backports of all the changesets that were mentioned in any of
the links, specifically the oss-fuzz report was somewhat broad and
mentioned 39673 which backported several 'crash' changesets:
http://bugs.icu-project.org/trac/changeset/39663
http://bugs.icu-project.org/trac/changeset/39669
http://bugs.icu-project.org/trac/changeset/39671

The advisory only references code changes relevant to 39671, we could
limit the backport to that.
https://www.debian.org/security/2017/dsa-3830

I've run make replace and smoke-tested with midori
they have a rather extensive testsuite. I've run it with 'make test' and
it didn't show any issues.

These are manual backports by myself as the patches did not apply
cleanly.
@
text
@a0 24
$NetBSD$

Backport upstream changeset 39669
ticket:12932 RBBI rule parsing, fix incorrect handling of node stack overflow.

--- common/rbbiscan.cpp.orig	2016-07-22 21:50:34.000000000 +0000
+++ common/rbbiscan.cpp
@@@@ -1179,13 +1179,12 @@@@ RBBINode  *RBBIRuleScanner::pushNewNode(
     if (U_FAILURE(*fRB->fStatus)) {
         return NULL;
     }
-    fNodeStackPtr++;
-    if (fNodeStackPtr >= kStackSize) {
-        error(U_BRK_INTERNAL_ERROR);
+    if (fNodeStackPtr >= kStackSize - 1) {
+        error(U_BRK_RULE_SYNTAX);
         RBBIDebugPuts("RBBIRuleScanner::pushNewNode - stack overflow.");
-        *fRB->fStatus = U_BRK_INTERNAL_ERROR;
         return NULL;
     }
+    fNodeStackPtr++;
     fNodeStack[fNodeStackPtr] = new RBBINode(t);
     if (fNodeStack[fNodeStackPtr] == NULL) {
         *fRB->fStatus = U_MEMORY_ALLOCATION_ERROR;
@