Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ICU-20958 Prevent SEGV_MAPERR in UnicodeString::doAppend() #971

Merged
merged 1 commit into from
Feb 3, 2020
Merged

ICU-20958 Prevent SEGV_MAPERR in UnicodeString::doAppend() #971

merged 1 commit into from
Feb 3, 2020

Conversation

FrankYFTang
Copy link
Contributor

Checklist

@FrankYFTang FrankYFTang requested a review from sffc January 31, 2020 09:24
sffc
sffc reviewed Jan 31, 2020
View reviewed changes
icu4c/source/test/intltest/ustrtest.cpp Outdated Show resolved Hide resolved
icu4c/source/common/unistr.cpp Outdated Show resolved Hide resolved
icu4c/source/test/intltest/ustrtest.cpp Show resolved Hide resolved
@sffc
Copy link
Member

sffc commented Jan 31, 2020

There are lots of + operations all over this file. Have you verified that this is the only one where overflow matters?

@FrankYFTang
Copy link
Contributor Author

There are lots of + operations all over this file. Have you verified that this is the only one where overflow matters?

no

@sffc
Copy link
Member

sffc commented Feb 3, 2020

LGTM please squash

@jira-pull-request-webhook
Copy link

Hooray! The files in the branch are the same across the force-push. 😃

~ Your Friendly Jira-GitHub PR Checker Bot

@FrankYFTang FrankYFTang merged commit b7d08bc into unicode-org:master Feb 3, 2020
@srl295 srl295 changed the title ICU-20958 Prevent SEGV_MAPERR in append ICU-20958 Prevent SEGV_MAPERR in UnicodeString::doAppend() Feb 5, 2020
@FrankYFTang FrankYFTang deleted the ICU-20958 branch February 18, 2020 19:15
qtprojectorg pushed a commit to qt/qtwebengine-chromium that referenced this pull request Mar 5, 2020
@FrankYFTang @mibrunin
[Backport] Security bug 1044570
da60616 
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/deps/icu/+/2036290:
Cherrypick fix for SEGV_MAPERR

Avoid int32_t overflow in length addition

See
https://bugs.chromium.org/p/chromium/issues/detail?id=1044570
https://unicode-org.atlassian.net/browse/ICU-20958
unicode-org/icu#971

Bug: chromium:1044570
Change-Id: I8be1a586e38da8cbf85a2f9420cc5a7d0d68b642
Reviewed-by: Jüri Valdmann <[email protected]>
@carnil
Copy link

carnil commented Mar 18, 2020
edited
Loading

Unless mistaken this issue is present before 3d77fc1 as well (which did out split a new doAppend() from the more general doReplace(), but the overflow is present before. I have not checked where exactly it might be introduced but hope this information help any downstream which ship as well older versions of icu.

Looks indeed that for instance Ubuntu issued a USN https://usn.ubuntu.com/4305-1/ fixing versions back to 4.8.1.1 based ones.

qtprojectorg pushed a commit to qt/qtwebengine-chromium that referenced this pull request Mar 20, 2020
@FrankYFTang @mibrunin
[Backport] Security bug 1044570
24e36e9 
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/deps/icu/+/2036290:
Cherrypick fix for SEGV_MAPERR

Avoid int32_t overflow in length addition

See
https://bugs.chromium.org/p/chromium/issues/detail?id=1044570
https://unicode-org.atlassian.net/browse/ICU-20958
unicode-org/icu#971

Bug: chromium:1044570
Change-Id: I8be1a586e38da8cbf85a2f9420cc5a7d0d68b642
Reviewed-by: Jüri Valdmann <[email protected]>
srl295 pushed a commit to srl295/icu that referenced this pull request Mar 24, 2020
@FrankYFTang @srl295
ICU-20958 Prevent SEGV_MAPERR in append
0d5b662 
See unicode-org#971

(cherry picked from commit b7d08bc)
srl295 pushed a commit to srl295/icu that referenced this pull request Mar 25, 2020
@FrankYFTang @srl295
ICU-21032 Backport of ICU-20958 to 61.x
e049c37 
Backport of:
ICU-20958 Prevent SEGV_MAPERR in append

See unicode-org#971

(cherry picked from commit b7d08bc)
@srl295 srl295 mentioned this pull request Mar 25, 2020
Merged
srl295 pushed a commit that referenced this pull request Mar 27, 2020
@FrankYFTang @srl295
ICU-21032 Backport of ICU-20958 to 61.x
cafe6a0 
Backport of:
ICU-20958 Prevent SEGV_MAPERR in append

See #971

(cherry picked from commit b7d08bc)
ScSofts pushed a commit to GoogleDepends/icu that referenced this pull request Apr 3, 2020
@FrankYFTang @jungshik
Cherrypick fix for SEGV_MAPERR
9f40209 
Avoid int32_t overflow in length addition

See
https://bugs.chromium.org/p/chromium/issues/detail?id=1044570
https://unicode-org.atlassian.net/browse/ICU-20958
unicode-org/icu#971

Bug: chromium:1044570
Change-Id: I52ef1545007d708315e1fd8265ec42d1c706feed
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/deps/icu/+/2036290
Reviewed-by: Jungshik Shin <[email protected]>
@richardlau richardlau mentioned this pull request May 22, 2020
Closed
srl295 pushed a commit to srl295/icu that referenced this pull request May 22, 2020
@FrankYFTang @srl295
ICU-21032 Backport to 66.x: ICU-20958 Prevent SEGV_MAPERR in append
ee61283 
See unicode-org#971

(cherry picked from commit b7d08bc)
@srl295 srl295 mentioned this pull request May 22, 2020
Merged
srl295 pushed a commit to srl295/icu that referenced this pull request May 22, 2020
@FrankYFTang @srl295
ICU-20958 Prevent SEGV_MAPERR in append
870038d 
See unicode-org#971

(cherry picked from commit b7d08bc)
srl295 pushed a commit to srl295/icu that referenced this pull request May 22, 2020
@FrankYFTang @srl295
ICU-21032 65.x backport ICU-20958 Prevent SEGV_MAPERR in append
804957d 
See unicode-org#971

(cherry picked from commit b7d08bc)
@srl295 srl295 mentioned this pull request May 22, 2020
Merged
srl295 pushed a commit that referenced this pull request May 26, 2020
@FrankYFTang @srl295
ICU-21032 65.x backport ICU-20958 Prevent SEGV_MAPERR in append
f08a84e 
See #971

(cherry picked from commit b7d08bc)
srl295 pushed a commit to srl295/icu that referenced this pull request May 26, 2020
@FrankYFTang @srl295
ICU-21032 Backport to 64.x: ICU-20958 Prevent SEGV_MAPERR in append
229676a 
See unicode-org#971

(cherry picked from commit b7d08bc)
srl295 pushed a commit to srl295/icu that referenced this pull request May 26, 2020
@FrankYFTang @srl295
ICU-21032 Backport to 64.x: ICU-20958 Prevent SEGV_MAPERR in append
c94e136 
See unicode-org#971

(cherry picked from commit b7d08bc)
@srl295 srl295 mentioned this pull request May 26, 2020
Merged
@richardlau richardlau mentioned this pull request May 26, 2020
Closed
2 tasks
srl295 pushed a commit that referenced this pull request May 26, 2020
@FrankYFTang @srl295
ICU-21032 Backport to 64.x: ICU-20958 Prevent SEGV_MAPERR in append
18b212f 
See #971

(cherry picked from commit b7d08bc)
srl295 pushed a commit that referenced this pull request May 26, 2020
@FrankYFTang @srl295
ICU-21032 Backport to 66.x: ICU-20958 Prevent SEGV_MAPERR in append
3ca5d8c 
See #971

(cherry picked from commit b7d08bc)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jefgen jefgen jefgen left review comments

@aheninger aheninger aheninger left review comments

@sffc sffc sffc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@FrankYFTang @sffc @carnil @aheninger @jefgen