icu: CVE-2013-2924
Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2924 (From OE-Core master rev: 36e2981687acc5b7a74f08718d4578f92af4dc8b) (From OE-Core rev: ab2d452fd9e177017c57d411ebb61728845f97bf) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
d426450b0b
commit
6757c59442
|
@ -0,0 +1,33 @@
|
|||
--- source/i18n/csrucode.cpp
|
||||
+++ source/i18n/csrucode.cpp
|
||||
@@ -33,8 +33,9 @@ UBool CharsetRecog_UTF_16_BE::match(Inpu
|
||||
{
|
||||
const uint8_t *input = textIn->fRawInput;
|
||||
int32_t confidence = 0;
|
||||
+ int32_t length = textIn->fRawLength;
|
||||
|
||||
- if (input[0] == 0xFE && input[1] == 0xFF) {
|
||||
+ if (length >=2 && input[0] == 0xFE && input[1] == 0xFF) {
|
||||
confidence = 100;
|
||||
}
|
||||
|
||||
@@ -57,8 +58,9 @@ UBool CharsetRecog_UTF_16_LE::match(Inpu
|
||||
{
|
||||
const uint8_t *input = textIn->fRawInput;
|
||||
int32_t confidence = 0;
|
||||
+ int32_t length = textIn->fRawLength;
|
||||
|
||||
- if (input[0] == 0xFF && input[1] == 0xFE && (input[2] != 0x00 || input[3] != 0x00)) {
|
||||
+ if (length >= 4 && input[0] == 0xFF && input[1] == 0xFE && (input[2] != 0x00 || input[3] != 0x00)) {
|
||||
confidence = 100;
|
||||
}
|
||||
|
||||
@@ -81,7 +83,7 @@ UBool CharsetRecog_UTF_32::match(InputTe
|
||||
bool hasBOM = FALSE;
|
||||
int32_t confidence = 0;
|
||||
|
||||
- if (getChar(input, 0) == 0x0000FEFFUL) {
|
||||
+ if (limit > 0 && getChar(input, 0) == 0x0000FEFFUL) {
|
||||
hasBOM = TRUE;
|
||||
}
|
||||
|
|
@ -7,6 +7,7 @@ PR = "r0"
|
|||
BASE_SRC_URI = "http://download.icu-project.org/files/icu4c/${PV}/icu4c-51_2-src.tgz"
|
||||
SRC_URI = "${BASE_SRC_URI} \
|
||||
file://icu-pkgdata-large-cmd.patch \
|
||||
file://add_buffer_length_check_to_UTF_16_or_32_detector.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "072e501b87065f3a0ca888f1b5165709"
|
||||
|
|
Loading…
Reference in New Issue