Description: backport fix for CVE-2016-0494
This patch fixes the vulnerability introduced as part of CVE-2015-4844.
---
The information above should follow the Patch Tagging Guidelines, please
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:
Origin: vendor, http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/f556d4c82ef1
Bug: https://ssl.icu-project.org/trac/ticket/12020
Forwarded: no
Reviewed-By: no
Last-Update: 2016-01-30
Index: source/layout/IndicRearrangementProcessor.cpp
===================================================================
--- icu-4.4.1.orig/source/layout/IndicRearrangementProcessor.cpp
+++ icu-4.4.1/source/layout/IndicRearrangementProcessor.cpp
@@ -51,11 +51,11 @@ ByteOffset IndicRearrangementProcessor::
}
if (flags & irfMarkFirst) {
- firstGlyph = (le_uint32)currGlyph;
+ firstGlyph = currGlyph;
}
if (flags & irfMarkLast) {
- lastGlyph = (le_uint32)currGlyph;
+ lastGlyph = currGlyph;
}
doRearrangementAction(glyphStorage, (IndicRearrangementVerb) (flags & irfVerbMask), success);
@@ -93,7 +93,7 @@ void IndicRearrangementProcessor::doRear
if (firstGlyph == lastGlyph) break;
if (firstGlyph + 1 < firstGlyph) {
success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
- break;
+ break;
}
a = glyphStorage[firstGlyph];
ia = glyphStorage.getCharIndex(firstGlyph, success);
Index: source/layout/IndicRearrangementProcessor.h
===================================================================
--- icu-4.4.1.orig/source/layout/IndicRearrangementProcessor.h
+++ icu-4.4.1/source/layout/IndicRearrangementProcessor.h
@@ -51,8 +51,8 @@ public:
static UClassID getStaticClassID();
protected:
- le_uint32 firstGlyph;
- le_uint32 lastGlyph;
+ le_int32 firstGlyph;
+ le_int32 lastGlyph;
LEReferenceTo<IndicRearrangementSubtableHeader> indicRearrangementSubtableHeader;
LEReferenceToArrayOf<IndicRearrangementStateEntry> entryTable;
Index: source/layout/IndicRearrangementProcessor2.cpp
===================================================================
--- icu-4.4.1.orig/source/layout/IndicRearrangementProcessor2.cpp
+++ icu-4.4.1/source/layout/IndicRearrangementProcessor2.cpp
@@ -49,11 +49,11 @@ le_uint16 IndicRearrangementProcessor2::
}
if (flags & irfMarkFirst) {
- firstGlyph = (le_uint32)currGlyph;
+ firstGlyph = currGlyph;
}
if (flags & irfMarkLast) {
- lastGlyph = (le_uint32)currGlyph;
+ lastGlyph = currGlyph;
}
doRearrangementAction(glyphStorage, (IndicRearrangementVerb) (flags & irfVerbMask), success);
@@ -90,7 +90,7 @@ void IndicRearrangementProcessor2::doRea
if (firstGlyph == lastGlyph) break;
if (firstGlyph + 1 < firstGlyph) {
success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
- break;
+ break;
}
a = glyphStorage[firstGlyph];
ia = glyphStorage.getCharIndex(firstGlyph, success);
Index: source/layout/IndicRearrangementProcessor2.h
===================================================================
--- icu-4.4.1.orig/source/layout/IndicRearrangementProcessor2.h
+++ icu-4.4.1/source/layout/IndicRearrangementProcessor2.h
@@ -51,8 +51,8 @@ public:
static UClassID getStaticClassID();
protected:
- le_uint32 firstGlyph;
- le_uint32 lastGlyph;
+ le_int32 firstGlyph;
+ le_int32 lastGlyph;
LEReferenceToArrayOf<IndicRearrangementStateEntry2> entryTable;
LEReferenceTo<IndicRearrangementSubtableHeader2> indicRearrangementSubtableHeader;
Index: source/runConfigureICU
===================================================================
--- icu-4.4.1.orig/source/runConfigureICU
+++ icu-4.4.1/source/runConfigureICU
@@ -323,7 +323,7 @@ then
then
case $CC in
gcc|*/gcc|*-gcc-*|*/*-gcc-*)
- RELEASE_CFLAGS=-O3
+ RELEASE_CFLAGS=-O3 -fno-strict-overflow
;;
esac
fi
@@ -335,7 +335,7 @@ then
then
case $CXX in
g++|*/g++|*-g++-*|*/*-g++-*)
- RELEASE_CXXFLAGS=-O3
+ RELEASE_CXXFLAGS=-O3 -fno-strict-overflow
;;
esac
fi
