[haiku-commits] haiku: hrev50858 - src/system/libroot/add-ons/icu

  • From: jessica.l.hamilton@xxxxxxxxx
  • To: haiku-commits@xxxxxxxxxxxxx
  • Date: Wed, 11 Jan 2017 15:36:34 +0100 (CET)

hrev50858 adds 2 changesets to branch 'master'
old head: 4d83a710f5cd775ec282f8dd28c22a460cdc05b0
new head: d2423e4b3c976c4fab0412afded816a3591db333
overview: 
http://cgit.haiku-os.org/haiku/log/?qt=range&q=d2423e4b3c97+%5E4d83a710f5cd

----------------------------------------------------------------------------

079ab7f0b101: ICU add-on: validate mbState->converter before attempting to 
close.
  
  This resolves crashes in gawk with multibyte support.
  
  Fixes #12515, #13103.

d2423e4b3c97: ICUCtypeData.cpp: format string fixes for tracing.

                         [ Jessica Hamilton <jessica.l.hamilton@xxxxxxxxx> ]

----------------------------------------------------------------------------

1 file changed, 10 insertions(+), 5 deletions(-)
src/system/libroot/add-ons/icu/ICUCtypeData.cpp | 15 ++++++++++-----

############################################################################

Commit:      079ab7f0b101bc237633490cb8964f7991bedf6a
URL:         http://cgit.haiku-os.org/haiku/commit/?id=079ab7f0b101
Author:      Jessica Hamilton <jessica.l.hamilton@xxxxxxxxx>
Date:        Wed Jan 11 12:20:31 2017 UTC

Ticket:      https://dev.haiku-os.org/ticket/12515
Ticket:      https://dev.haiku-os.org/ticket/13103

ICU add-on: validate mbState->converter before attempting to close.

This resolves crashes in gawk with multibyte support.

Fixes #12515, #13103.

----------------------------------------------------------------------------

diff --git a/src/system/libroot/add-ons/icu/ICUCtypeData.cpp 
b/src/system/libroot/add-ons/icu/ICUCtypeData.cpp
index 9fd3ff2..6eed437 100644
--- a/src/system/libroot/add-ons/icu/ICUCtypeData.cpp
+++ b/src/system/libroot/add-ons/icu/ICUCtypeData.cpp
@@ -551,8 +551,13 @@ ICUCtypeData::_GetConverterForMbState(mbstate_t* mbState,
 status_t
 ICUCtypeData::_DropConverterFromMbState(mbstate_t* mbState)
 {
-       if (mbState->converter != NULL)
+       if (mbState->converter != NULL && (char*)mbState->converter >= 
mbState->data
+                       && (char*)mbState->converter < mbState->data + 8) {
+               // check that the converter actually lives in *this* mbState,
+               // otherwise we risk freeing a converter that doesn't belong to 
us;
+               // this parallels the check in _GetConverterForMbState()
                ucnv_close((UConverter*)mbState->converter);
+       }
        memset(mbState, 0, sizeof(mbstate_t));
 
        return B_OK;

############################################################################

Revision:    hrev50858
Commit:      d2423e4b3c976c4fab0412afded816a3591db333
URL:         http://cgit.haiku-os.org/haiku/commit/?id=d2423e4b3c97
Author:      Jessica Hamilton <jessica.l.hamilton@xxxxxxxxx>
Date:        Wed Jan 11 14:32:03 2017 UTC

ICUCtypeData.cpp: format string fixes for tracing.

----------------------------------------------------------------------------

diff --git a/src/system/libroot/add-ons/icu/ICUCtypeData.cpp 
b/src/system/libroot/add-ons/icu/ICUCtypeData.cpp
index 6eed437..3940c80 100644
--- a/src/system/libroot/add-ons/icu/ICUCtypeData.cpp
+++ b/src/system/libroot/add-ons/icu/ICUCtypeData.cpp
@@ -215,7 +215,7 @@ ICUCtypeData::MultibyteToWchar(wchar_t* wcOut, const char* 
mb, size_t mbLen,
        status_t result = _GetConverterForMbState(mbState, converter);
        if (result != B_OK) {
                TRACE(("MultibyteToWchar(): couldn't get converter for mbstate 
%p - "
-                               "%lx\n", mbState, result));
+                               "%" B_PRIx32 "\n", mbState, result));
                return result;
        }
 
@@ -279,7 +279,7 @@ ICUCtypeData::MultibyteStringToWchar(wchar_t* wcDest, 
size_t wcDestLength,
        status_t result = _GetConverterForMbState(mbState, converter);
        if (result != B_OK) {
                TRACE(("MultibyteStringToWchar(): couldn't get converter for 
mbstate %p"
-                               " - %lx\n", mbState, result));
+                               " - %" B_PRIx32 "\n", mbState, result));
                return result;
        }
 
@@ -349,7 +349,7 @@ ICUCtypeData::WcharToMultibyte(char* mbOut, wchar_t wc, 
mbstate_t* mbState,
        status_t result = _GetConverterForMbState(mbState, converter);
        if (result != B_OK) {
                TRACE(("WcharToMultibyte(): couldn't get converter for mbstate 
%p - "
-                               "%lx\n", mbState, result));
+                               "%" B_PRIx32 "\n", mbState, result));
                return result;
        }
 
@@ -410,7 +410,7 @@ ICUCtypeData::WcharStringToMultibyte(char* mbDest, size_t 
mbDestLength,
        status_t result = _GetConverterForMbState(mbState, converter);
        if (result != B_OK) {
                TRACE(("WcharStringToMultibyte(): couldn't get converter for 
mbstate %p"
-                       " - %lx\n", mbState, result));
+                       " - %" B_PRIx32 "\n", mbState, result));
                return result;
        }
 


Other related posts:

  1. Home
  2. haiku-commits
  3. Archive
  4. 01-2017