master
/ miniconda3 / pkgs / icu-58.2-he6710b0_3 / info / recipe / CVE-2017-15422.patch

CVE-2017-15422.patch @a8e0244 raw · history · blame 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
Backport of <https://github.com/unicode-org/icu/commit/b7d08bc04>
~~~
From 71dd84d4ffd6600a70e5bca56a22b957e6642bd4 Mon Sep 17 00:00:00 2001
From: Peter Edberg <pedberg@unicode.org>
Date: Sun, 29 Oct 2017 03:38:05 +0000
Subject: [PATCH] ICU-12504 in ICU4C Persian cal, use int64_t math for one
 operation to avoid overflow; add tests in C and J

X-SVN-Rev: 40654
---
 icu4c/source/i18n/gregoimp.cpp                |  5 +++
 icu4c/source/i18n/gregoimp.h                  | 11 ++++++
 icu4c/source/i18n/persncal.cpp                |  2 +-
 icu4c/source/test/intltest/calregts.cpp       | 34 ++++++++++++++++++-
 icu4c/source/test/intltest/calregts.h         |  1 +
 .../test/calendar/CalendarRegressionTest.java | 20 ++++++++++-
 6 files changed, 70 insertions(+), 3 deletions(-)
~~~

--- source/i18n/gregoimp.cpp
+++ source/i18n/gregoimp.cpp
@@ -27,6 +27,11 @@ int32_t ClockMath::floorDivide(int32_t numerator, int32_t denominator) {
         numerator / denominator : ((numerator + 1) / denominator) - 1;
 }
 
+int64_t ClockMath::floorDivide(int64_t numerator, int64_t denominator) {
+    return (numerator >= 0) ?
+        numerator / denominator : ((numerator + 1) / denominator) - 1;
+}
+
 int32_t ClockMath::floorDivide(double numerator, int32_t denominator,
                           int32_t& remainder) {
     double quotient;
--- source/i18n/gregoimp.h
+++ source/i18n/gregoimp.h
@@ -40,6 +40,17 @@ class ClockMath {
      */
     static int32_t floorDivide(int32_t numerator, int32_t denominator);
 
+    /**
+     * Divide two integers, returning the floor of the quotient.
+     * Unlike the built-in division, this is mathematically
+     * well-behaved.  E.g., <code>-1/4</code> => 0 but
+     * <code>floorDivide(-1,4)</code> => -1.
+     * @param numerator the numerator
+     * @param denominator a divisor which must be != 0
+     * @return the floor of the quotient
+     */
+    static int64_t floorDivide(int64_t numerator, int64_t denominator);
+
     /**
      * Divide two numbers, returning the floor of the quotient.
      * Unlike the built-in division, this is mathematically
--- source/i18n/persncal.cpp
+++ source/i18n/persncal.cpp
@@ -213,7 +213,7 @@ void PersianCalendar::handleComputeFields(int32_t julianDay, UErrorCode &/*statu
     int32_t year, month, dayOfMonth, dayOfYear;
 
     int32_t daysSinceEpoch = julianDay - PERSIAN_EPOCH;
-    year = 1 + ClockMath::floorDivide(33 * daysSinceEpoch + 3, 12053);
+    year = 1 + (int32_t)ClockMath::floorDivide(33 * (int64_t)daysSinceEpoch + 3, (int64_t)12053);
 
     int32_t farvardin1 = 365 * (year - 1) + ClockMath::floorDivide(8 * year + 21, 33);
     dayOfYear = (daysSinceEpoch - farvardin1); // 0-based
--- source/test/intltest/calregts.cpp
+++ source/test/intltest/calregts.cpp
@@ -12,6 +12,7 @@
 
 #include "calregts.h"
 
+#include "unicode/calendar.h"
 #include "unicode/gregocal.h"
 #include "unicode/simpletz.h"
 #include "unicode/smpdtfmt.h"
@@ -90,6 +91,7 @@ CalendarRegressionTest::runIndexedTest( int32_t index, UBool exec, const char* &
         CASE(48,TestT8596);
         CASE(49,Test9019);
         CASE(50,TestT9452);
+        CASE(52,TestPersianCalOverflow);
     default: name = ""; break;
     }
 }
@@ -2946,4 +2948,34 @@ void CalendarRegressionTest::TestT9452(void) {
     }
 }
 
+/**
+ * @bug ticket 13454
+ */
+void CalendarRegressionTest::TestPersianCalOverflow(void) {
+    const char* localeID = "bs_Cyrl@calendar=persian";
+    UErrorCode status = U_ZERO_ERROR;
+    Calendar* cal = Calendar::createInstance(Locale(localeID), status);
+    if(U_FAILURE(status)) {
+        dataerrln("FAIL: Calendar::createInstance for localeID %s: %s", localeID, u_errorName(status));
+    } else {
+        int32_t maxMonth = cal->getMaximum(UCAL_MONTH);
+        int32_t maxDayOfMonth = cal->getMaximum(UCAL_DATE);
+        int32_t jd, month, dayOfMonth;
+        for (jd = 67023580; jd <= 67023584; jd++) { // year 178171, int32_t overflow if jd >= 67023582
+            status = U_ZERO_ERROR;
+            cal->clear();
+            cal->set(UCAL_JULIAN_DAY, jd);
+            month = cal->get(UCAL_MONTH, status);
+            dayOfMonth = cal->get(UCAL_DATE, status);
+            if ( U_FAILURE(status) ) {
+                errln("FAIL: Calendar->get MONTH/DATE for localeID %s, julianDay %d, status %s\n", localeID, jd, u_errorName(status)); 
+            } else if (month > maxMonth || dayOfMonth > maxDayOfMonth) {
+                errln("FAIL: localeID %s, julianDay %d; maxMonth %d, got month %d; maxDayOfMonth %d, got dayOfMonth %d\n",
+                        localeID, jd, maxMonth, month, maxDayOfMonth, dayOfMonth); 
+            }
+        }
+        delete cal;
+    }
+}
+
 #endif /* #if !UCONFIG_NO_FORMATTING */
--- source/test/intltest/calregts.h
+++ source/test/intltest/calregts.h
@@ -77,6 +77,7 @@ public:
     void TestT8596(void);
     void Test9019(void);
     void TestT9452(void);
+    void TestPersianCalOverflow(void);
 
     void printdate(GregorianCalendar *cal, const char *string);
     void dowTest(UBool lenient) ;