Aren/haiku
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ICU add-on: validate mbState->converter before attempting to close.

Browse Source 
This resolves crashes in gawk with multibyte support.

Fixes #12515, #13103.
This commit is contained in:
Jessica Hamilton 2017-01-12 01:20:31 +13:00
parent 4d83a710f5
commit 079ab7f0b1
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/system/libroot/add-ons/icu/ICUCtypeData.cpp
View File

@ -551,8 +551,13 @@ ICUCtypeData::_GetConverterForMbState(mbstate_t* mbState,
status_t status_t
ICUCtypeData::_DropConverterFromMbState(mbstate_t* mbState) ICUCtypeData::_DropConverterFromMbState(mbstate_t* mbState)
{ {
if (mbState->converter != NULL) if (mbState->converter != NULL && (char*)mbState->converter >= mbState->data
&& (char*)mbState->converter < mbState->data + 8) {
// check that the converter actually lives in *this* mbState,
// otherwise we risk freeing a converter that doesn't belong to us;
// this parallels the check in _GetConverterForMbState()
ucnv_close((UConverter*)mbState->converter); ucnv_close((UConverter*)mbState->converter);
}
memset(mbState, 0, sizeof(mbstate_t)); memset(mbState, 0, sizeof(mbstate_t));
return B_OK; return B_OK;