icu/icu4c-buffer-overflow.patch

   1 I: Statement might be overflowing a buffer in strncat. Common mistake:
   2    BAD: strncat(buffer,charptr,sizeof(buffer)) is wrong, it takes the left over size as 3rd argument
   3    GOOD: strncat(buffer,charptr,sizeof(buffer)-strlen(buffer)-1)
   4 E: icu bufferoverflowstrncat pkgdata.cpp:299:87
   5
   6 ---
   7  source/tools/pkgdata/pkgdata.cpp |    6 +++---
   8  1 file changed, 3 insertions(+), 3 deletions(-)
   9
  10 Index: icu/source/tools/pkgdata/pkgdata.cpp
  11 ===================================================================
  12 --- build/icu.orig/source/tools/pkgdata/pkgdata.cpp
  13 +++ build/icu/source/tools/pkgdata/pkgdata.cpp
  14 @@ -1914,12 +1914,12 @@ static void loadLists(UPKGOptions *o, UE
  15      const char cmd[] = "icu-config --incpkgdatafile";
  16
  17      /* #1 try the same path where pkgdata was called from. */
  18 -    findDirname(progname, cmdBuf, 1024, &status);
  19 +    findDirname(progname, cmdBuf, sizeof(cmdBuf), &status);
  20      if(U_SUCCESS(status)) {
  21        if (cmdBuf[0] != 0) {
  22 -          uprv_strncat(cmdBuf, U_FILE_SEP_STRING, 1024);
  23 +          uprv_strncat(cmdBuf, U_FILE_SEP_STRING, sizeof(cmdBuf)-1-strlen(cmdBuf));
  24        }
  25 -      uprv_strncat(cmdBuf, cmd, 1024);
  26 +      uprv_strncat(cmdBuf, cmd, sizeof(cmdBuf)-1-strlen(cmdBuf));
  27
  28        if(verbose) {
  29          fprintf(stdout, "# Calling icu-config: %s\n", cmdBuf);