external/icu/icu4c-scriptrun.patch.1

   1 diff -ur icu.org/source/extra/scrptrun/scrptrun.cpp icu/source/extra/scrptrun/scrptrun.cpp
   2 --- icu.org/source/extra/scrptrun/scrptrun.cpp  2017-01-20 01:20:31.000000000 +0100
   3 +++ icu/source/extra/scrptrun/scrptrun.cpp      2017-04-21 22:59:31.708037770 +0200
   4 @@ -151,7 +151,11 @@
   5          // characters above it on the stack will be poped.
   6          if (pairIndex >= 0) {
   7              if ((pairIndex & 1) == 0) {
   8 -                parenStack[++parenSP].pairIndex = pairIndex;
   9 +                ++parenSP;
  10 +                int32_t nVecSize = parenStack.size();
  11 +                if (parenSP == nVecSize)
  12 +                    parenStack.resize(nVecSize + 128);
  13 +                parenStack[parenSP].pairIndex = pairIndex;
  14                  parenStack[parenSP].scriptCode  = scriptCode;
  15              } else if (parenSP >= 0) {
  16                  int32_t pi = pairIndex & ~1;
  17 @@ -185,7 +189,14 @@
  18              // pop it from the stack
  19              if (pairIndex >= 0 && (pairIndex & 1) != 0 && parenSP >= 0) {
  20                  parenSP -= 1;
  21 -                startSP -= 1;
  22 +                /* decrement startSP only if it is >= 0,
  23 +                   decrementing it unnecessarily will lead to memory corruption
  24 +                   while processing the above while block.
  25 +                   e.g. startSP = -4 , parenSP = -1
  26 +                */
  27 +                if (startSP >= 0) {
  28 +                    startSP -= 1;
  29 +                }
  30              }
  31          } else {
  32              // if the run broke on a surrogate pair,
  33 diff -ur icu.org/source/extra/scrptrun/scrptrun.h icu/source/extra/scrptrun/scrptrun.h
  34 --- icu.org/source/extra/scrptrun/scrptrun.h    2017-01-20 01:20:31.000000000 +0100
  35 +++ icu/source/extra/scrptrun/scrptrun.h        2017-04-21 22:59:31.708037770 +0200
  36 @@ -19,6 +19,7 @@
  37  #include "unicode/utypes.h"
  38  #include "unicode/uobject.h"
  39  #include "unicode/uscript.h"
  40 +#include <vector>
  41
  42  U_NAMESPACE_BEGIN
  43
  44 @@ -81,7 +82,7 @@
  45      int32_t scriptEnd;
  46      UScriptCode scriptCode;
  47
  48 -    ParenStackEntry parenStack[128];
  49 +    std::vector<ParenStackEntry> parenStack;
  50      int32_t parenSP;
  51
  52      static int8_t highBit(int32_t value);
  53 @@ -135,6 +136,7 @@
  54      scriptEnd   = charStart;
  55      scriptCode  = USCRIPT_INVALID_CODE;
  56      parenSP     = -1;
  57 +    parenStack.resize(128);
  58  }
  59
  60  inline void ScriptRun::reset(int32_t start, int32_t length)