icu: fix potential out-of-bounds access

Added bounds check after conversion of a string key to int to avoid potential out-of-bounds access. Closes tarantool/security#45 NO_TEST=trivial NO_CHANGELOG=internal NO_DOC=internal

icu: fix potential out-of-bounds access
66f2679d · psergee · Vladimir Davydov · 09a77cd7 · 66f2679d · 66f2679d
Commit 66f2679d authored 2 years ago by psergee Committed by Vladimir Davydov 2 years ago
--- a/static-build/cmake/AddDependencyProjects.cmake
+++ b/static-build/cmake/AddDependencyProjects.cmake
@@ -113,6 +113,9 @@ ExternalProject_Add(icu
        ${CMAKE_COMMAND} -E touch <BINARY_DIR>/uconfig.h &&
        cat <BINARY_DIR>/uconfig.h.prepend <INSTALL_DIR>/include/unicode/uconfig.h >> <BINARY_DIR>/uconfig.h &&
        ${CMAKE_COMMAND} -E copy_if_different <BINARY_DIR>/uconfig.h <INSTALL_DIR>/include/unicode/uconfig.h
+    PATCH_COMMAND cat
+        "${PATCHES_DIR}/icu-tarantool-security-45.patch" |
+        patch -d <SOURCE_DIR> -p1
 )
 set(TARANTOOL_DEPENDS icu ${TARANTOOL_DEPENDS})


--- a/static-build/patches/icu-tarantool-security-45.patch
+++ b/static-build/patches/icu-tarantool-security-45.patch
+diff --git a/source/i18n/reldtfmt.cpp b/source/i18n/reldtfmt.cpp
+index 5fdef1c..7f65fcd 100644
+--- a/source/i18n/reldtfmt.cpp
+++ b/source/i18n/reldtfmt.cpp
+@@ -495,7 +495,7 @@ struct RelDateFmtDataSink : public ResourceSink {
+ 
+         // Put in the proper spot, but don't override existing data.
+         n = offset + UDAT_DIRECTION_THIS; // Converts to index in UDAT_R
+-        if (n < fDatesLen && fDatesPtr[n].string == NULL) {
+        if (0 <= n && n < fDatesLen && fDatesPtr[n].string == NULL) {
+           // Not found and n is an empty slot.
+           fDatesPtr[n].offset = offset;
+           fDatesPtr[n].string = value.getString(len, errorCode);