Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ICU-22198 Fix stack buffer overflow. #2248

Merged
merged 1 commit into from
Nov 16, 2022
Merged

ICU-22198 Fix stack buffer overflow. #2248

merged 1 commit into from
Nov 16, 2022

Conversation

kobrineli
Copy link
Contributor

@kobrineli kobrineli commented Nov 3, 2022
edited
Loading

Hi! We've been fuzzing https://github.com/nodejs/node and found stack buffer overflow error in icu in icu4c/source/common/uresbund.cpp. More detailed description of error and how to reproduce is here: nodejs/node#45297

Checklist
  • Required: Issue filed: https://unicode-org.atlassian.net/browse/ICU-22198
  • Required: The PR title must be prefixed with a JIRA Issue number.
  • Required: The PR description must include the link to the Jira Issue, for example by completing the URL in the first checklist item
  • Required: Each commit message must be prefixed with a JIRA Issue number.
  • Issue accepted (done by Technical Committee after discussion)
  • Tests included, if applicable
  • API docs and/or User Guide docs changed or added, if applicable

@CLAassistant
Copy link

CLAassistant commented Nov 3, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@jira-pull-request-webhook
Copy link

Notice: the branch changed across the force-push!

  • icu4c/source/common/uresbund.cpp is different

View Diff Across Force-Push

~ Your Friendly Jira-GitHub PR Checker Bot

richgillam
richgillam approved these changes Nov 3, 2022
View reviewed changes
Copy link
Contributor

@richgillam richgillam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch.

@kobrineli
Copy link
Contributor Author

@richgillam
Sorry for disturbing, but the other opened issue in the project, that uses icu as a dependency, is waiting for this pull request to be merged. When will it be possible to merge these changes?

@richgillam richgillam merged commit 8b7ef3d into unicode-org:main Nov 16, 2022
@kobrineli kobrineli mentioned this pull request Nov 17, 2022
Open
@sffc
Copy link
Member

sffc commented Dec 5, 2022

This should be cherry picked to the maintenance branch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richgillam richgillam richgillam approved these changes

Assignees

@richgillam richgillam

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kobrineli @CLAassistant @sffc @richgillam