Bug#871667: libicu52: ucol_strcollUTF8() stuck allocating in loop until segfault

2017-08-10 Thread Daniel Verite 
Package: libicu52
Version: 52.1-8+deb8u5
Severity: normal
Tags: upstream

Dear Maintainer,

While testing PostgreSQL 10 beta with ICU-52.1, crashing bugs
were found on certain combinations of inputs and collations.

One crash can be distilled to the following standalone
test case:


#include 
#include 
#include 

#include "unicode/ustring.h"
#include "unicode/utypes.h"
#include "unicode/ucol.h"


int utf8_compare(const char *loc, const char *s1, const char *s2)
{
  UCollator *coll;
  UCollationResult result;
  UErrorCode status = U_ZERO_ERROR ;

  coll = ucol_open(loc, );
  if (U_FAILURE(status)){
fprintf(stderr, "ucol_open failed\n");
exit(1);
  }

  result = ucol_strcollUTF8(coll, s1, strlen(s1), s2, strlen(s2), );
  return U_SUCCESS(status);
}

int main()
{
  /* This segfaults in memcpy after allocating 4*4GB and overflowing.
 Happens only with specific collations and inputs */
  utf8_compare("bs-Cyrl-BA-u-co-search",
   "\xec\xb3\xad\xe5\x96\xa9\x7a\x7a",
   "\xec\xbd\x97\xe5\x96\xa9\x7a\x78\xe3\x8e\x8d");

  return 0;
} 


-- System Information:
Debian Release: 8.6
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libicu52 depends on:
ii  libc6  2.19-18+deb8u10
ii  libgcc11:4.9.2-10
ii  libstdc++6 4.9.2-10
ii  multiarch-support  2.19-18+deb8u6

libicu52 recommends no packages.

libicu52 suggests no packages.

-- no debconf information

Bug#871788: libicu52: segfault in ucol_getLatinOneContractionUTF8() with az-Latn-AZ collation

2017-08-11 Thread Daniel Verite 
Package: libicu52
Version: 52.1-8+deb8u5
Severity: normal
Tags: upstream

Dear Maintainer,

The following test case causes a segfault.
The test looks similar to the one in bug #871667, but the
backtrace differs in a way that suggests that it's a
different bug.


#include 
#include 
#include 

#include "unicode/ustring.h"
#include "unicode/utypes.h"
#include "unicode/ucol.h"


int main()
{
  UCollator *coll;
  UCollationResult result;
  UErrorCode status = U_ZERO_ERROR ;

  const char *loc = "az-Latn-AZ";
  const char *s1 = "ab";
  const char *s2 = "abc\xf0\x9f\x98\x87";

  coll = ucol_open(loc, );
  if (U_FAILURE(status)){
fprintf(stderr, "ucol_open failed\n");
exit(1);
  }

  /* segfaults with libicu 52.1-8+deb8u5 */
  result = ucol_strcollUTF8(coll,
s1, strlen(s1),
s2, strlen(s2),
);

  return 0;
} 

Result:

Program received signal SIGSEGV, Segmentation fault.
0x778c2030 in ucol_getLatinOneContractionUTF8 (
coll=coll@entry=0x604f30, strength=strength@entry=0, CE=, 
s=s@entry=0x400974 "c\360\237\230\207", index=index@entry=0x7fffe520, 
len=len@entry=5) at ucol.cpp:8044


-- System Information:
Debian Release: 8.6
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libicu52 depends on:
ii  libc6  2.19-18+deb8u10
ii  libgcc11:4.9.2-10
ii  libstdc++6 4.9.2-10
ii  multiarch-support  2.19-18+deb8u6

libicu52 recommends no packages.

libicu52 suggests no packages.

-- no debconf information