Blame SOURCES/icu.10318.CVE-2013-2924_changeset_34076.patch

d9fa16
Index: /icu/trunk/source/i18n/csrucode.cpp
d9fa16
===================================================================
d9fa16
--- orig.icu/source/i18n/csrucode.cpp	(revision 34075)
d9fa16
+++ icu/source/i18n/csrucode.cpp	(revision 34076)
d9fa16
@@ -1,5 +1,5 @@
d9fa16
 /*
d9fa16
  **********************************************************************
d9fa16
- *   Copyright (C) 2005-2012, International Business Machines
d9fa16
+ *   Copyright (C) 2005-2013, International Business Machines
d9fa16
  *   Corporation and others.  All Rights Reserved.
d9fa16
  **********************************************************************
d9fa16
@@ -34,6 +34,7 @@
d9fa16
     const uint8_t *input = textIn->fRawInput;
d9fa16
     int32_t confidence = 0;
d9fa16
+    int32_t length = textIn->fRawLength;
d9fa16
 
d9fa16
-    if (input[0] == 0xFE && input[1] == 0xFF) {
d9fa16
+    if (length >=2 && input[0] == 0xFE && input[1] == 0xFF) {
d9fa16
         confidence = 100;
d9fa16
     }
d9fa16
@@ -58,6 +59,7 @@
d9fa16
     const uint8_t *input = textIn->fRawInput;
d9fa16
     int32_t confidence = 0;
d9fa16
+    int32_t length = textIn->fRawLength;
d9fa16
 
d9fa16
-    if (input[0] == 0xFF && input[1] == 0xFE && (input[2] != 0x00 || input[3] != 0x00)) {
d9fa16
+    if (length >= 4 && input[0] == 0xFF && input[1] == 0xFE && (input[2] != 0x00 || input[3] != 0x00)) {
d9fa16
         confidence = 100;
d9fa16
     }
d9fa16
@@ -82,5 +84,5 @@
d9fa16
     int32_t confidence = 0;
d9fa16
 
d9fa16
-    if (getChar(input, 0) == 0x0000FEFFUL) {
d9fa16
+    if (limit > 0 && getChar(input, 0) == 0x0000FEFFUL) {
d9fa16
         hasBOM = TRUE;
d9fa16
     }