From 1dde6b9b8ce63fa387cc9593c4c2afeaeb5856e3 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: May 20 2020 12:05:21 +0000
Subject: import icu-50.2-4.el7_7


---

diff --git a/SOURCES/ICU-13634-Adding-integer-overflow-logic-to-ICU4C-num.patch b/SOURCES/ICU-13634-Adding-integer-overflow-logic-to-ICU4C-num.patch
new file mode 100644
index 0000000..8a4ceed
--- /dev/null
+++ b/SOURCES/ICU-13634-Adding-integer-overflow-logic-to-ICU4C-num.patch
@@ -0,0 +1,108 @@
+From 23d76d88630ecee02515e2c8f5c8769cc795ae23 Mon Sep 17 00:00:00 2001
+From: Shane Carr <shane@unicode.org>
+Date: Fri, 23 Mar 2018 00:56:16 +0000
+Subject: [PATCH] ICU-13634 Adding integer overflow logic to ICU4C number
+ pipeline in places where it is in ICU4J.
+
+X-SVN-Rev: 41136
+
+diff --git a/icu4c/source/common/putil.cpp b/icu4c/source/common/putil.cpp
+index 83f08ac070..452e2fd79c 100644
+--- a/icu4c/source/common/putil.cpp
++++ b/icu4c/source/common/putil.cpp
+@@ -533,6 +533,30 @@ uprv_fmin(double x, double y)
+     return (x > y ? y : x);
+ }
+ 
++#include <iostream>
++
++U_CAPI UBool U_EXPORT2
++uprv_add32_overflow(int32_t a, int32_t b, int32_t* res) {
++    // NOTE: Some compilers (GCC, Clang) have primitives available, like __builtin_add_overflow.
++    // This function could be optimized by calling one of those primitives.
++    auto a64 = static_cast<int64_t>(a);
++    auto b64 = static_cast<int64_t>(b);
++    int64_t res64 = a64 + b64;
++    *res = static_cast<int32_t>(res64);
++    return res64 != *res;
++}
++
++U_CAPI UBool U_EXPORT2
++uprv_mul32_overflow(int32_t a, int32_t b, int32_t* res) {
++    // NOTE: Some compilers (GCC, Clang) have primitives available, like __builtin_mul_overflow.
++    // This function could be optimized by calling one of those primitives.
++    auto a64 = static_cast<int64_t>(a);
++    auto b64 = static_cast<int64_t>(b);
++    int64_t res64 = a64 * b64;
++    *res = static_cast<int32_t>(res64);
++    return res64 != *res;
++}
++
+ /**
+  * Truncates the given double.
+  * trunc(3.3) = 3.0, trunc (-3.3) = -3.0
+diff --git a/icu4c/source/common/putilimp.h b/icu4c/source/common/putilimp.h
+index eb9b5380f1..8b858df9e3 100644
+--- a/icu4c/source/common/putilimp.h
++++ b/icu4c/source/common/putilimp.h
+@@ -391,6 +391,32 @@ U_INTERNAL double  U_EXPORT2 uprv_log(double d);
+  */
+ U_INTERNAL double  U_EXPORT2 uprv_round(double x);
+ 
++/**
++ * Adds the signed integers a and b, storing the result in res.
++ * Checks for signed integer overflow.
++ * Similar to the GCC/Clang extension __builtin_add_overflow
++ *
++ * @param a The first operand.
++ * @param b The second operand.
++ * @param res a + b
++ * @return true if overflow occurred; false if no overflow occurred.
++ * @internal
++ */
++U_INTERNAL UBool U_EXPORT2 uprv_add32_overflow(int32_t a, int32_t b, int32_t* res);
++
++/**
++ * Multiplies the signed integers a and b, storing the result in res.
++ * Checks for signed integer overflow.
++ * Similar to the GCC/Clang extension __builtin_mul_overflow
++ *
++ * @param a The first multiplicand.
++ * @param b The second multiplicand.
++ * @param res a * b
++ * @return true if overflow occurred; false if no overflow occurred.
++ * @internal
++ */
++U_INTERNAL UBool U_EXPORT2 uprv_mul32_overflow(int32_t a, int32_t b, int32_t* res);
++
+ #if 0
+ /**
+  * Returns the number of digits after the decimal point in a double number x.
+diff --git a/icu4c/source/test/cintltst/putiltst.c b/icu4c/source/test/cintltst/putiltst.c
+index b99d9fca9c..1c3e073041 100644
+--- a/icu4c/source/test/cintltst/putiltst.c
++++ b/icu4c/source/test/cintltst/putiltst.c
+@@ -128,6 +128,20 @@ static void TestPUtilAPI(void){
+         log_err("ERROR: uprv_isInfinite failed.\n");
+     }
+ 
++    log_verbose("Testing the APIs uprv_add32_overflow and uprv_mul32_overflow\n");
++    int32_t overflow_result;
++    doAssert(FALSE, uprv_add32_overflow(INT32_MAX - 2, 1, &overflow_result), "should not overflow");
++    doAssert(INT32_MAX - 1, overflow_result, "should equal INT32_MAX - 1");
++    doAssert(FALSE, uprv_add32_overflow(INT32_MAX - 2, 2, &overflow_result), "should not overflow");
++    doAssert(INT32_MAX, overflow_result, "should equal exactly INT32_MAX");
++    doAssert(TRUE, uprv_add32_overflow(INT32_MAX - 2, 3, &overflow_result), "should overflow");
++    doAssert(FALSE, uprv_mul32_overflow(INT32_MAX / 5, 4, &overflow_result), "should not overflow");
++    doAssert(INT32_MAX / 5 * 4, overflow_result, "should equal INT32_MAX / 5 * 4");
++    doAssert(TRUE, uprv_mul32_overflow(INT32_MAX / 5, 6, &overflow_result), "should overflow");
++    // Test on negative numbers:
++    doAssert(FALSE, uprv_add32_overflow(-3, -2, &overflow_result), "should not overflow");
++    doAssert(-5, overflow_result, "should equal -5");
++
+ #if 0
+     log_verbose("Testing the API uprv_digitsAfterDecimal()....\n");
+     doAssert(uprv_digitsAfterDecimal(value1), 3, "uprv_digitsAfterDecimal() failed.");
+-- 
+2.24.1
+
diff --git a/SOURCES/ICU-20958-Prevent-SEGV_MAPERR-in-append.patch b/SOURCES/ICU-20958-Prevent-SEGV_MAPERR-in-append.patch
new file mode 100644
index 0000000..8c231fc
--- /dev/null
+++ b/SOURCES/ICU-20958-Prevent-SEGV_MAPERR-in-append.patch
@@ -0,0 +1,15 @@
+diff -ru icu.orig/source/common/unistr.cpp icu/source/common/unistr.cpp
+--- icu.orig/source/common/unistr.cpp	2019-04-12 00:11:18.000000000 +0200
++++ icu/source/common/unistr.cpp	2020-03-04 18:34:07.225801866 +0100
+@@ -1340,7 +1340,10 @@
+     if(srcLength == 0) {
+       return *this;
+     }
+-    newLength = oldLength + srcLength;
++    if (uprv_add32_overflow(oldLength, srcLength, &newLength)) {
++      setToBogus();
++      return *this;
++    }
+     if(newLength <= getCapacity() && isBufferWritable()) {
+       UChar *oldArray = getArrayStart();
+       // Do not copy characters when
diff --git a/SPECS/icu.spec b/SPECS/icu.spec
index 19e5f01..ee21551 100644
--- a/SPECS/icu.spec
+++ b/SPECS/icu.spec
@@ -1,6 +1,6 @@
 Name:      icu
 Version:   50.2
-Release:   3%{?dist}
+Release:   4%{?dist}
 Summary:   International Components for Unicode
 Group:     Development/Tools
 License:   MIT and UCD and Public Domain
@@ -26,6 +26,8 @@ Patch6: icuinfo-man.patch
 Patch7: icu.10143.memory.leak.crash.patch
 Patch8: icu.10318.CVE-2013-2924_changeset_34076.patch
 Patch9: icu.rhbz1074549.CVE-2013-5907.patch
+Patch200: ICU-13634-Adding-integer-overflow-logic-to-ICU4C-num.patch
+Patch201: ICU-20958-Prevent-SEGV_MAPERR-in-append.patch
 
 %description
 Tools and utilities for developing with icu.
@@ -78,6 +80,8 @@ BuildArch: noarch
 %patch7 -p1 -b .icu10143.memory.leak.crash.patch
 %patch8 -p1 -b .icu10318.CVE-2013-2924_changeset_34076.patch
 %patch9 -p1 -b .icurhbz1074549.CVE-2013-5907.patch
+%patch200 -p2 -b .ICU-13634
+%patch201 -p1 -b .ICU-20958
 
 # http://userguide.icu-project.org/datetime/timezone#TOC-Updating-the-Time-Zone-Data
 # says:
@@ -214,6 +218,11 @@ make %{?_smp_mflags} -C source check CINTLTST_OPTS=-w INTLTEST_OPTS=-w
 %doc source/__docs/%{name}/html/*
 
 %changelog
+* Wed Mar 04 2020 Mike FABIAN <mfabian@redhat.com> - 50.2-4
+- Apply ICU-13634-Adding-integer-overflow-logic-to-ICU4C-num.patch
+- Apply ICU-20958-Prevent-SEGV_MAPERR-in-append.patch
+- Resolves: rhbz#1808235
+
 * Fri May 17 2019 Mike FABIAN <mfabian@redhat.com> - 50.2-3
 - Bump release number
 - Related: rhbz#1677092