ICU-21041 Fix fuzzer memory read error.

author Frank Tang <ftang@chromium.org>

Wed, 10 Mar 2021 18:53:32 +0000 (18:53 +0000)

committer Frank Yung-Fong Tang <ftang@google.com>

Wed, 10 Mar 2021 23:26:52 +0000 (15:26 -0800)
author Frank Tang <ftang@chromium.org>
Wed, 10 Mar 2021 18:53:32 +0000 (18:53 +0000)
committer Frank Yung-Fong Tang <ftang@google.com>
Wed, 10 Mar 2021 23:26:52 +0000 (15:26 -0800)
diff --git a/.cpyskip.txt b/.cpyskip.txt

index a67e6dae15ff4078d659091231a0d9a7ba67693c..9169f89e891e78dc1f63d88fd6f79f46e7ef86cc 100644 (file)
--- a/.cpyskip.txt
+++ b/.cpyskip.txt
@@ -27,6 +27,7 @@ KEYS
  *.dat
  *.DS_Store
  *.doc
+*.fuzz
  *.gif
  *.gz
  *.ico
diff --git a/icu4c/source/i18n/collationdatabuilder.cpp b/icu4c/source/i18n/collationdatabuilder.cpp

index 53361b86c7c707cd9071276a51a4708daab3784a..7e80cef0cf2a6a1218181e20a6543c36aeb9cd53 100644 (file)
--- a/icu4c/source/i18n/collationdatabuilder.cpp
+++ b/icu4c/source/i18n/collationdatabuilder.cpp
@@ -255,12 +255,18 @@ DataBuilderCollationIterator::getDataCE32(UChar32 c) const {
  
  uint32_t
  DataBuilderCollationIterator::getCE32FromBuilderData(uint32_t ce32, UErrorCode &errorCode) {
+    if (U_FAILURE(errorCode)) { return 0; }
      U_ASSERT(Collation::hasCE32Tag(ce32, Collation::BUILDER_DATA_TAG));
      if((ce32 & CollationDataBuilder::IS_BUILDER_JAMO_CE32) != 0) {
          UChar32 jamo = Collation::indexFromCE32(ce32);
          return utrie2_get32(builder.trie, jamo);
      } else {
          ConditionalCE32 *cond = builder.getConditionalCE32ForCE32(ce32);
+        if (cond == nullptr) {
+            errorCode = U_INTERNAL_PROGRAM_ERROR;
+            // TODO: ICU-21531 figure out why this happens.
+            return 0;
+        }
          if(cond->builtCE32 == Collation::NO_CE32) {
              // Build the context-sensitive mappings into their runtime form and cache the result.
              cond->builtCE32 = builder.buildContext(cond, errorCode);
diff --git a/icu4c/source/test/fuzzer/collator_rulebased_ICU-21041.fuzz b/icu4c/source/test/fuzzer/collator_rulebased_ICU-21041.fuzz

new file mode 100644 (file)

index 0000000..41efe80

Binary files /dev/null and b/icu4c/source/test/fuzzer/collator_rulebased_ICU-21041.fuzz differ
author	Frank Tang <ftang@chromium.org>
	Wed, 10 Mar 2021 18:53:32 +0000 (18:53 +0000)
committer	Frank Yung-Fong Tang <ftang@google.com>
	Wed, 10 Mar 2021 23:26:52 +0000 (15:26 -0800)
.cpyskip.txt		patch \| blob \| history
icu4c/source/i18n/collationdatabuilder.cpp		patch \| blob \| history
icu4c/source/test/fuzzer/collator_rulebased_ICU-21041.fuzz	[new file with mode: 0644]	patch \| blob