Fix incorrect buffer-length argument to uloc_getDisplayName().

The maxResultSize argument of uloc_getDisplayName is the number of
UChars in the output buffer, not the number of bytes.  In principle
this could result in a stack smash, although at least in my Fedora 25
install there are no ICU locales with display names long enough to
overrun the buffer.  But it's easily proven to be wrong by reducing
the length of displayname to around 20, whereupon a stack smash
does happen.

(This is a rather scary bug, because the same mistake could easily
have been made in other places; but in a quick code search looking
at uses of UChar I could not find any other instances.)

diff --git a/src/backend/commands/collationcmds.c b/src/backend/commands/collationcmds.c
index a0b3b238163e15b89ede7125b057e985d0ea49f5..1c43f0b0ed9d4f424740b2431dea7003ca66782f 100644 (file)
--- a/src/backend/commands/collationcmds.c
+++ b/src/backend/commands/collationcmds.c
@@ -443,7 +443,7 @@ get_icu_locale_comment(const char *localename)
 
        status = U_ZERO_ERROR;
        len_uchar = uloc_getDisplayName(localename, "en",
-                                                                       &displayname[0], sizeof(displayname),
+                                                                       displayname, lengthof(displayname),
                                                                        &status);
        if (U_FAILURE(status))
                ereport(ERROR,