| commit | 4e48132b27ec67ca0425e5d90d3863cab4d209f2 | |
| author | Alex Malyshev <alexanderm@fb.com> | |
| Tue, 13 May 2014 20:36:13 +0000 (13 13:36 -0700) | ||
| committer | JoelMarcey <joelm@fb.com> | |
| Thu, 22 May 2014 18:15:25 +0000 (22 11:15 -0700) | ||
| tree | cb797a53061437c009080ba48edc122581343aee | treesnapshot (tar.gz zip) |
| parent | afb4ce76bc129d71680f98a36c55e66f809ad126 | commitdiff |
Mitigate buffer overflow in ICU
Summary: There's a buffer overflow in ures_getByKeyWithFallback, where it's using
a buffer of size 256 to store a string without checking the length of
the input string. This diff stops us from passing strings of length 256
(including nul terminator) to ures_getByKeyWithFallback from
get_icu_display_value.
Reviewed By: @fredemmott
Differential Revision: D1337608
Summary: There's a buffer overflow in ures_getByKeyWithFallback, where it's using
a buffer of size 256 to store a string without checking the length of
the input string. This diff stops us from passing strings of length 256
(including nul terminator) to ures_getByKeyWithFallback from
get_icu_display_value.
Reviewed By: @fredemmott
Differential Revision: D1337608
| hphp/runtime/ext/icu/ext_icu_locale.cpp | diffblobblamehistory | |
| hphp/test/slow/locale/locale-stack-overflow.php | [new file with mode: 0644] | blob |
| hphp/test/slow/locale/locale-stack-overflow.php.expect | [new file with mode: 0644] | blob |