From 80a95029c4c06ce0cfcd6920a7930a76f38e5614 Mon Sep 17 00:00:00 2001
From: Konrad Witaszczyk <konrad.witaszczyk@cl.cam.ac.uk>
Date: Tue, 4 Jun 2024 11:57:04 +0100
Subject: [PATCH] ICU-22790 Eliminate an out-of-bounds read

Check if an iterator is within bounds before accessing memory.
Also, remove a redundant variable to make the while condition more
clear.

This issue was found [1] by running Konsole on CheriBSD/Morello that was
compiled for CheriABI. The out of bounds read triggered a CHERI
capability violation.

[1] https://github.com/CTSRD-CHERI/cheribsd-ports/issues/160
---
 icu4c/source/common/ushape.cpp | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/icu4c/source/common/ushape.cpp b/icu4c/source/common/ushape.cpp
index d0ac95e0b23..7cf33bbe558 100644
--- a/icu4c/source/common/ushape.cpp
+++ b/icu4c/source/common/ushape.cpp
@@ -461,11 +461,9 @@ getLink(char16_t ch) {
  */
 static void
 countSpaces(char16_t *dest, int32_t size, uint32_t /*options*/, int32_t *spacesCountl, int32_t *spacesCountr) {
-    int32_t i = 0;
     int32_t countl = 0,countr = 0;
-    while((dest[i] == SPACE_CHAR) && (countl < size)) {
+    while(countl < size && dest[countl] == SPACE_CHAR) {
        countl++;
-       i++;
     }
     if (countl < size) {  /* the entire buffer is not all space */
         while(dest[size-1] == SPACE_CHAR) {