From e1415d1282b058e701d41d75e42b0bffed5f8477 Mon Sep 17 00:00:00 2001
From: Frank Tang <ftang@chromium.org>
Date: Wed, 17 Jan 2024 17:26:00 -0800
Subject: [PATCH] ICU-22635 Avoid integer-overflow for invalid large UChar32

---
 icu4c/source/common/normalizer2impl.cpp | 10 ++++++++--
 icu4c/source/test/intltest/tstnorm.cpp  |  4 +++-
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/icu4c/source/common/normalizer2impl.cpp b/icu4c/source/common/normalizer2impl.cpp
index cdf570d76bd..9c715ac3efa 100644
--- a/icu4c/source/common/normalizer2impl.cpp
+++ b/icu4c/source/common/normalizer2impl.cpp
@@ -1390,8 +1390,11 @@ Normalizer2Impl::composePair(UChar32 a, UChar32 b) const {
     } else if(norm16<minYesNoMappingsOnly) {
         // a combines forward.
         if(isJamoL(norm16)) {
+            if (b < Hangul::JAMO_V_BASE) {
+                return U_SENTINEL;
+            }
             b-=Hangul::JAMO_V_BASE;
-            if(0<=b && b<Hangul::JAMO_V_COUNT) {
+            if(b<Hangul::JAMO_V_COUNT) {
                 return
                     (Hangul::HANGUL_BASE+
                      ((a-Hangul::JAMO_L_BASE)*Hangul::JAMO_V_COUNT+b)*
@@ -1400,8 +1403,11 @@ Normalizer2Impl::composePair(UChar32 a, UChar32 b) const {
                 return U_SENTINEL;
             }
         } else if(isHangulLV(norm16)) {
+            if (b <= Hangul::JAMO_T_BASE) {
+               return U_SENTINEL;
+            }
             b-=Hangul::JAMO_T_BASE;
-            if(0<b && b<Hangul::JAMO_T_COUNT) {  // not b==0!
+            if(b<Hangul::JAMO_T_COUNT) {  // not b==0!
                 return a+b;
             } else {
                 return U_SENTINEL;
diff --git a/icu4c/source/test/intltest/tstnorm.cpp b/icu4c/source/test/intltest/tstnorm.cpp
index ce72e69810a..bc508661439 100644
--- a/icu4c/source/test/intltest/tstnorm.cpp
+++ b/icu4c/source/test/intltest/tstnorm.cpp
@@ -1210,7 +1210,9 @@ BasicNormalizerTest::TestCompare() {
     if( nfcNorm2->composePair(0x20, 0x301)>=0 ||
         nfcNorm2->composePair(0x61, 0x305)>=0 ||
         nfcNorm2->composePair(0x1100, 0x1160)>=0 ||
-        nfcNorm2->composePair(0xac00, 0x11a7)>=0
+        nfcNorm2->composePair(0xac00, 0x11a7)>=0 ||
+        nfcNorm2->composePair(0x1100, 0x80000020)>= 0 ||  // ICU-22635
+        nfcNorm2->composePair(0xac00, 0x80000020)>= 0     // ICU-22635
     ) {
         errln("NFC.composePair() incorrectly composes some pairs of characters");
     }