ICU-5574 Add check for offset buffer overflow

X-SVN-Rev: 21142
2025-04-15 01:42:37 +00:00 · 2007-03-01 12:36:47 +00:00 · 2007-03-01 12:36:47 +00:00 · e3b53c31cc
commit e3b53c31cc
parent 9f93f717ed
1 changed files with 27 additions and 5 deletions
--- a/icu4c/source/test/intltest/convtest.cpp
+++ b/icu4c/source/test/intltest/convtest.cpp
@ -782,8 +782,8 @@ ConversionTest::ToUnicodeCase(ConversionCase &cc, UConverterToUCallback callback
        }
    }

-    int32_t resultOffsets[200];
-    UChar result[200];
+    int32_t resultOffsets[256];
+    UChar result[256];
    int32_t resultLength;
    UBool ok;

@ -817,6 +817,10 @@ ConversionTest::ToUnicodeCase(ConversionCase &cc, UConverterToUCallback callback
            // bulk test is first, then offsets are not checked any more
            cc.offsets=NULL;
        }
+        else {
+            memset(resultOffsets, -1, LENGTHOF(resultOffsets));
+        }
+        memset(result, -1, LENGTHOF(result));
        errorCode=U_ZERO_ERROR;
        resultLength=stepToUnicode(cc, cnv,
                                result, LENGTHOF(result),
@ -832,6 +836,14 @@ ConversionTest::ToUnicodeCase(ConversionCase &cc, UConverterToUCallback callback
            // otherwise do nothing to make sure that flushing resets
            ucnv_resetToUnicode(cnv);
        }
+        if (resultOffsets[resultLength] != -1) {
+            errln("toUnicode[%d](%s) Conversion wrote too much to offsets at index %d",
+                cc.caseNr, cc.charset, resultLength);
+        }
+        if (result[resultLength] != (UChar)-1) {
+            errln("toUnicode[%d](%s) Conversion wrote too much to result at index %d",
+                cc.caseNr, cc.charset, resultLength);
+        }
    }

    // not a real loop, just a convenience for breaking out of the block
@ -1205,7 +1217,7 @@ ConversionTest::FromUnicodeCase(ConversionCase &cc, UConverterFromUCallback call
    }

    // convert unicode to utf8
-    char utf8[200];
+    char utf8[256];
    cc.utf8=utf8;
    u_strToUTF8(utf8, LENGTHOF(utf8), &cc.utf8Length,
                cc.unicode, cc.unicodeLength,
@ -1217,8 +1229,8 @@ ConversionTest::FromUnicodeCase(ConversionCase &cc, UConverterFromUCallback call
        cc.utf8Length=-1;
    }

-    int32_t resultOffsets[200];
-    char result[200];
+    int32_t resultOffsets[256];
+    char result[256];
    int32_t resultLength;
    UBool ok;

@ -1236,6 +1248,8 @@ ConversionTest::FromUnicodeCase(ConversionCase &cc, UConverterFromUCallback call
    ok=TRUE;
    for(i=0; i<LENGTHOF(steps) && ok; ++i) {
        step=steps[i].step;
+        memset(resultOffsets, -1, LENGTHOF(resultOffsets));
+        memset(result, -1, LENGTHOF(result));
        errorCode=U_ZERO_ERROR;
        resultLength=stepFromUnicode(cc, cnv,
                                result, LENGTHOF(result),
@ -1251,6 +1265,14 @@ ConversionTest::FromUnicodeCase(ConversionCase &cc, UConverterFromUCallback call
            // otherwise do nothing to make sure that flushing resets
            ucnv_resetFromUnicode(cnv);
        }
+        if (resultOffsets[resultLength] != -1) {
+            errln("fromUnicode[%d](%s) Conversion wrote too much to offsets at index %d",
+                cc.caseNr, cc.charset, resultLength);
+        }
+        if (result[resultLength] != -1) {
+            errln("fromUnicode[%d](%s) Conversion wrote too much to result at index %d",
+                cc.caseNr, cc.charset, resultLength);
+        }

        // bulk test is first, then offsets are not checked any more
        cc.offsets=NULL;