From e3b53c31cc364fba90c5e8736470f7177d7b1297 Mon Sep 17 00:00:00 2001
From: George Rhoten <grhoten@users.noreply.github.com>
Date: Thu, 1 Mar 2007 12:36:47 +0000
Subject: [PATCH] ICU-5574 Add check for offset buffer overflow

X-SVN-Rev: 21142
---
 icu4c/source/test/intltest/convtest.cpp | 32 +++++++++++++++++++++----
 1 file changed, 27 insertions(+), 5 deletions(-)

diff --git a/icu4c/source/test/intltest/convtest.cpp b/icu4c/source/test/intltest/convtest.cpp
index 7fce67928d4..64fd1417695 100644
--- a/icu4c/source/test/intltest/convtest.cpp
+++ b/icu4c/source/test/intltest/convtest.cpp
@@ -782,8 +782,8 @@ ConversionTest::ToUnicodeCase(ConversionCase &cc, UConverterToUCallback callback
         }
     }
 
-    int32_t resultOffsets[200];
-    UChar result[200];
+    int32_t resultOffsets[256];
+    UChar result[256];
     int32_t resultLength;
     UBool ok;
 
@@ -817,6 +817,10 @@ ConversionTest::ToUnicodeCase(ConversionCase &cc, UConverterToUCallback callback
             // bulk test is first, then offsets are not checked any more
             cc.offsets=NULL;
         }
+        else {
+            memset(resultOffsets, -1, LENGTHOF(resultOffsets));
+        }
+        memset(result, -1, LENGTHOF(result));
         errorCode=U_ZERO_ERROR;
         resultLength=stepToUnicode(cc, cnv,
                                 result, LENGTHOF(result),
@@ -832,6 +836,14 @@ ConversionTest::ToUnicodeCase(ConversionCase &cc, UConverterToUCallback callback
             // otherwise do nothing to make sure that flushing resets
             ucnv_resetToUnicode(cnv);
         }
+        if (resultOffsets[resultLength] != -1) {
+            errln("toUnicode[%d](%s) Conversion wrote too much to offsets at index %d",
+                cc.caseNr, cc.charset, resultLength);
+        }
+        if (result[resultLength] != (UChar)-1) {
+            errln("toUnicode[%d](%s) Conversion wrote too much to result at index %d",
+                cc.caseNr, cc.charset, resultLength);
+        }
     }
 
     // not a real loop, just a convenience for breaking out of the block
@@ -1205,7 +1217,7 @@ ConversionTest::FromUnicodeCase(ConversionCase &cc, UConverterFromUCallback call
     }
 
     // convert unicode to utf8
-    char utf8[200];
+    char utf8[256];
     cc.utf8=utf8;
     u_strToUTF8(utf8, LENGTHOF(utf8), &cc.utf8Length,
                 cc.unicode, cc.unicodeLength,
@@ -1217,8 +1229,8 @@ ConversionTest::FromUnicodeCase(ConversionCase &cc, UConverterFromUCallback call
         cc.utf8Length=-1;
     }
 
-    int32_t resultOffsets[200];
-    char result[200];
+    int32_t resultOffsets[256];
+    char result[256];
     int32_t resultLength;
     UBool ok;
 
@@ -1236,6 +1248,8 @@ ConversionTest::FromUnicodeCase(ConversionCase &cc, UConverterFromUCallback call
     ok=TRUE;
     for(i=0; i<LENGTHOF(steps) && ok; ++i) {
         step=steps[i].step;
+        memset(resultOffsets, -1, LENGTHOF(resultOffsets));
+        memset(result, -1, LENGTHOF(result));
         errorCode=U_ZERO_ERROR;
         resultLength=stepFromUnicode(cc, cnv,
                                 result, LENGTHOF(result),
@@ -1251,6 +1265,14 @@ ConversionTest::FromUnicodeCase(ConversionCase &cc, UConverterFromUCallback call
             // otherwise do nothing to make sure that flushing resets
             ucnv_resetFromUnicode(cnv);
         }
+        if (resultOffsets[resultLength] != -1) {
+            errln("fromUnicode[%d](%s) Conversion wrote too much to offsets at index %d",
+                cc.caseNr, cc.charset, resultLength);
+        }
+        if (result[resultLength] != -1) {
+            errln("fromUnicode[%d](%s) Conversion wrote too much to result at index %d",
+                cc.caseNr, cc.charset, resultLength);
+        }
 
         // bulk test is first, then offsets are not checked any more
         cc.offsets=NULL;