Skip to content

ICU-23414 Fix null pointer dereference in TransliterationRule copy constructor on allocation failure#4007

Open
UnLucky252 wants to merge 1 commit into
unicode-org:mainfrom
UnLucky252:fix-ICU-23414-rbt-rule
Open

ICU-23414 Fix null pointer dereference in TransliterationRule copy constructor on allocation failure#4007
UnLucky252 wants to merge 1 commit into
unicode-org:mainfrom
UnLucky252:fix-ICU-23414-rbt-rule

Conversation

@UnLucky252

Copy link
Copy Markdown

Linked Jira issue

ICU-23414

Summary

In the TransliterationRule copy constructor (icu4c/source/i18n/rbt_rule.cpp),
the result of uprv_malloc for the segments array was passed to
uprv_memcpy without a NULL check.

Cause

On OOM uprv_malloc returns NULL; the subsequent uprv_memcpy is then
undefined behavior.

Fix

The constructor has no UErrorCode, so guard the uprv_memcpy with a
NULL check. On failure segments stays nullptr, which the rest of the
object already tolerates.

Testing

Existing tests pass (no behavior change on the success path). No new
test added — the OOM path requires allocator injection that is not
part of the standard test harness.

Notes

Found by static analysis (Svace, ISP RAS).

Checklist

  • Required: Issue filed: ICU-23414
  • Required: The PR title must be prefixed with a JIRA Issue number. Example: "ICU-NNNNN Fix xyz"
  • Required: Each commit message must be prefixed with a JIRA Issue number. Example: "ICU-NNNNN Fix xyz"
  • Issue accepted (done by Technical Committee after discussion)
  • Tests included, if applicable
  • API docs and/or User Guide docs changed or added, if applicable
  • Approver: Feel free to merge on my behalf

…nstructor on allocation failure

In the TransliterationRule copy constructor, the result of uprv_malloc
for the segments array was passed to uprv_memcpy without a NULL check,
which is undefined behavior on OOM.

The constructor has no UErrorCode, so guard the memcpy with a NULL
check; segments stays nullptr on failure, which the rest of the object
already tolerates.

Found by static analysis (Svace, ISP RAS).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant