Hello Jeff,
09.05.2023 00:59, Jeff Davis wrote:
> The easiest thing to do is revert it for now, and after we sort out the
> memcmp() path for the ICU provider, then I can commit it again (after
> that point it would just be code cleanup and should have no functional
> impact).
On the current master (after 455f948b0, and before f7faa9976, of course)
I get an ASAN-detected failure with the following query:
CREATE COLLATION col (provider = icu, locale = '123456789012');
==2929883==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc491be09c at pc 0x556e8571a260 bp 0x7
ffc491be020 sp 0x7ffc491bd7c8
READ of size 15 at 0x7ffc491be09c thread T0
#0 0x556e8571a25f in __interceptor_strcmp.part.0 (.../usr/local/pgsql/bin/postgres+0x2aa025f)
#1 0x556e86d77ee6 in icu_language_tag .../src/backend/utils/adt/pg_locale.c:2802
...
Address 0x7ffc491be09c is located in stack of thread T0 at offset 76 in frame
#0 0x556e86d77cfe in icu_language_tag .../src/backend/utils/adt/pg_locale.c:2782
This frame has 2 object(s):
[48, 52) 'status' (line 2784)
[64, 76) 'lang' (line 2785) <== Memory access at offset 76 overflows this variable
...
Here, uloc_getLanguage(loc_str, lang, ULOC_LANG_CAPACITY, &status) returns
status = -124, i.e.,
U_STRING_NOT_TERMINATED_WARNING = -124,/**< An output string could not be NUL-terminated because output
length==destCapacity. */
(ULOC_LANG_CAPACITY = 12)
this value is not covered by U_FAILURE(status), and strcmp(), that follows,
goes out of the lang variable bounds.
Best regards,
Alexander