ICU: check for U_STRING_NOT_TERMINATED_WARNING.

Fixes memory error in cases where the length of the language name
returned by uloc_getLanguage() is exactly ULOC_LANG_CAPACITY, in which
case the status is set to U_STRING_NOT_TERMINATED_WARNING.

Also check in call sites for other ICU functions that are expected to
return a C string to be safe (no bug is known at these other call
sites).

Reported-by: Alexander Lakhin
Discussion: https://postgr.es/m/2098874d-c111-41e4-9063-30bcf135226b@gmail.com

diff --git a/src/backend/utils/adt/pg_locale.c b/src/backend/utils/adt/pg_locale.c
index de678da6033693cd6dea37998feb83bb84a2304a..eea1d1ae0ff8ad94db67c1087e7f9004cc63af15 100644 (file)
--- a/src/backend/utils/adt/pg_locale.c
+++ b/src/backend/utils/adt/pg_locale.c
@@ -2468,7 +2468,7 @@ pg_ucol_open(const char *loc_str)
 
                status = U_ZERO_ERROR;
                uloc_getLanguage(loc_str, lang, ULOC_LANG_CAPACITY, &status);
-               if (U_FAILURE(status))
+               if (U_FAILURE(status) || status == U_STRING_NOT_TERMINATED_WARNING)
                {
                        ereport(ERROR,
                                        (errmsg("could not get language from locale \"%s\": %s",
@@ -2504,7 +2504,7 @@ pg_ucol_open(const char *loc_str)
                 * Pretend the error came from ucol_open(), for consistent error
                 * message across ICU versions.
                 */
-               if (U_FAILURE(status))
+               if (U_FAILURE(status) || status == U_STRING_NOT_TERMINATED_WARNING)
                {
                        ucol_close(collator);
                        ereport(ERROR,
@@ -2639,7 +2639,8 @@ icu_from_uchar(char **result, const UChar *buff_uchar, int32_t len_uchar)
        status = U_ZERO_ERROR;
        len_result = ucnv_fromUChars(icu_converter, *result, len_result + 1,
                                                                 buff_uchar, len_uchar, &status);
-       if (U_FAILURE(status))
+       if (U_FAILURE(status) ||
+               status == U_STRING_NOT_TERMINATED_WARNING)
                ereport(ERROR,
                                (errmsg("%s failed: %s", "ucnv_fromUChars",
                                                u_errorName(status))));
@@ -2681,7 +2682,7 @@ icu_set_collation_attributes(UCollator *collator, const char *loc,
        icu_locale_id = palloc(len + 1);
        *status = U_ZERO_ERROR;
        len = uloc_canonicalize(loc, icu_locale_id, len + 1, status);
-       if (U_FAILURE(*status))
+       if (U_FAILURE(*status) || *status == U_STRING_NOT_TERMINATED_WARNING)
                return;
 
        lower_str = asc_tolower(icu_locale_id, strlen(icu_locale_id));
@@ -2765,7 +2766,6 @@ icu_set_collation_attributes(UCollator *collator, const char *loc,
 
        pfree(lower_str);
 }
-
 #endif
 
 /*
@@ -2789,7 +2789,7 @@ icu_language_tag(const char *loc_str, int elevel)
 
        status = U_ZERO_ERROR;
        uloc_getLanguage(loc_str, lang, ULOC_LANG_CAPACITY, &status);
-       if (U_FAILURE(status))
+       if (U_FAILURE(status) || status == U_STRING_NOT_TERMINATED_WARNING)
        {
                if (elevel > 0)
                        ereport(elevel,
@@ -2811,19 +2811,12 @@ icu_language_tag(const char *loc_str, int elevel)
        langtag = palloc(buflen);
        while (true)
        {
-               int32_t         len;
-
                status = U_ZERO_ERROR;
-               len = uloc_toLanguageTag(loc_str, langtag, buflen, strict, &status);
+               uloc_toLanguageTag(loc_str, langtag, buflen, strict, &status);
 
-               /*
-                * If the result fits in the buffer exactly (len == buflen),
-                * uloc_toLanguageTag() will return success without nul-terminating
-                * the result. Check for either U_BUFFER_OVERFLOW_ERROR or len >=
-                * buflen and try again.
-                */
+               /* try again if the buffer is not large enough */
                if ((status == U_BUFFER_OVERFLOW_ERROR ||
-                        (U_SUCCESS(status) && len >= buflen)) &&
+                        status == U_STRING_NOT_TERMINATED_WARNING) &&
                        buflen < MaxAllocSize)
                {
                        buflen = Min(buflen * 2, MaxAllocSize);
@@ -2878,7 +2871,7 @@ icu_validate_locale(const char *loc_str)
        /* validate that we can extract the language */
        status = U_ZERO_ERROR;
        uloc_getLanguage(loc_str, lang, ULOC_LANG_CAPACITY, &status);
-       if (U_FAILURE(status))
+       if (U_FAILURE(status) || status == U_STRING_NOT_TERMINATED_WARNING)
        {
                ereport(elevel,
                                (errmsg("could not get language from ICU locale \"%s\": %s",
@@ -2901,7 +2894,7 @@ icu_validate_locale(const char *loc_str)
 
                status = U_ZERO_ERROR;
                uloc_getLanguage(otherloc, otherlang, ULOC_LANG_CAPACITY, &status);
-               if (U_FAILURE(status))
+               if (U_FAILURE(status) || status == U_STRING_NOT_TERMINATED_WARNING)
                        continue;
 
                if (strcmp(lang, otherlang) == 0)

diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c
index e03d498b1e073e4447b7108b4ee28c5b526ab8df..30b576932fd049e8f05aee667cef8eda8b51cd72 100644 (file)
--- a/src/bin/initdb/initdb.c
+++ b/src/bin/initdb/initdb.c
@@ -2252,7 +2252,7 @@ icu_language_tag(const char *loc_str)
 
        status = U_ZERO_ERROR;
        uloc_getLanguage(loc_str, lang, ULOC_LANG_CAPACITY, &status);
-       if (U_FAILURE(status))
+       if (U_FAILURE(status) || status == U_STRING_NOT_TERMINATED_WARNING)
        {
                pg_fatal("could not get language from locale \"%s\": %s",
                                 loc_str, u_errorName(status));
@@ -2272,19 +2272,12 @@ icu_language_tag(const char *loc_str)
        langtag = pg_malloc(buflen);
        while (true)
        {
-               int32_t         len;
-
                status = U_ZERO_ERROR;
-               len = uloc_toLanguageTag(loc_str, langtag, buflen, strict, &status);
+               uloc_toLanguageTag(loc_str, langtag, buflen, strict, &status);
 
-               /*
-                * If the result fits in the buffer exactly (len == buflen),
-                * uloc_toLanguageTag() will return success without nul-terminating
-                * the result. Check for either U_BUFFER_OVERFLOW_ERROR or len >=
-                * buflen and try again.
-                */
+               /* try again if the buffer is not large enough */
                if (status == U_BUFFER_OVERFLOW_ERROR ||
-                       (U_SUCCESS(status) && len >= buflen))
+                       status == U_STRING_NOT_TERMINATED_WARNING)
                {
                        buflen = buflen * 2;
                        langtag = pg_realloc(langtag, buflen);