Covered in-depth at: https://github.com/znc/znc/issues/1459
The issue seems to be in icuConv / ucnv_convertEx.
"ZNC appears to crash while translating charsets for the result of a WHO command, for some users whose real name contains non-ASCII characters."
I suspect it happens anywhere where charset conversion would be performed, but depending on which channels the test machine is configured to log into, you'll tend to get different events be the first one to trigger the crash.
We need some more details here, such as which codepage is being used, which parameters, etc.
Ideally, a separable test case that just calls ICU source. You might be able to modify the conversion sample code in http://source.icu-project.org/repos/icu/trunk/icu4c/source/samples/ucnv/
I can now reliably reproduce the bug with ICU 60, on Linux armv5 & x86_64 platforms.
ucnv_convertEx() may write beyond the end of the output buffer if the input contains a character whose conversion would result in a multibyte sequence in the output, but the output buffer only contains enough space for a part of the sequence, in which case the whole sequence is written into the output buffer without accounting for its size limit.
(I didn't check the code, it is probably a bit trickier than that)
I'll attach sample code that triggers the issue.
I am pretty sure I fixed this in . I didn't see the reproduction test case here before I got to work on that one.
Attached poc2.cpp as previously the 'if' was checking uint8_t vs int types and those won't be equal.