OOM not handled in uloc_openKeywordList

Description

The return value of uprv_malloc isn't checked in uloc_openKeywordList, leading to a segmentation fault/crash if OOM occurs.

 

1 2 3 4 5 6 uloc_openKeywordList(const char *keywordList, int32_t keywordListSize, UErrorCode* status) { ... myContext->keywords = (char *)uprv_malloc(keywordListSize+1); uprv_memcpy(myContext->keywords, keywordList, keywordListSize); ...

Link to source on GitHub:
https://github.com/unicode-org/icu/blob/master/icu4c/source/common/uloc.cpp#L1479

 

Sample output from running cintltst under Valgrind with some hand-rolled OOM simulation for the ICU tests:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 OOM: failing to allocate 11 ==29370== Invalid write of size 8 ==29370== at 0x4C34163: memcpy@GLIBC_2.2.5 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==29370== by 0x5A56EC0: uloc_openKeywordList (uloc.cpp:1480) ==29370== by 0x5A57202: uloc_openKeywords (uloc.cpp:1535) ==29370== by 0x5A61DD9: uloc_getDisplayName (locdispnames.cpp:644) ==29370== by 0x45C38F: doTestDisplayNames (cloctst.c:1054) ==29370== by 0x452AFA: TestDisplayNames (cloctst.c:683) ==29370== by 0x4E43D32: iterateTestsWithLevel (ctest.c:392) ==29370== by 0x4E441FF: iterateTestsWithLevel (ctest.c:488) ==29370== by 0x4E441FF: iterateTestsWithLevel (ctest.c:488) ==29370== by 0x4E441FF: iterateTestsWithLevel (ctest.c:488) ==29370== by 0x4E441FF: iterateTestsWithLevel (ctest.c:488) ==29370== by 0x4E441FF: iterateTestsWithLevel (ctest.c:488) ==29370== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==29370== ==29370== ==29370== Process terminating with default action of signal 11 (SIGSEGV)

 

Status

Assignee

Jeff Genovy

Reporter

Jeff Genovy

Labels

Reviewer

Daniel Ju

Time Needed

Minutes

Start date

None

Components

Fix versions

Priority

medium