Fuzzer-detected Null-dereference READ in icu_67::DataBuilderCollationIterator::getCE32FromBuilderData
split to to figure out why the cond == nullptr after we fix the read error in
When this happen, cond is nullptr in source/i18n/collationdatabuilder.cpp around line 263 DataBuilderCollationIterator::getCE32FromBuilderData
ce32 is 0x2d1000f7 . Collation::indexFromCE32(ce32) return 92288 but conditionalCE32s.size() is only 598
How to reproduce this bug.
Make sure your icu source sync after the landing of OR patch it into your icu source.
down load the test case file (click on the fie under the “Attachements“) and save as TESTFILE
in icu source directory
CXXFLAGS="-fsanitize=address" CFLAGS="-fsanitize=address" ./runConfigureICU --disable-release Linux --disable-layoutex
LD_LIBRARY_PATH=lib:stubdata:tools/ctestfw:../../lib:../../stubdata:../../tools/ctestfw:$LD_LIBRARY_PATH ./collator_rulebased_fuzzer $testfile