newLength <= bufferLength assertion in icu_68::Locale::setKeywordValue

Description

This is the upstream bug of https://bugs.chromium.org/p/chromium/issues/detail?id=1146468

let l = new Intl.Locale("de-u-kk-false-ks-level1-kv-space-cu-eur-ms-metric-nu-latn-lb-strict-" +
"lw-normal-ss-none-em-default-rg-atzzzz-sd-atat1-va-posix")

Here is the stack trace from gdb

#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007ffff3982537 in __GI_abort () at abort.c:79
#2 0x00007ffff398240f in __assert_fail_base (fmt=0x7ffff3aeb128 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
assertion=0x7ffff3e79ea1 "newLength <= bufferLength", file=0x7ffff3e7ede4 "../../third_party/icu/source/common/locid.cpp",
line=2480, function=<optimized out>) at assert.c:92
#3 0x00007ffff39915b2 in _GI__assert_fail (assertion=0x7ffff3e79ea1 "newLength <= bufferLength",
file=0x7ffff3e7ede4 "../../third_party/icu/source/common/locid.cpp", line=2480,
function=0x7ffff3e758aa "void icu_68::Locale::setKeywordValue(const char *, const char *, UErrorCode &)") at assert.c:101
#4 0x00007ffff3f30602 in icu_68::Locale::setKeywordValue (this=0x7fffffffb378, keywordName=0x555555706fc8 "ss",
keywordValue=0x7fffffffb2d5 "none", status=@0x7fffffffb64c: U_STRING_NOT_TERMINATED_WARNING)
at ../../third_party/icu/source/common/locid.cpp:2480
#5 0x00007ffff3f1e0f9 in icu_68::_copyExtensions (from=..., keywords=0x555555755030, to=..., validate=true,
errorCode=@0x7fffffffb64c: U_STRING_NOT_TERMINATED_WARNING) at ../../third_party/icu/source/common/localebuilder.cpp:184
#6 0x00007ffff3f1e454 in icu_68::LocaleBuilder::build (this=0x7fffffffbd38,
errorCode=@0x7fffffffb64c: U_STRING_NOT_TERMINATED_WARNING) at ../../third_party/icu/source/common/localebuilder.cpp:451
#7 0x00007ffff6ce84ba in v8::internal::(anonymous namespace)::ApplyOptionsToTag (isolate=0x1ab000000000, tag=..., options=...,
builder=0x7fffffffbd38) at ../../src/objects/js-locale.cc:245
#8 0x00007ffff6ce7c42 in v8::internal::JSLocale::New (isolate=0x1ab000000000, map=..., locale_str=..., options=...)
at ../../src/objects/js-locale.cc:336
#9 0x00007ffff655638c in v8::internal::Builtin_Impl_LocaleConstructor (args=..., isolate=0x1ab000000000)
at ../../src/builtins/builtins-intl.cc:661
#10 0x00007ffff6555928 in v8::internal::Builtin_LocaleConstructor (args_length=6, args_object=0x7fffffffc088,
isolate=0x1ab000000000) at ../../src/builtins/builtins-intl.cc:608
#11 0x00007ffff5ed651f in Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_BuiltinExit ()
from /usr/local/google/home/ftang/v8/v8/out/x64.debug/libv8.so

Notice the status is U_STRING_NOT_TERMINATED_WARNING after calling uloc_setKeywordValue
inside icu_68::Locale::setKeywordValue
The if check only check for U_BUFFER_OVERFLOW_ERROR) but didn't consider the fact that it could also be U_STRING_NOT_TERMINATED_WARNING

Activity

Show:
Frank Yung-Fong Tang
November 10, 2020, 10:27 PM

fix in

Frank Yung-Fong Tang
November 10, 2020, 7:11 PM

Patch to show the problem in debug build

Frank Yung-Fong Tang
November 10, 2020, 7:02 PM

The code is called inside locale builder. I place some printf in the beginning of the setKeywordValue to show the call seq

ftang@ftang4:~/v8/v8$ out/x64.debug/d8 --test test/intl/assert.js test/intl/utils.js test/intl/regress-1146468.js --random-seed=528794567 --nohard-abort --enable-slow-asserts --verify-heap --testing-d8-test-runner --allow-natives-syntax
setKeywordValue(colnormalization, no, 0) locale =de__POSIX
after uloc_setKeywordValue bufferLength = 157 newLength=30 status=0
setKeywordValue(colstrength, primary, 0) locale =de__POSIX@colnormalization=no
after uloc_setKeywordValue bufferLength = 157 newLength=50 status=0
setKeywordValue(currency, eur, 0) locale =de__POSIX@colnormalization=no;colstrength=primary
after uloc_setKeywordValue bufferLength = 157 newLength=63 status=0
setKeywordValue(em, default, 0) locale =de__POSIX@colnormalization=no;colstrength=primary;currency=eur
after uloc_setKeywordValue bufferLength = 157 newLength=74 status=0
setKeywordValue(kv, space, 0) locale =de__POSIX@colnormalization=no;colstrength=primary;currency=eur;em=default
after uloc_setKeywordValue bufferLength = 157 newLength=83 status=0
setKeywordValue(lb, strict, 0) locale =de__POSIX@colnormalization=no;colstrength=primary;currency=eur;em=default;kv=space
after uloc_setKeywordValue bufferLength = 157 newLength=93 status=0
setKeywordValue(lw, normal, 0) locale =de__POSIX@colnormalization=no;colstrength=primary;currency=eur;em=default;kv=space;lb=strict
after uloc_setKeywordValue bufferLength = 157 newLength=103 status=0
setKeywordValue(measure, metric, 0) locale =de__POSIX@colnormalization=no;colstrength=primary;currency=eur;em=default;kv=space;lb=strict;lw=normal
after uloc_setKeywordValue bufferLength = 157 newLength=118 status=0
setKeywordValue(numbers, latn, 0) locale =de__POSIX@colnormalization=no;colstrength=primary;currency=eur;em=default;kv=space;lb=strict;lw=normal;measure=metric
after uloc_setKeywordValue bufferLength = 157 newLength=131 status=0
setKeywordValue(rg, atzzzz, 0) locale =de__POSIX@colnormalization=no;colstrength=primary;currency=eur;em=default;kv=space;lb=strict;lw=normal;measure=metric;numbers=latn
after uloc_setKeywordValue bufferLength = 157 newLength=141 status=0
setKeywordValue(sd, atat1, 0) locale =de__POSIX@colnormalization=no;colstrength=primary;currency=eur;em=default;kv=space;lb=strict;lw=normal;measure=metric;numbers=latn;rg=atzzzz
after uloc_setKeywordValue bufferLength = 157 newLength=150 status=0
setKeywordValue(ss, none, 0) locale =de__POSIX@colnormalization=no;colstrength=primary;currency=eur;em=default;kv=space;lb=strict;lw=normal;measure=metric;numbers=latn;rg=atzzzz;sd=atat1
after uloc_setKeywordValue bufferLength = 157 newLength=158 status=-124
d8: ../../third_party/icu/source/common/locid.cpp:2482: void icu_68::Locale::setKeywordValue(const char *, const char *, UErrorCode &): Assertion `newLength <= bufferLength' failed.

Frank Yung-Fong Tang
November 10, 2020, 6:59 PM

Going to add a unit test to show the problem soon

Fixed
Your pinned fields
Click on the next to a field label to start pinning.

Assignee

Frank Yung-Fong Tang

Reporter

Frank Yung-Fong Tang

Components

Labels

Priority

medium

Time Needed

Hours

Fix versions