We're updating the issue view to help you get more done. 

AIX core dump in _strToWCS when the length of the input WString is 1000

Description

(1) call u_strTOWCS with the input Wstring and its length =1000
(2) u_starToWCS will call u_strTOWCS
(3) u_strTOWCS will call _strToWCS
(4) inside _strToWCS (ustrtrns.c)
ucnv_fromUnicode(conv,&target,targetlimit,&src,srclimit,NULL,FALSE,&retcode)

where src contains 1000 Wchar string
srclimit = src + 1000

(6)the retcode is U_BUFFER_OVERFLOW_ERROR from uncv_fromUnicode
srcLimit - src = 2 (???????)

(7) call u_growAnyBufferFromStatic(context,pBuffer, pCapacity, ReqCapacity,
length, size)
where ReqCapacity is (2*(srcLimit-src)+100) = 104

(8) inside u_growAnyBufferFromStatic (ustrtrns.c)

newBuffer = uprv_malloc(ReqCapacity*size); /* allocate 104 bytes */
if (length>0) /* length = 1000 */
uprv_memcpy(newBuffer, PBuffer, length*size); / length*size =1000 */

  •  

    •  

      •  

        • uppr_malloc only allocate 104 bytes buffer and uprv_memcpy was trying to

copy 1000 bytes into this 104-bytes buffer and that caused core dump

  •  

    •  

      • This problem ONLY occurred when the request is sent from WINDOW client
        to AIX server. It is working from AIX client to AIX server.

Environment

Status

Assignee

TracBot

Reporter

TracBot

Labels

tracCreated

Sep 03, 2003, 12:18 AM

tracOwner

eric

tracProject

ICU4C,ICU4J and ICU4JNI

tracReporter

lin1@63ab4e4d4e2312f9

tracResolution

worksforme

tracReviewer

ram

tracStatus

closed

Components

Fix versions

Priority

critical