From: Adam Dickmeiss <adam@indexdata.dk>
Date: Thu, 9 Jun 2011 13:25:17 +0000 (+0200)
Subject: Work around a bug in ucol_getSortKey
X-Git-Tag: v4.2.2~7
X-Git-Url: http://git.indexdata.com/?p=yaz-moved-to-github.git;a=commitdiff_plain;h=4493d0acd68f0d3f1b0f1b6c79e3934bfa3207ed;hp=9a23e52dbba0f2f6d7ab85361e3c53ac9f222446

Work around a bug in ucol_getSortKey

The problem seen is that ucol_getSortkey writes one byte at the
capacity position. This in turn, results in malloc heap corruption.
---

diff --git a/src/icu_sortkey.c b/src/icu_sortkey.c
index 8fed394..c9fc380 100644
--- a/src/icu_sortkey.c
+++ b/src/icu_sortkey.c
@@ -32,12 +32,15 @@ void icu_sortkey8_from_utf16(UCollator *coll,
                              UErrorCode * status)
 { 
     int32_t sortkey_len = 0;
-
+    /* we'll fake a capacity of one less, because it turns out
+       that ucol_getSortKey writes ONE character too much */
+    int32_t cap = dest8->utf8_cap ? dest8->utf8_cap - 1 : 0;
+    
     sortkey_len = ucol_getSortKey(coll, src16->utf16, src16->utf16_len,
-                                  dest8->utf8, dest8->utf8_cap);
+                                  dest8->utf8, cap);
 
     /* check for buffer overflow, resize and retry */
-    if (sortkey_len > dest8->utf8_cap)
+    if (sortkey_len > cap)
     {
         icu_buf_utf8_resize(dest8, sortkey_len * 2);
         sortkey_len = ucol_getSortKey(coll, src16->utf16, src16->utf16_len,