xfs_scrub: guard against libicu returning negative buffer lengths

The libicu functions u_strFromUTF8, unorm2_normalize, and
uspoof_getSkeleton return int32_t values.  Guard against negative return
values, even though the library itself never does this.

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>

diff --git a/scrub/unicrash.c b/scrub/unicrash.c
index 4517e2bcef617a35434332a1e28325d877d73fa2..456caec27d6066a23107c647ae0617e0a408901b 100644 (file)
--- a/scrub/unicrash.c
+++ b/scrub/unicrash.c
@@ -189,7 +189,7 @@ name_entry_compute_checknames(
 
        /* Convert bytestr to unistr for normalization */
        u_strFromUTF8(NULL, 0, &unistrlen, entry->name, entry->namelen, &uerr);
-       if (uerr != U_BUFFER_OVERFLOW_ERROR)
+       if (uerr != U_BUFFER_OVERFLOW_ERROR || unistrlen < 0)
                return false;
        uerr = U_ZERO_ERROR;
        unistr = calloc(unistrlen + 1, sizeof(UChar));
@@ -203,7 +203,7 @@ name_entry_compute_checknames(
        /* Normalize the string. */
        normstrlen = unorm2_normalize(uc->normalizer, unistr, unistrlen, NULL,
                        0, &uerr);
-       if (uerr != U_BUFFER_OVERFLOW_ERROR)
+       if (uerr != U_BUFFER_OVERFLOW_ERROR || normstrlen < 0)
                goto out_unistr;
        uerr = U_ZERO_ERROR;
        normstr = calloc(normstrlen + 1, sizeof(UChar));
@@ -217,7 +217,7 @@ name_entry_compute_checknames(
        /* Compute skeleton. */
        skelstrlen = uspoof_getSkeleton(uc->spoof, 0, unistr, unistrlen, NULL,
                        0, &uerr);
-       if (uerr != U_BUFFER_OVERFLOW_ERROR)
+       if (uerr != U_BUFFER_OVERFLOW_ERROR || skelstrlen < 0)
                goto out_normstr;
        uerr = U_ZERO_ERROR;
        skelstr = calloc(skelstrlen + 1, sizeof(UChar));