$NetBSD: patch-CVE-2018-18928,v 1.1 2019/02/13 20:51:57 spz Exp $

fix for CVE-2018-18928 from
https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51

--- i18n/fmtable.cpp.orig	2018-09-29 00:34:42.000000000 +0000
+++ i18n/fmtable.cpp
@@ -734,7 +734,7 @@ CharString *Formattable::internalGetChar
       // not print scientific notation for magnitudes greater than -5 and smaller than some amount (+5?).
       if (fDecimalQuantity->isZero()) {
         fDecimalStr->append("0", -1, status);
-      } else if (std::abs(fDecimalQuantity->getMagnitude()) < 5) {
+      } else if (fDecimalQuantity->getMagnitude() != INT32_MIN && std::abs(fDecimalQuantity->getMagnitude()) < 5) {
         fDecimalStr->appendInvariantChars(fDecimalQuantity->toPlainString(), status);
       } else {
         fDecimalStr->appendInvariantChars(fDecimalQuantity->toScientificString(), status);

--- i18n/number_decimalquantity.cpp.orig	2018-10-01 22:39:56.000000000 +0000
+++ i18n/number_decimalquantity.cpp
@@ -820,7 +820,10 @@ UnicodeString DecimalQuantity::toScienti
     }
     result.append(u'E');
     int32_t _scale = upperPos + scale;
-    if (_scale < 0) {
+    if (_scale == INT32_MIN) {
+        result.append({u"-2147483648", -1});
+        return result;
+    } else if (_scale < 0) {
         _scale *= -1;
         result.append(u'-');
     } else {

--- test/intltest/numfmtst.cpp.orig	2018-10-01 22:39:56.000000000 +0000
+++ test/intltest/numfmtst.cpp
@@ -9226,6 +9226,14 @@ void NumberFormatTest::Test20037_Scienti
     assertEquals(u"Should not overflow and should parse only the first exponent",
                  u"1E-2147483647",
                  {sp.data(), sp.length(), US_INV});
+
+    // Test edge case overflow of exponent
+    result = Formattable();
+    nf->parse(u".0003e-2147483644", result, status);
+    sp = result.getDecimalNumber(status);
+    assertEquals(u"Should not overflow",
+                 u"3E-2147483648",
+                 {sp.data(), sp.length(), US_INV});
 }
 
 void NumberFormatTest::Test13840_ParseLongStringCrash() {
