ICU-11374 Regular Expression, improve checking of integer overflow.

X-SVN-Rev: 36792

icu4c/source/i18n/regexcmp.cpp

@@ -1029,9 +1029,11 @@ UBool RegexCompile::doParseActions(int32_t action)
         {
             int32_t digitValue = u_charDigitValue(fC.fChar);
             U_ASSERT(digitValue >= 0);
-            fIntervalLow = fIntervalLow*10 + digitValue;
-            if (fIntervalLow < 0) {
+            int64_t val = (int64_t)fIntervalLow*10 + digitValue;
+            if (val > INT32_MAX) {
                 error(U_REGEX_NUMBER_TOO_BIG);
+            } else {
+                fIntervalLow = (int32_t)val;
             }
         }
         break;
@@ -1044,9 +1046,11 @@ UBool RegexCompile::doParseActions(int32_t action)
             }
             int32_t digitValue = u_charDigitValue(fC.fChar);
             U_ASSERT(digitValue >= 0);
-            fIntervalUpper = fIntervalUpper*10 + digitValue;
-            if (fIntervalUpper < 0) {
+            int64_t val = (int64_t)fIntervalUpper*10 + digitValue;
+            if (val > INT32_MAX) {
                 error(U_REGEX_NUMBER_TOO_BIG);
+            } else {
+                fIntervalUpper = (int32_t)val;
             }
         }
         break;

icu4c/source/test/testdata/regextst.txt

@@ -1218,6 +1218,21 @@
 "(?<!(0123456789a){10000000})x"         E  "no match"
 "(?<!\\ubeaf(\\ubeaf{11000}){11000})"   E  "no match"
 
+# Bug 11374 Bad integer overflow check in number conversion.
+#           4294967300 converts to 4 with 32 bit overflow.
+
+"x{4294967300}"                         E  "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+"x{0,4294967300}"                       E  "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+
+# Bug 11373
+#
+#    Overflow checking in max match length computation for loops.
+#    Value here is 10 * 100000 * 3000 = 3G, overflowing a 32 bit signed value.
+#    Before fixing, this case give an assertion failure.
+
+"(?<=((0123456789){100000}){3000})abc"          "abc"
+
+
 
 #  Random debugging, Temporary
 #