ICU-23243 Bugfix: Don't call std::string_view::front() when empty.

roubert · FrankYFTang · commit 049e0d6a4206 · 2025-10-29T17:03:54.000-07:00
Doing this just happens to work in most builds (which is why this bug
hasn't been found until now), but it's actually undefined behavior.
diff --git a/icu4c/source/common/uloc.cpp b/icu4c/source/common/uloc.cpp
@@ -627,7 +627,7 @@ ulocimp_getKeywords(std::string_view localeID,
         do {
             bool duplicate = false;
             /* skip leading spaces */
-            while (localeID.front() == ' ') {
+            while (!localeID.empty() && localeID.front() == ' ') {
                 localeID.remove_prefix(1);
             }
             if (localeID.empty()) { /* handle trailing "; " */
diff --git a/icu4c/source/test/intltest/loctest.cpp b/icu4c/source/test/intltest/loctest.cpp
@@ -266,6 +266,7 @@ void LocaleTest::runIndexedTest( int32_t index, UBool exec, const char* &name, c
     TESTCASE_AUTO(TestBug13554);
     TESTCASE_AUTO(TestBug20410);
     TESTCASE_AUTO(TestBug20900);
+    TESTCASE_AUTO(TestChromiumBug451657601);
     TESTCASE_AUTO(TestLocaleCanonicalizationFromFile);
     TESTCASE_AUTO(TestKnownCanonicalizedListCorrect);
     TESTCASE_AUTO(TestConstructorAcceptsBCP47);
@@ -5849,6 +5850,12 @@ void LocaleTest::TestBug20900() {
     }
 }
 
+void LocaleTest::TestChromiumBug451657601() {
+    // This used to cause a crash in _LIBCPP_HARDENING_MODE.
+    Locale l = Locale("@x=@; ");
+    assertEquals("canonicalized", "@x=@", l.getName());
+}
+
 U_DEFINE_LOCAL_OPEN_POINTER(LocalStdioFilePointer, FILE, fclose);
 void LocaleTest::TestLocaleCanonicalizationFromFile()
 {
diff --git a/icu4c/source/test/intltest/loctest.h b/icu4c/source/test/intltest/loctest.h
@@ -126,6 +126,7 @@ class LocaleTest: public IntlTest {
     void TestBug13554();
     void TestBug20410();
     void TestBug20900();
+    void TestChromiumBug451657601();
     void TestLocaleCanonicalizationFromFile();
     void TestKnownCanonicalizedListCorrect();
     void TestConstructorAcceptsBCP47();

Original file line number	Diff line number	Diff line change
`@@ -627,7 +627,7 @@ ulocimp_getKeywords(std::string_view localeID,`
`627`	`627`	`do {`
`628`	`628`	`bool duplicate = false;`
`629`	`629`	`/* skip leading spaces */`
`630`		`- while (localeID.front() == ' ') {`
	`630`	`+ while (!localeID.empty() && localeID.front() == ' ') {`
`631`	`631`	`localeID.remove_prefix(1);`
`632`	`632`	`}`
`633`	`633`	`if (localeID.empty()) { /* handle trailing "; " */`
Original file line number	Diff line number	Diff line change
`@@ -266,6 +266,7 @@ void LocaleTest::runIndexedTest( int32_t index, UBool exec, const char* &name, c`
`266`	`266`	`TESTCASE_AUTO(TestBug13554);`
`267`	`267`	`TESTCASE_AUTO(TestBug20410);`
`268`	`268`	`TESTCASE_AUTO(TestBug20900);`
	`269`	`+ TESTCASE_AUTO(TestChromiumBug451657601);`
`269`	`270`	`TESTCASE_AUTO(TestLocaleCanonicalizationFromFile);`
`270`	`271`	`TESTCASE_AUTO(TestKnownCanonicalizedListCorrect);`
`271`	`272`	`TESTCASE_AUTO(TestConstructorAcceptsBCP47);`
`@@ -5849,6 +5850,12 @@ void LocaleTest::TestBug20900() {`
`5849`	`5850`	`}`
`5850`	`5851`	`}`
`5851`	`5852`
	`5853`	`+void LocaleTest::TestChromiumBug451657601() {`
	`5854`	`+ // This used to cause a crash in _LIBCPP_HARDENING_MODE.`
	`5855`	`+ Locale l = Locale("@x=@; ");`
	`5856`	`+ assertEquals("canonicalized", "@x=@", l.getName());`
	`5857`	`+}`
	`5858`	`+`
`5852`	`5859`	`U_DEFINE_LOCAL_OPEN_POINTER(LocalStdioFilePointer, FILE, fclose);`
`5853`	`5860`	`void LocaleTest::TestLocaleCanonicalizationFromFile()`
`5854`	`5861`	`{`