From 5d145154ca5dcd87af7cae37235766d1eee2308f Mon Sep 17 00:00:00 2001
From: "C. Scott Ananian" <cscott@cscott.net>
Date: Wed, 18 Nov 2020 21:07:02 -0500
Subject: [PATCH] Check validity of language code before constructing
 NumberFormatter

The underlying libICU only allows language codes of length 157 or less
(ULOC_FULLNAME_CAPACITY from
https://github.com/unicode-org/icu/blob/master/icu4c/source/common/unicode/uloc.h).

Bug: T267589
Change-Id: I1e182053dec6c6f8ad379cde544b829f410664d3
---
 includes/language/LanguageNameUtils.php | 4 +++-
 languages/Language.php                  | 5 ++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/includes/language/LanguageNameUtils.php b/includes/language/LanguageNameUtils.php
index 7651aaeee1c..b2792c25c02 100644
--- a/includes/language/LanguageNameUtils.php
+++ b/includes/language/LanguageNameUtils.php
@@ -134,7 +134,9 @@ class LanguageNameUtils {
 			$this->validCodeCache[$code] =
 				// Protect against path traversal
 				strcspn( $code, ":/\\\000&<>'\"" ) === strlen( $code ) &&
-				!preg_match( MediaWikiTitleCodec::getTitleInvalidRegex(), $code );
+				!preg_match( MediaWikiTitleCodec::getTitleInvalidRegex(), $code ) &&
+				// libicu sets ULOC_FULLNAME_CAPACITY to 157; stay comfortably lower
+				strlen( $code ) <= 128;
 		}
 		return $this->validCodeCache[$code];
 	}
diff --git a/languages/Language.php b/languages/Language.php
index c7ce4dd0fdc..563e0685adc 100644
--- a/languages/Language.php
+++ b/languages/Language.php
@@ -3302,7 +3302,10 @@ class Language {
 		if ( !$noSeparators ) {
 			$separatorTransformTable = $this->separatorTransformTable();
 			$digitGroupingPattern = $this->digitGroupingPattern();
-			$code = $wgTranslateNumerals ? $this->getCode() : 'C';
+			$code = $this->getCode();
+			if ( !( $wgTranslateNumerals && $this->langNameUtils->isValidCode( $code ) ) ) {
+				$code = 'C'; // POSIX system default locale
+			}
 
 			if ( $digitGroupingPattern ) {
 				$fmt = new NumberFormatter(