This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH][BZ #14134] Fix iconv segfault while converting from IBM-930
- From: Siddhesh Poyarekar <siddhesh at redhat dot com>
- To: libc-alpha at sourceware dot org
- Date: Wed, 23 May 2012 07:29:51 +0530
- Subject: [PATCH][BZ #14134] Fix iconv segfault while converting from IBM-930
Hi,
When converting IBM930 code with iconv(), if IBM930 code which includes
invalid multibyte character "0xffff" is specified, then iconv()
segfaults. This is easy to see using the following command:
echo '0x0e 0x43 0x8c 0xff 0xff 0x43 0xbd 0x43 0xbd' | xxd -r |
iconv -f IBM930 -t UTF-8
The crash seems to happen when looking up the offset for the
character into the conversion table, since the conversion tables are
delimited by {0xffff, 0xffff, 0} at the end. I've added an additional
check for invalid character in this patch, which is to check if the
matched entry is the one above. I have made an analogous change to the
conversion-to-ibm930 section of the code since it makes sense logically,
even though I don't have a reproducer to induce a crash the other way
around.
I have verified that there are no regressions in the testsuite as a
result of this patch.
Regards,
Siddhesh
ChangeLog:
2012-05-23 Siddhesh Poyarekar <siddhesh@redhat.com>
* iconvdata/ibm930.c (BODY): Check for invalid character 0xffff
that matches the last element of the conversion table.
diff --git a/iconvdata/ibm930.c b/iconvdata/ibm930.c
index 25a9be0..6f758eb 100644
--- a/iconvdata/ibm930.c
+++ b/iconvdata/ibm930.c
@@ -162,7 +162,8 @@ enum
while (ch > rp2->end) \
++rp2; \
\
- if (__builtin_expect (ch < rp2->start, 0) \
+ if (__builtin_expect (rp2->start == 0xffff, 0) \
+ || __builtin_expect (ch < rp2->start, 0) \
|| (res = __ibm930db_to_ucs4[ch + rp2->idx], \
__builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
{ \
@@ -215,7 +216,8 @@ enum
while (ch > rp2->end) \
++rp2; \
\
- if (__builtin_expect (ch < rp2->start, 0) \
+ if (__builtin_expect (rp2->start == 0xffff, 0) \
+ || __builtin_expect (ch < rp2->start, 0) \
|| (cp = __ucs4_to_ibm930db[ch + rp2->idx], \
__builtin_expect (cp[0], L'\1')== L'\0' && ch != '\0')) \
{ \