This is the mail archive of the libc-locales@sourceware.org mailing list for the GNU libc locales project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug localedata/17325] iconv from ccsid 937 to utf-8 access invalid memory


https://sourceware.org/bugzilla/show_bug.cgi?id=17325

--- Comment #2 from Adhemerval Zanella Netto <azanella at linux dot vnet.ibm.com> ---
I must confess I didn't pay much attention in my first analysis. And I agree
with your evaluation: if ch is 0xffff is a out of the bound access.

I have changed the patch to check for 0xffff and also found other possible
susceptible encodings.  I have place the test with others sanity ones to
simplify the code.  What do you think?

diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c
index 0b5484f..21f71bd 100644
--- a/iconvdata/ibm1364.c
+++ b/iconvdata/ibm1364.c
@@ -222,6 +222,7 @@ enum
                                           \
     uint32_t res;                                  \
     if (__builtin_expect (ch < rp2->start, 0)                  \
+        || __builtin_expect (ch == 0xffff, 0)                  \
         || (res = DB_TO_UCS4[ch + rp2->idx],                  \
         __builtin_expect (res, L'\1') == L'\0' && ch != '\0'))          \
       {                                      \
diff --git a/iconvdata/ibm930.c b/iconvdata/ibm930.c
index 768a444..72f4afe 100644
--- a/iconvdata/ibm930.c
+++ b/iconvdata/ibm930.c
@@ -165,6 +165,7 @@ enum
                                           \
     if (__builtin_expect (rp2->start == 0xffff, 0)                  \
         || __builtin_expect (ch < rp2->start, 0)                  \
+        || __builtin_expect (ch == 0xffff, 0)                  \
         || (res = __ibm930db_to_ucs4[ch + rp2->idx],              \
         __builtin_expect (res, L'\1') == L'\0' && ch != '\0'))          \
       {                                      \
diff --git a/iconvdata/ibm932.c b/iconvdata/ibm932.c
index f5dca59..57ac293 100644
--- a/iconvdata/ibm932.c
+++ b/iconvdata/ibm932.c
@@ -79,6 +79,7 @@
                                           \
     if (__builtin_expect (rp2 == NULL, 0)                      \
         || __builtin_expect (ch < rp2->start, 0)                  \
+        || __builtin_expect (ch == 0xffff, 0)                  \
         || (res = __ibm932db_to_ucs4[ch + rp2->idx],              \
         __builtin_expect (res, '\1') == 0 && ch !=0))              \
       {                                      \
diff --git a/iconvdata/ibm933.c b/iconvdata/ibm933.c
index f46dfb5..633ed8f 100644
--- a/iconvdata/ibm933.c
+++ b/iconvdata/ibm933.c
@@ -164,6 +164,7 @@ enum
                                           \
     if (__builtin_expect (rp2 == NULL, 0)                      \
         || __builtin_expect (ch < rp2->start, 0)                  \
+        || __builtin_expect (ch == 0xffff, 0)                  \
         || (res = __ibm933db_to_ucs4[ch + rp2->idx],              \
         __builtin_expect (res, L'\1') == L'\0' && ch != '\0'))          \
       {                                      \
diff --git a/iconvdata/ibm935.c b/iconvdata/ibm935.c
index a8e4e6c..d00edd0 100644
--- a/iconvdata/ibm935.c
+++ b/iconvdata/ibm935.c
@@ -164,6 +164,7 @@ enum
                                           \
     if (__builtin_expect (rp2 == NULL, 0)                      \
         || __builtin_expect (ch < rp2->start, 0)                  \
+        || __builtin_expect (ch == 0xffff, 0)                  \
         || (res = __ibm935db_to_ucs4[ch + rp2->idx],              \
         __builtin_expect (res, L'\1') == L'\0' && ch != '\0'))          \
       {                                      \
diff --git a/iconvdata/ibm937.c b/iconvdata/ibm937.c
index 239be61..6dff7a2 100644
--- a/iconvdata/ibm937.c
+++ b/iconvdata/ibm937.c
@@ -164,6 +164,7 @@ enum
                                           \
     if (__builtin_expect (rp2 == NULL, 0)                      \
         || __builtin_expect (ch < rp2->start, 0)                  \
+        || __builtin_expect (ch == 0xffff, 0)                  \
         || (res = __ibm937db_to_ucs4[ch + rp2->idx],              \
         __builtin_expect (res, L'\1') == L'\0' && ch != '\0'))          \
       {                                      \
diff --git a/iconvdata/ibm939.c b/iconvdata/ibm939.c
index 5d0db36..c46758c 100644
--- a/iconvdata/ibm939.c
+++ b/iconvdata/ibm939.c
@@ -164,6 +164,7 @@ enum
                                           \
     if (__builtin_expect (rp2 == NULL, 0)                      \
         || __builtin_expect (ch < rp2->start, 0)                  \
+        || __builtin_expect (ch == 0xffff, 0)                  \
         || (res = __ibm939db_to_ucs4[ch + rp2->idx],              \
         __builtin_expect (res, L'\1') == L'\0' && ch != '\0'))          \
       {                                      \
diff --git a/iconvdata/ibm943.c b/iconvdata/ibm943.c
index be0c14f..e2e8ef5 100644
--- a/iconvdata/ibm943.c
+++ b/iconvdata/ibm943.c
@@ -80,6 +80,7 @@
                                           \
     if (__builtin_expect (rp2 == NULL, 0)                      \
         || __builtin_expect (ch < rp2->start, 0)                  \
+        || __builtin_expect (ch == 0xffff, 0)                  \
         || (res = __ibm943db_to_ucs4[ch + rp2->idx],              \
         __builtin_expect (res, '\1') == 0 && ch !=0))              \
       {                                      \

-- 
You are receiving this mail because:
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]