This is the mail archive of the
libc-locales@sourceware.org
mailing list for the GNU libc locales project.
[Bug localedata/17325] iconv from ccsid 937 to utf-8 access invalid memory
- From: "azanella at linux dot vnet.ibm.com" <sourceware-bugzilla at sourceware dot org>
- To: libc-locales at sourceware dot org
- Date: Fri, 29 Aug 2014 12:06:13 +0000
- Subject: [Bug localedata/17325] iconv from ccsid 937 to utf-8 access invalid memory
- Auto-submitted: auto-generated
- References: <bug-17325-716 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=17325
--- Comment #2 from Adhemerval Zanella Netto <azanella at linux dot vnet.ibm.com> ---
I must confess I didn't pay much attention in my first analysis. And I agree
with your evaluation: if ch is 0xffff is a out of the bound access.
I have changed the patch to check for 0xffff and also found other possible
susceptible encodings. I have place the test with others sanity ones to
simplify the code. What do you think?
diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c
index 0b5484f..21f71bd 100644
--- a/iconvdata/ibm1364.c
+++ b/iconvdata/ibm1364.c
@@ -222,6 +222,7 @@ enum
\
uint32_t res; \
if (__builtin_expect (ch < rp2->start, 0) \
+ || __builtin_expect (ch == 0xffff, 0) \
|| (res = DB_TO_UCS4[ch + rp2->idx], \
__builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
{ \
diff --git a/iconvdata/ibm930.c b/iconvdata/ibm930.c
index 768a444..72f4afe 100644
--- a/iconvdata/ibm930.c
+++ b/iconvdata/ibm930.c
@@ -165,6 +165,7 @@ enum
\
if (__builtin_expect (rp2->start == 0xffff, 0) \
|| __builtin_expect (ch < rp2->start, 0) \
+ || __builtin_expect (ch == 0xffff, 0) \
|| (res = __ibm930db_to_ucs4[ch + rp2->idx], \
__builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
{ \
diff --git a/iconvdata/ibm932.c b/iconvdata/ibm932.c
index f5dca59..57ac293 100644
--- a/iconvdata/ibm932.c
+++ b/iconvdata/ibm932.c
@@ -79,6 +79,7 @@
\
if (__builtin_expect (rp2 == NULL, 0) \
|| __builtin_expect (ch < rp2->start, 0) \
+ || __builtin_expect (ch == 0xffff, 0) \
|| (res = __ibm932db_to_ucs4[ch + rp2->idx], \
__builtin_expect (res, '\1') == 0 && ch !=0)) \
{ \
diff --git a/iconvdata/ibm933.c b/iconvdata/ibm933.c
index f46dfb5..633ed8f 100644
--- a/iconvdata/ibm933.c
+++ b/iconvdata/ibm933.c
@@ -164,6 +164,7 @@ enum
\
if (__builtin_expect (rp2 == NULL, 0) \
|| __builtin_expect (ch < rp2->start, 0) \
+ || __builtin_expect (ch == 0xffff, 0) \
|| (res = __ibm933db_to_ucs4[ch + rp2->idx], \
__builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
{ \
diff --git a/iconvdata/ibm935.c b/iconvdata/ibm935.c
index a8e4e6c..d00edd0 100644
--- a/iconvdata/ibm935.c
+++ b/iconvdata/ibm935.c
@@ -164,6 +164,7 @@ enum
\
if (__builtin_expect (rp2 == NULL, 0) \
|| __builtin_expect (ch < rp2->start, 0) \
+ || __builtin_expect (ch == 0xffff, 0) \
|| (res = __ibm935db_to_ucs4[ch + rp2->idx], \
__builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
{ \
diff --git a/iconvdata/ibm937.c b/iconvdata/ibm937.c
index 239be61..6dff7a2 100644
--- a/iconvdata/ibm937.c
+++ b/iconvdata/ibm937.c
@@ -164,6 +164,7 @@ enum
\
if (__builtin_expect (rp2 == NULL, 0) \
|| __builtin_expect (ch < rp2->start, 0) \
+ || __builtin_expect (ch == 0xffff, 0) \
|| (res = __ibm937db_to_ucs4[ch + rp2->idx], \
__builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
{ \
diff --git a/iconvdata/ibm939.c b/iconvdata/ibm939.c
index 5d0db36..c46758c 100644
--- a/iconvdata/ibm939.c
+++ b/iconvdata/ibm939.c
@@ -164,6 +164,7 @@ enum
\
if (__builtin_expect (rp2 == NULL, 0) \
|| __builtin_expect (ch < rp2->start, 0) \
+ || __builtin_expect (ch == 0xffff, 0) \
|| (res = __ibm939db_to_ucs4[ch + rp2->idx], \
__builtin_expect (res, L'\1') == L'\0' && ch != '\0')) \
{ \
diff --git a/iconvdata/ibm943.c b/iconvdata/ibm943.c
index be0c14f..e2e8ef5 100644
--- a/iconvdata/ibm943.c
+++ b/iconvdata/ibm943.c
@@ -80,6 +80,7 @@
\
if (__builtin_expect (rp2 == NULL, 0) \
|| __builtin_expect (ch < rp2->start, 0) \
+ || __builtin_expect (ch == 0xffff, 0) \
|| (res = __ibm943db_to_ucs4[ch + rp2->idx], \
__builtin_expect (res, '\1') == 0 && ch !=0)) \
{ \
--
You are receiving this mail because:
You are on the CC list for the bug.