0004-iconv-harden-UTF-8-output-code-path-against-input-de.patch (1368B)
- From aa8be5038707f4b1a79612d16f7117445dbd5a12 Mon Sep 17 00:00:00 2001
- From: Rich Felker <dalias@aerifal.cx>
- Date: Wed, 12 Feb 2025 17:06:30 -0500
- Subject: [PATCH] iconv: harden UTF-8 output code path against input decoder
- bugs
- the UTF-8 output code was written assuming an invariant that iconv's
- decoders only emit valid Unicode Scalar Values which wctomb can encode
- successfully, thereby always returning a value between 1 and 4.
- if this invariant is not satisfied, wctomb returns (size_t)-1, and the
- subsequent adjustments to the output buffer pointer and remaining
- output byte count overflow, moving the output position backwards,
- potentially past the beginning of the buffer, without storing any
- bytes.
- ---
- src/locale/iconv.c | 4 ++++
- 1 file changed, 4 insertions(+)
- diff --git a/src/locale/iconv.c b/src/locale/iconv.c
- index 25743a20..3dd9fd90 100644
- --- a/src/locale/iconv.c
- +++ b/src/locale/iconv.c
- @@ -538,6 +538,10 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
- if (*outb < k) goto toobig;
- memcpy(*out, tmp, k);
- } else k = wctomb_utf8(*out, c);
- + /* This failure condition should be unreachable, but
- + * is included to prevent decoder bugs from translating
- + * into advancement outside the output buffer range. */
- + if (k>4) goto ilseq;
- *out += k;
- *outb -= k;
- break;
- --
- 2.45.2