logo

oasis

Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>) git clone https://anongit.hacktivis.me/git/oasis.git

0004-iconv-harden-UTF-8-output-code-path-against-input-de.patch (1368B)


  1. From aa8be5038707f4b1a79612d16f7117445dbd5a12 Mon Sep 17 00:00:00 2001
  2. From: Rich Felker <dalias@aerifal.cx>
  3. Date: Wed, 12 Feb 2025 17:06:30 -0500
  4. Subject: [PATCH] iconv: harden UTF-8 output code path against input decoder
  5. bugs
  6. the UTF-8 output code was written assuming an invariant that iconv's
  7. decoders only emit valid Unicode Scalar Values which wctomb can encode
  8. successfully, thereby always returning a value between 1 and 4.
  9. if this invariant is not satisfied, wctomb returns (size_t)-1, and the
  10. subsequent adjustments to the output buffer pointer and remaining
  11. output byte count overflow, moving the output position backwards,
  12. potentially past the beginning of the buffer, without storing any
  13. bytes.
  14. ---
  15. src/locale/iconv.c | 4 ++++
  16. 1 file changed, 4 insertions(+)
  17. diff --git a/src/locale/iconv.c b/src/locale/iconv.c
  18. index 25743a20..3dd9fd90 100644
  19. --- a/src/locale/iconv.c
  20. +++ b/src/locale/iconv.c
  21. @@ -538,6 +538,10 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
  22. if (*outb < k) goto toobig;
  23. memcpy(*out, tmp, k);
  24. } else k = wctomb_utf8(*out, c);
  25. + /* This failure condition should be unreachable, but
  26. + * is included to prevent decoder bugs from translating
  27. + * into advancement outside the output buffer range. */
  28. + if (k>4) goto ilseq;
  29. *out += k;
  30. *outb -= k;
  31. break;
  32. --
  33. 2.45.2