首頁 探索 說明
登入
hongwenjun
/
musl
镜像来自 https://git.musl-libc.org/git/musl
1
0
複刻 0
Files 問題管理 0 Wiki
瀏覽代碼

iconv: fix erroneous input validation in EUC-KR decoder

as a result of incorrect bounds checking on the lead byte being
decoded, certain invalid inputs which should produce an encoding
error, such as "\xc8\x41", instead produced out-of-bounds loads from
the ksc table.

in a worst case, the loaded value may not be a valid unicode scalar
value, in which case, if the output encoding was UTF-8, wctomb would
return (size_t)-1, causing an overflow in the output pointer and
remaining buffer size which could clobber memory outside of the output
buffer.

bug report was submitted in private by Nick Wellnhofer on account of
potential security implications.
Rich Felker 1 月之前
父節點
5e594aeabf
當前提交
e5adcd97b5
共有 1 個文件被更改,包括 1 次插入1 次删除
分割檢視 顯示文件統計
  1. 1 1
      src/locale/iconv.c

+ 1 - 1
src/locale/iconv.c
查看文件 

@@ -502,7 +502,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
 
 			if (c >= 93 || d >= 94) {
 
 				c += (0xa1-0x81);
 
 				d += 0xa1;
 
-				if (c >= 93 || c>=0xc6-0x81 && d>0x52)
 
+				if (c > 0xc6-0x81 || c==0xc6-0x81 && d>0x52)
 
 					goto ilseq;
 
 				if (d-'A'<26) d = d-'A';
 
 				else if (d-'a'<26) d = d-'a'+26;