diff mbox

Fix out-of-bounds access in IBM-1360 converter

Message ID	mvmlga022dh.fsf@suse.de
State	Committed
Commit	21526a507df8f1b2e37492193a754534d8938c0b
Headers	Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk Sender: libc-alpha-owner@sourceware.org From: Andreas Schwab <schwab@suse.de> To: libc-alpha <libc-alpha@sourceware.org> Cc: Jeff Law <law@redhat.com>, Martin Sebor <msebor@gmail.com> Subject: [PATCH] Fix out-of-bounds access in IBM-1360 converter References: <4012c914-e051-3f6c-f604-555de0db8c69@redhat.com> Date: Tue, 24 Jul 2018 15:24:10 +0200 In-Reply-To: <4012c914-e051-3f6c-f604-555de0db8c69@redhat.com> (Jeff Law's message of "Mon, 23 Jul 2018 21:40:44 -0600") Message-ID: <mvmlga022dh.fsf@suse.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain

Commit Message

Andreas Schwab July 24, 2018, 1:24 p.m. UTC

  The IBM-1360 converter can consume/produce two UCS4 characters in each
loop.

	* iconvdata/ibm1364.c (MAX_NEEDED_OUTPUT) [FROM_LOOP]: Define.
	(MAX_NEEDED_INPUT) [TO_LOOP]: Define.
---
 iconvdata/ibm1364.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Jeff Law July 24, 2018, 2:27 p.m. UTC | #1

On 07/24/2018 07:24 AM, Andreas Schwab wrote:
> The IBM-1360 converter can consume/produce two UCS4 characters in each
> loop.
> 
> 	* iconvdata/ibm1364.c (MAX_NEEDED_OUTPUT) [FROM_LOOP]: Define.
> 	(MAX_NEEDED_INPUT) [TO_LOOP]: Define.
Yes, that fixes the problem.  Thanks!

jeff

Carlos O'Donell July 24, 2018, 3:50 p.m. UTC | #2

On 07/24/2018 09:24 AM, Andreas Schwab wrote:
> The IBM-1360 converter can consume/produce two UCS4 characters in each
> loop.
> 
> 	* iconvdata/ibm1364.c (MAX_NEEDED_OUTPUT) [FROM_LOOP]: Define.
> 	(MAX_NEEDED_INPUT) [TO_LOOP]: Define.

Confirmed. In both ibm1390 and ibm1399 we have combining characters
which are two UCS4 characters, and in that case we need 8 bytes in
the output.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

> ---
>  iconvdata/ibm1364.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c
> index b833273aa8..517fe60813 100644
> --- a/iconvdata/ibm1364.c
> +++ b/iconvdata/ibm1364.c
> @@ -150,6 +150,7 @@ enum
>  #define MIN_NEEDED_INPUT  	MIN_NEEDED_FROM
>  #define MAX_NEEDED_INPUT  	MAX_NEEDED_FROM
>  #define MIN_NEEDED_OUTPUT 	MIN_NEEDED_TO
> +#define MAX_NEEDED_OUTPUT 	MAX_NEEDED_TO
>  #define LOOPFCT 		FROM_LOOP
>  #define BODY \
>    {									      \
> @@ -296,6 +297,7 @@ enum
>  
>  /* Next, define the other direction.  */
>  #define MIN_NEEDED_INPUT	MIN_NEEDED_TO
> +#define MAX_NEEDED_INPUT  	MAX_NEEDED_TO
>  #define MIN_NEEDED_OUTPUT	MIN_NEEDED_FROM
>  #define MAX_NEEDED_OUTPUT	MAX_NEEDED_FROM
>  #define LOOPFCT			TO_LOOP
>

diff mbox

Patch

diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c
index b833273aa8..517fe60813 100644
--- a/iconvdata/ibm1364.c
+++ b/iconvdata/ibm1364.c
@@ -150,6 +150,7 @@  enum
 #define MIN_NEEDED_INPUT  	MIN_NEEDED_FROM
 #define MAX_NEEDED_INPUT  	MAX_NEEDED_FROM
 #define MIN_NEEDED_OUTPUT 	MIN_NEEDED_TO
+#define MAX_NEEDED_OUTPUT 	MAX_NEEDED_TO
 #define LOOPFCT 		FROM_LOOP
 #define BODY \
   {									      \
@@ -296,6 +297,7 @@  enum
 
 /* Next, define the other direction.  */
 #define MIN_NEEDED_INPUT	MIN_NEEDED_TO
+#define MAX_NEEDED_INPUT  	MAX_NEEDED_TO
 #define MIN_NEEDED_OUTPUT	MIN_NEEDED_FROM
 #define MAX_NEEDED_OUTPUT	MAX_NEEDED_FROM
 #define LOOPFCT			TO_LOOP