projects
/
musl
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fix undefined behavior in getdelim via null pointer arithmetic and memcpy
[musl]
/
src
/
locale
/
iconv.c
diff --git
a/src/locale/iconv.c
b/src/locale/iconv.c
index
c5dd122
..
3047c27
100644
(file)
--- a/
src/locale/iconv.c
+++ b/
src/locale/iconv.c
@@
-458,16
+458,24
@@
size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
* range in the hkscs table then hard-coded
* here. Ugly, yes. */
if (c/256 == 0xdc) {
* range in the hkscs table then hard-coded
* here. Ugly, yes. */
if (c/256 == 0xdc) {
- if (totype-0300U > 8) k = 2;
- else k = "\10\4\4\10\4\4\10\2\4"[totype-0300];
- if (k > *outb) goto toobig;
- x += iconv(combine_to_from(to, 0),
+ union {
+ char c[8];
+ wchar_t wc[2];
+ } tmp;
+ char *ptmp = tmp.c;
+ size_t tmpx = iconv(combine_to_from(to, find_charmap("utf8")),
&(char *){"\303\212\314\204"
"\303\212\314\214"
"\303\252\314\204"
"\303\252\314\214"
+c%256}, &(size_t){4},
&(char *){"\303\212\314\204"
"\303\212\314\214"
"\303\252\314\204"
"\303\252\314\214"
+c%256}, &(size_t){4},
- out, outb);
+ &ptmp, &(size_t){sizeof tmp});
+ size_t tmplen = ptmp - tmp.c;
+ if (tmplen > *outb) goto toobig;
+ if (tmpx) x++;
+ memcpy(*out, &tmp, tmplen);
+ *out += tmplen;
+ *outb -= tmplen;
continue;
}
if (!c) goto ilseq;
continue;
}
if (!c) goto ilseq;
@@
-539,6
+547,7
@@
size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
if (*outb < 1) goto toobig;
if (c<256 && c==legacy_map(tomap, c)) {
revout:
if (*outb < 1) goto toobig;
if (c<256 && c==legacy_map(tomap, c)) {
revout:
+ if (*outb < 1) goto toobig;
*(*out)++ = c;
*outb -= 1;
break;
*(*out)++ = c;
*outb -= 1;
break;
@@
-630,7
+639,7
@@
size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
case UTF_16:
case UTF_16BE:
case UTF_16LE:
case UTF_16:
case UTF_16BE:
case UTF_16LE:
- if (c < 0x10000 || type-UCS2BE < 2U) {
+ if (c < 0x10000 || t
ot
ype-UCS2BE < 2U) {
if (c >= 0x10000) c = 0xFFFD;
if (*outb < 2) goto toobig;
put_16((void *)*out, c, totype);
if (c >= 0x10000) c = 0xFFFD;
if (*outb < 2) goto toobig;
put_16((void *)*out, c, totype);
@@
-645,6
+654,8
@@
size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
*out += 4;
*outb -= 4;
break;
*out += 4;
*outb -= 4;
break;
+ case UTF_32:
+ totype = UTF_32BE;
case UTF_32BE:
case UTF_32LE:
if (*outb < 4) goto toobig;
case UTF_32BE:
case UTF_32LE:
if (*outb < 4) goto toobig;