diff options
author | Rich Felker <dalias@aerifal.cx> | 2018-06-01 22:05:48 -0400 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2018-06-01 22:05:48 -0400 |
commit | 029c622a89bf8cc15fd9fd56e8e88465ca6130cf (patch) | |
tree | 0237b96514b34bbc10d6e08b676e5e0245eeb5ef /src/locale/iconv.c | |
parent | 165a1e37a570422c3f3f816a734bfea0366982e5 (diff) | |
download | musl-029c622a89bf8cc15fd9fd56e8e88465ca6130cf.tar.gz musl-029c622a89bf8cc15fd9fd56e8e88465ca6130cf.tar.bz2 musl-029c622a89bf8cc15fd9fd56e8e88465ca6130cf.tar.xz musl-029c622a89bf8cc15fd9fd56e8e88465ca6130cf.zip |
fix output size handling for multi-unicode-char big5-hkscs characters
since this iconv implementation's output is stateless, it's necessary
to know before writing anything to the output buffer whether the
conversion of the current input character will fit.
previously we used a hard-coded table of the output size needed for
each supported output encoding, but failed to update the table when
adding support for conversion to jis-based encodings and again when
adding separate encoding identifiers for implicit-endianness utf-16/32
and ucs-2/4 variants, resulting in out-of-bound table reads and
incorrect size checks. no buffer overflow was possible, but the
affected characters could be converted incorrectly, and iconv could
potentially produce an incorrect return value as a result.
remove the hard-coded table, and instead perform the recursive iconv
conversion to a temporary buffer, measuring the output size and
transferring it to the actual output buffer only if the whole
converted result fits.
Diffstat (limited to 'src/locale/iconv.c')
-rw-r--r-- | src/locale/iconv.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/src/locale/iconv.c b/src/locale/iconv.c index 05d42095..3047c27b 100644 --- a/src/locale/iconv.c +++ b/src/locale/iconv.c @@ -458,16 +458,24 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri * range in the hkscs table then hard-coded * here. Ugly, yes. */ if (c/256 == 0xdc) { - if (totype-0300U > 8) k = 2; - else k = "\10\4\4\10\4\4\10\2\4"[totype-0300]; - if (k > *outb) goto toobig; - x += iconv(combine_to_from(to, find_charmap("utf8")), + union { + char c[8]; + wchar_t wc[2]; + } tmp; + char *ptmp = tmp.c; + size_t tmpx = iconv(combine_to_from(to, find_charmap("utf8")), &(char *){"\303\212\314\204" "\303\212\314\214" "\303\252\314\204" "\303\252\314\214" +c%256}, &(size_t){4}, - out, outb); + &ptmp, &(size_t){sizeof tmp}); + size_t tmplen = ptmp - tmp.c; + if (tmplen > *outb) goto toobig; + if (tmpx) x++; + memcpy(*out, &tmp, tmplen); + *out += tmplen; + *outb -= tmplen; continue; } if (!c) goto ilseq; |