ports/143575: [Patch] converters/libiconv: Fix an endless loop in the conversion to wchar_t
Natacha PORTE
natbsd at instinctive.eu
Fri Feb 5 14:00:15 UTC 2010
>Number: 143575
>Category: ports
>Synopsis: [Patch] converters/libiconv: Fix an endless loop in the conversion to wchar_t
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri Feb 05 14:00:11 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Natacha PORTE
>Release: FreeBSD 7.2-RELEASE-p4 i386
>Organization:
>Environment:
System: FreeBSD sigil.instinctive.eu 7.2-RELEASE-p4 FreeBSD 7.2-RELEASE-p4 #2 r200055: Thu Dec 3 16:42:18 CET 2009 nat at sigil.instinctive.eu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
UTF-8 to wchar_t conversion of an input ending with an incomplete multibyte sequence triggered an endless loop.
newsbeuter triggered this bug quite often.
>How-To-Repeat:
>Fix:
This has been fixed upstream:
http://git.savannah.gnu.org/cgit/libiconv.git/commit/?id=2cf3ee65d04ac4e41e29aa7526361ec3f20f5e29
The attached patch is a chopped out version of this commit, keeping the actual fix while leaving test, news and whatever looked like possibly troublesome to apply.
--- patch-endless-wchar_t-loop begins here ---
--- lib/loop_wchar.h
+++ lib/loop_wchar.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2000-2002, 2005-2006, 2008 Free Software Foundation, Inc.
+ * Copyright (C) 2000-2002, 2005-2006, 2008-2009 Free Software Foundation, Inc.
* This file is part of the GNU LIBICONV Library.
*
* The GNU LIBICONV Library is free software; you can redistribute it
@@ -321,7 +321,8 @@ static size_t wchar_to_loop_convert (iconv_t icd,
size_t result = 0;
while (*inbytesleft > 0) {
size_t incount;
- for (incount = 1; incount <= *inbytesleft; incount++) {
+ for (incount = 1; ; ) {
+ /* Here incount <= *inbytesleft. */
char buf[BUF_SIZE];
const char* inptr = *inbuf;
size_t inleft = incount;
@@ -403,6 +404,12 @@ static size_t wchar_to_loop_convert (iconv_t icd,
break;
}
}
+ incount++;
+ if (incount > *inbytesleft) {
+ /* Incomplete input. */
+ errno = EINVAL;
+ return -1;
+ }
}
}
return result;
--- patch-endless-wchar_t-loop ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list