Fix out-of-bounds access in IBM-1360 converter

Message ID mvmlga022dh.fsf@suse.de
State New
Headers show
Series
  • Fix out-of-bounds access in IBM-1360 converter
Related show

Commit Message

Andreas Schwab July 24, 2018, 1:24 p.m.
The IBM-1360 converter can consume/produce two UCS4 characters in each
loop.

	* iconvdata/ibm1364.c (MAX_NEEDED_OUTPUT) [FROM_LOOP]: Define.
	(MAX_NEEDED_INPUT) [TO_LOOP]: Define.
---
 iconvdata/ibm1364.c | 2 ++
 1 file changed, 2 insertions(+)

-- 
2.18.0


-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

Comments

Jeff Law July 24, 2018, 2:27 p.m. | #1
On 07/24/2018 07:24 AM, Andreas Schwab wrote:
> The IBM-1360 converter can consume/produce two UCS4 characters in each

> loop.

> 

> 	* iconvdata/ibm1364.c (MAX_NEEDED_OUTPUT) [FROM_LOOP]: Define.

> 	(MAX_NEEDED_INPUT) [TO_LOOP]: Define.

Yes, that fixes the problem.  Thanks!

jeff
Carlos O'Donell July 24, 2018, 3:50 p.m. | #2
On 07/24/2018 09:24 AM, Andreas Schwab wrote:
> The IBM-1360 converter can consume/produce two UCS4 characters in each

> loop.

> 

> 	* iconvdata/ibm1364.c (MAX_NEEDED_OUTPUT) [FROM_LOOP]: Define.

> 	(MAX_NEEDED_INPUT) [TO_LOOP]: Define.


Confirmed. In both ibm1390 and ibm1399 we have combining characters
which are two UCS4 characters, and in that case we need 8 bytes in
the output.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>


> ---

>  iconvdata/ibm1364.c | 2 ++

>  1 file changed, 2 insertions(+)

> 

> diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c

> index b833273aa8..517fe60813 100644

> --- a/iconvdata/ibm1364.c

> +++ b/iconvdata/ibm1364.c

> @@ -150,6 +150,7 @@ enum

>  #define MIN_NEEDED_INPUT  	MIN_NEEDED_FROM

>  #define MAX_NEEDED_INPUT  	MAX_NEEDED_FROM

>  #define MIN_NEEDED_OUTPUT 	MIN_NEEDED_TO

> +#define MAX_NEEDED_OUTPUT 	MAX_NEEDED_TO

>  #define LOOPFCT 		FROM_LOOP

>  #define BODY \

>    {									      \

> @@ -296,6 +297,7 @@ enum

>  

>  /* Next, define the other direction.  */

>  #define MIN_NEEDED_INPUT	MIN_NEEDED_TO

> +#define MAX_NEEDED_INPUT  	MAX_NEEDED_TO

>  #define MIN_NEEDED_OUTPUT	MIN_NEEDED_FROM

>  #define MAX_NEEDED_OUTPUT	MAX_NEEDED_FROM

>  #define LOOPFCT			TO_LOOP

>

Patch

diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c
index b833273aa8..517fe60813 100644
--- a/iconvdata/ibm1364.c
+++ b/iconvdata/ibm1364.c
@@ -150,6 +150,7 @@  enum
 #define MIN_NEEDED_INPUT  	MIN_NEEDED_FROM
 #define MAX_NEEDED_INPUT  	MAX_NEEDED_FROM
 #define MIN_NEEDED_OUTPUT 	MIN_NEEDED_TO
+#define MAX_NEEDED_OUTPUT 	MAX_NEEDED_TO
 #define LOOPFCT 		FROM_LOOP
 #define BODY \
   {									      \
@@ -296,6 +297,7 @@  enum
 
 /* Next, define the other direction.  */
 #define MIN_NEEDED_INPUT	MIN_NEEDED_TO
+#define MAX_NEEDED_INPUT  	MAX_NEEDED_TO
 #define MIN_NEEDED_OUTPUT	MIN_NEEDED_FROM
 #define MAX_NEEDED_OUTPUT	MAX_NEEDED_FROM
 #define LOOPFCT			TO_LOOP