From: Will Dietz Date: Tue, 1 May 2018 19:16:44 +0000 (-0500) Subject: fix iconv buffer overflow converting to legacy JIS-based encodings X-Git-Tag: v1.1.20~88 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=55a661ff5ec5c8192091ec0bd74424500761b08d;p=oweals%2Fmusl.git fix iconv buffer overflow converting to legacy JIS-based encodings maintainer's notes: commit a223dbd27ae36fe53f9f67f86caf685b729593fc added the reverse conversions to JIS-based encodings, but omitted the check for remining buffer space in the case where the next character to be written was single-byte, allowing conversion to continue past the end of the destination buffer. --- diff --git a/src/locale/iconv.c b/src/locale/iconv.c index d469856c..3c1f4dd2 100644 --- a/src/locale/iconv.c +++ b/src/locale/iconv.c @@ -539,6 +539,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri if (*outb < 1) goto toobig; if (c<256 && c==legacy_map(tomap, c)) { revout: + if (*outb < 1) goto toobig; *(*out)++ = c; *outb -= 1; break;