fix iconv buffer overflow converting to legacy JIS-based encodings

maintainer's notes:

commit a223dbd27ae36fe53f9f67f86caf685b729593fc added the reverse
conversions to JIS-based encodings, but omitted the check for remining
buffer space in the case where the next character to be written was
single-byte, allowing conversion to continue past the end of the
destination buffer.

diff --git a/src/locale/iconv.c b/src/locale/iconv.c
index d469856c992943b52cd415775c23991450377e37..3c1f4dd26f40b23979b11a7fcb5c8713ed450c6b 100644 (file)
--- a/src/locale/iconv.c
+++ b/src/locale/iconv.c
@@ -539,6 +539,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
                        if (*outb < 1) goto toobig;
                        if (c<256 && c==legacy_map(tomap, c)) {
                        revout:
+                               if (*outb < 1) goto toobig;
                                *(*out)++ = c;
                                *outb -= 1;
                                break;