diff options
author | Rich Felker <dalias@aerifal.cx> | 2024-03-02 15:01:18 -0500 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2024-03-02 22:17:49 -0500 |
commit | 7ada6dde6f9dc6a2836c3d92c2f762d35fd229e0 (patch) | |
tree | a9fb539bb6553839248f8bce59ecea0a3e3a2b38 | |
parent | fd7d018521115f2674bf85cbccaf745852b9ed3a (diff) | |
download | musl-7ada6dde6f9dc6a2836c3d92c2f762d35fd229e0.zip musl-7ada6dde6f9dc6a2836c3d92c2f762d35fd229e0.tar.gz musl-7ada6dde6f9dc6a2836c3d92c2f762d35fd229e0.tar.bz2 |
iconv: fix missing bounds checking for shift_jis decoding
the jis0208 table we use is only 84x94 in size, but the shift_jis
encoding supports a 94x94 grid. attempts to convert sequences outside
of the supported zone resulted in out-of-bounds table reads,
misinterpreting adjacent rodata as part of the character table and
thereby converting these sequences to unexpected characters.
-rw-r--r-- | src/locale/iconv.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/locale/iconv.c b/src/locale/iconv.c index 4b7967a..7fb2e1e 100644 --- a/src/locale/iconv.c +++ b/src/locale/iconv.c @@ -340,6 +340,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri c++; d -= 159; } + if (c>=84) goto ilseq; c = jis0208[c][d]; if (!c) goto ilseq; break; |