diff options
author | Andreas Schwab <schwab@suse.de> | 2020-12-21 08:56:43 +0530 |
---|---|---|
committer | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2020-12-21 09:01:49 +0530 |
commit | ee7a3144c9922808181009b7b3e50e852fb4999b (patch) | |
tree | 4c9e861a026de572bf26f6e07986390c06a40407 /iconvdata/ksc5601.h | |
parent | e0aec6c83374286ffac44ee1b0e628894b7102e3 (diff) | |
download | glibc-ee7a3144c9922808181009b7b3e50e852fb4999b.zip glibc-ee7a3144c9922808181009b7b3e50e852fb4999b.tar.gz glibc-ee7a3144c9922808181009b7b3e50e852fb4999b.tar.bz2 |
Fix buffer overrun in EUC-KR conversion module (bz #24973)
The byte 0xfe as input to the EUC-KR conversion denotes a user-defined
area and is not allowed. The from_euc_kr function used to skip two bytes
when told to skip over the unknown designation, potentially running over
the buffer end.
Diffstat (limited to 'iconvdata/ksc5601.h')
-rw-r--r-- | iconvdata/ksc5601.h | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/iconvdata/ksc5601.h b/iconvdata/ksc5601.h index d3eb3a4..f5cdc72 100644 --- a/iconvdata/ksc5601.h +++ b/iconvdata/ksc5601.h @@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s, size_t avail, unsigned char offset) unsigned char ch2; int idx; + if (avail < 2) + return 0; + /* row 94(0x7e) and row 41(0x49) are user-defined area in KS C 5601 */ if (ch < offset || (ch - offset) <= 0x20 || (ch - offset) >= 0x7e || (ch - offset) == 0x49) return __UNKNOWN_10646_CHAR; - if (avail < 2) - return 0; - ch2 = (*s)[1]; if (ch2 < offset || (ch2 - offset) <= 0x20 || (ch2 - offset) >= 0x7f) return __UNKNOWN_10646_CHAR; |