about summary refs log tree commit diff
diff options
context:
space:
mode:
authorJakub Jelinek <jakub@redhat.com>2005-05-20 09:53:27 +0000
committerJakub Jelinek <jakub@redhat.com>2005-05-20 09:53:27 +0000
commit2cc5f1a08ad6ec3753f621564400d7924d0a4fdc (patch)
treeaa4ba93a0c58dba3a6c3ec34a2e36d72fc1447a5
parent31f622b5c7ea544de23cfb85f0023069b613a8d5 (diff)
downloadglibc-2cc5f1a08ad6ec3753f621564400d7924d0a4fdc.tar.gz
glibc-2cc5f1a08ad6ec3753f621564400d7924d0a4fdc.tar.xz
glibc-2cc5f1a08ad6ec3753f621564400d7924d0a4fdc.zip
[BZ #955]
	* iconvdata/ibm939.c (BODY): Avoid segfaults with input characters
	<UFFFF> and above.
-rw-r--r--ChangeLog6
-rw-r--r--iconvdata/ibm939.c18
2 files changed, 14 insertions, 10 deletions
diff --git a/ChangeLog b/ChangeLog
index bfce84436a..6b0cc05dda 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2005-05-19  Jakub Jelinek  <jakub@redhat.com>
+
+	[BZ #955]
+	* iconvdata/ibm939.c (BODY): Avoid segfaults with input characters
+	<UFFFF> and above.
+
 2005-05-17  Neal H. Walfield  <neal@gnu.org>
 
 	* sysdeps/posix/getaddrinfo.c (gaih_local): Check [_HAVE_SA_LEN]
diff --git a/iconvdata/ibm939.c b/iconvdata/ibm939.c
index aae08ba3d1..50b083f492 100644
--- a/iconvdata/ibm939.c
+++ b/iconvdata/ibm939.c
@@ -1,5 +1,5 @@
 /* Conversion to and from IBM939.
-   Copyright (C) 2000-2002 Free Software Foundation, Inc.
+   Copyright (C) 2000-2002, 2005 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Masahide Washizawa <washi@yamato.ibm.co.jp>, 2000.
 
@@ -200,16 +200,14 @@ enum
     if (__builtin_expect (ch >= 0xffff, 0))				      \
       {									      \
 	UNICODE_TAG_HANDLER (ch, 4);					      \
-	rp1 = NULL;							      \
-	rp2 = NULL;							      \
+	goto ibm939_invalid_char;					      \
       }									      \
-    else								      \
-      while (ch > rp1->end)						      \
-	++rp1;								      \
+									      \
+    while (ch > rp1->end)						      \
+      ++rp1;								      \
 									      \
     /* Use the UCS4 table for single byte.  */				      \
-    if (__builtin_expect (rp1 == NULL, 0)				      \
-	|| __builtin_expect (ch < rp1->start, 0)			      \
+    if (__builtin_expect (ch < rp1->start, 0)				      \
 	|| (cp = __ucs4_to_ibm939sb[ch + rp1->idx],			      \
 	    __builtin_expect (cp[0], L'\1') == L'\0' && ch != '\0'))	      \
       {									      \
@@ -217,12 +215,12 @@ enum
 	while (ch > rp2->end)						      \
 	  ++rp2;							      \
 									      \
-	if (__builtin_expect (rp2 == NULL, 0)				      \
-	    || __builtin_expect (ch < rp2->start, 0)			      \
+	if (__builtin_expect (ch < rp2->start, 0)			      \
 	    || (cp = __ucs4_to_ibm939db[ch + rp2->idx],			      \
 		__builtin_expect (cp[0], L'\1')==L'\0' && ch != '\0'))	      \
 	  {								      \
 	    /* This is an illegal character.  */			      \
+	  ibm939_invalid_char:						      \
 	    STANDARD_TO_LOOP_ERR_HANDLER (4);				      \
 	  }								      \
 	else								      \