Fix off-by-one OOB write in iconv/tst-iconv-mt

The iconv buffer sizes must not include the \0 string terminator. When \0 cannot be part of a valid character encoding glibc iconv would copy it to the output as expected, but then later the explicit output termination with *outbufpos = '\0' is out of bounds.
author: Szabolcs Nagy <szabolcs.nagy@arm.com> 2022-09-26 15:38:19 +0100
committer: Szabolcs Nagy <szabolcs.nagy@arm.com> 2022-11-22 14:24:26 +0000
commit: 44d649d3c4051391782d8c893004dd7efec2ce70 (patch)
tree: 8d2ae29d6299b7baa81c8905e4bbafe3ba10eb48
parent: 4054cc2093279d68092104b3f8c059b81cceb776 (diff)
download: glibc-44d649d3c4051391782d8c893004dd7efec2ce70.tar.gz
glibc-44d649d3c4051391782d8c893004dd7efec2ce70.tar.xz
glibc-44d649d3c4051391782d8c893004dd7efec2ce70.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/iconv/tst-iconv-mt.c b/iconv/tst-iconv-mt.c
index daaebd273b..0320885c06 100644
--- a/iconv/tst-iconv-mt.c
+++ b/iconv/tst-iconv-mt.c
@@ -58,11 +58,11 @@ worker (void * arg)
 
   char ascii[] = CONV_INPUT;
   char *inbufpos = ascii;
-  size_t inbytesleft = sizeof (CONV_INPUT);
+  size_t inbytesleft = sizeof (CONV_INPUT) - 1;
 
   char *utf8 = xcalloc (sizeof (CONV_INPUT), 1);
   char *outbufpos = utf8;
-  size_t outbytesleft = sizeof (CONV_INPUT);
+  size_t outbytesleft = sizeof (CONV_INPUT) - 1;
 
   if (tidx < TCOUNT/2)
     /* The first half of the worker thread pool synchronize together here,
author	Szabolcs Nagy <szabolcs.nagy@arm.com>	2022-09-26 15:38:19 +0100
committer	Szabolcs Nagy <szabolcs.nagy@arm.com>	2022-11-22 14:24:26 +0000
commit	44d649d3c4051391782d8c893004dd7efec2ce70 (patch)
tree	8d2ae29d6299b7baa81c8905e4bbafe3ba10eb48
parent	4054cc2093279d68092104b3f8c059b81cceb776 (diff)
download	glibc-44d649d3c4051391782d8c893004dd7efec2ce70.tar.gz glibc-44d649d3c4051391782d8c893004dd7efec2ce70.tar.xz glibc-44d649d3c4051391782d8c893004dd7efec2ce70.zip