diff options
| author | Andreas Schwab <schwab@suse.de> | 2020-12-21 08:56:43 +0530 |
|---|---|---|
| committer | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2020-12-21 09:01:49 +0530 |
| commit | ee7a3144c9922808181009b7b3e50e852fb4999b (patch) | |
| tree | 4c9e861a026de572bf26f6e07986390c06a40407 /iconvdata/euc-kr.c | |
| parent | e0aec6c83374286ffac44ee1b0e628894b7102e3 (diff) | |
| download | glibc-ee7a3144c9922808181009b7b3e50e852fb4999b.tar.gz glibc-ee7a3144c9922808181009b7b3e50e852fb4999b.tar.xz glibc-ee7a3144c9922808181009b7b3e50e852fb4999b.zip | |
Fix buffer overrun in EUC-KR conversion module (bz #24973)
The byte 0xfe as input to the EUC-KR conversion denotes a user-defined area and is not allowed. The from_euc_kr function used to skip two bytes when told to skip over the unknown designation, potentially running over the buffer end.
Diffstat (limited to 'iconvdata/euc-kr.c')
| -rw-r--r-- | iconvdata/euc-kr.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/iconvdata/euc-kr.c b/iconvdata/euc-kr.c index b0d56cf3ee..1045bae926 100644 --- a/iconvdata/euc-kr.c +++ b/iconvdata/euc-kr.c @@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned char *cp) \ if (ch <= 0x9f) \ ++inptr; \ - /* 0xfe(->0x7e : row 94) and 0xc9(->0x59 : row 41) are \ - user-defined areas. */ \ - else if (__builtin_expect (ch == 0xa0, 0) \ - || __builtin_expect (ch > 0xfe, 0) \ - || __builtin_expect (ch == 0xc9, 0)) \ + else if (__glibc_unlikely (ch == 0xa0)) \ { \ /* This is illegal. */ \ STANDARD_FROM_LOOP_ERR_HANDLER (1); \ |