about summary refs log tree commit diff
path: root/iconvdata/euc-kr.c
diff options
context:
space:
mode:
authorAndreas Schwab <schwab@suse.de>2020-12-21 08:56:43 +0530
committerSiddhesh Poyarekar <siddhesh@sourceware.org>2020-12-21 09:01:49 +0530
commitee7a3144c9922808181009b7b3e50e852fb4999b (patch)
tree4c9e861a026de572bf26f6e07986390c06a40407 /iconvdata/euc-kr.c
parente0aec6c83374286ffac44ee1b0e628894b7102e3 (diff)
downloadglibc-ee7a3144c9922808181009b7b3e50e852fb4999b.tar.gz
glibc-ee7a3144c9922808181009b7b3e50e852fb4999b.tar.xz
glibc-ee7a3144c9922808181009b7b3e50e852fb4999b.zip
Fix buffer overrun in EUC-KR conversion module (bz #24973)
The byte 0xfe as input to the EUC-KR conversion denotes a user-defined
area and is not allowed.  The from_euc_kr function used to skip two bytes
when told to skip over the unknown designation, potentially running over
the buffer end.
Diffstat (limited to 'iconvdata/euc-kr.c')
-rw-r--r--iconvdata/euc-kr.c6
1 files changed, 1 insertions, 5 deletions
diff --git a/iconvdata/euc-kr.c b/iconvdata/euc-kr.c
index b0d56cf3ee..1045bae926 100644
--- a/iconvdata/euc-kr.c
+++ b/iconvdata/euc-kr.c
@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned char *cp)
 									      \
     if (ch <= 0x9f)							      \
       ++inptr;								      \
-    /* 0xfe(->0x7e : row 94) and 0xc9(->0x59 : row 41) are		      \
-       user-defined areas.  */						      \
-    else if (__builtin_expect (ch == 0xa0, 0)				      \
-	     || __builtin_expect (ch > 0xfe, 0)				      \
-	     || __builtin_expect (ch == 0xc9, 0))			      \
+    else if (__glibc_unlikely (ch == 0xa0))				      \
       {									      \
 	/* This is illegal.  */						      \
 	STANDARD_FROM_LOOP_ERR_HANDLER (1);				      \