CVE-2014-6040: Crashes on invalid input in IBM gconv modules [BZ #17325]

These changes are based on the fix for BZ #14134 in commit 6e230d11837f3ae7b375ea69d7905f0d18eb79e5.
author: Florian Weimer <fweimer@redhat.com> 2014-09-03 19:45:43 +0200
committer: Florian Weimer <fweimer@redhat.com> 2014-09-03 19:46:42 +0200
commit: 41488498b6d9440ee66ab033808cce8323bba7ac (patch)
tree: c71261df9fe5e8fbd7193181e7a1ca8160cfa6bb /iconvdata/ibm932.c
parent: a78b712d405b55405b425e9b1453745615483003 (diff)
download: glibc-41488498b6d9440ee66ab033808cce8323bba7ac.tar.gz
glibc-41488498b6d9440ee66ab033808cce8323bba7ac.tar.xz
glibc-41488498b6d9440ee66ab033808cce8323bba7ac.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/iconvdata/ibm932.c b/iconvdata/ibm932.c
index f5dca59ac7..aa69d651a7 100644
--- a/iconvdata/ibm932.c
+++ b/iconvdata/ibm932.c
@@ -74,11 +74,12 @@
 	  }								      \
 									      \
 	ch = (ch * 0x100) + inptr[1];					      \
+	/* ch was less than 0xfd.  */					      \
+	assert (ch < 0xfd00);						      \
 	while (ch > rp2->end)						      \
 	  ++rp2;							      \
 									      \
-	if (__builtin_expect (rp2 == NULL, 0)				      \
-	    || __builtin_expect (ch < rp2->start, 0)			      \
+	if (__builtin_expect (ch < rp2->start, 0)			      \
 	    || (res = __ibm932db_to_ucs4[ch + rp2->idx],		      \
 	    __builtin_expect (res, '\1') == 0 && ch !=0))		      \
 	  {								      \
author	Florian Weimer <fweimer@redhat.com>	2014-09-03 19:45:43 +0200
committer	Florian Weimer <fweimer@redhat.com>	2014-09-03 19:46:42 +0200
commit	41488498b6d9440ee66ab033808cce8323bba7ac (patch)
tree	c71261df9fe5e8fbd7193181e7a1ca8160cfa6bb /iconvdata/ibm932.c
parent	a78b712d405b55405b425e9b1453745615483003 (diff)
download	glibc-41488498b6d9440ee66ab033808cce8323bba7ac.tar.gz glibc-41488498b6d9440ee66ab033808cce8323bba7ac.tar.xz glibc-41488498b6d9440ee66ab033808cce8323bba7ac.zip