diff options
| author | Andreas Schwab <schwab@suse.de> | 2020-12-21 08:56:43 +0530 |
|---|---|---|
| committer | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2020-12-21 09:01:49 +0530 |
| commit | ee7a3144c9922808181009b7b3e50e852fb4999b (patch) | |
| tree | 4c9e861a026de572bf26f6e07986390c06a40407 /iconvdata/ksc5601.h | |
| parent | e0aec6c83374286ffac44ee1b0e628894b7102e3 (diff) | |
| download | glibc-ee7a3144c9922808181009b7b3e50e852fb4999b.tar.gz glibc-ee7a3144c9922808181009b7b3e50e852fb4999b.tar.xz glibc-ee7a3144c9922808181009b7b3e50e852fb4999b.zip | |
Fix buffer overrun in EUC-KR conversion module (bz #24973)
The byte 0xfe as input to the EUC-KR conversion denotes a user-defined area and is not allowed. The from_euc_kr function used to skip two bytes when told to skip over the unknown designation, potentially running over the buffer end.
Diffstat (limited to 'iconvdata/ksc5601.h')
| -rw-r--r-- | iconvdata/ksc5601.h | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/iconvdata/ksc5601.h b/iconvdata/ksc5601.h index d3eb3a4ff8..f5cdc72797 100644 --- a/iconvdata/ksc5601.h +++ b/iconvdata/ksc5601.h @@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s, size_t avail, unsigned char offset) unsigned char ch2; int idx; + if (avail < 2) + return 0; + /* row 94(0x7e) and row 41(0x49) are user-defined area in KS C 5601 */ if (ch < offset || (ch - offset) <= 0x20 || (ch - offset) >= 0x7e || (ch - offset) == 0x49) return __UNKNOWN_10646_CHAR; - if (avail < 2) - return 0; - ch2 = (*s)[1]; if (ch2 < offset || (ch2 - offset) <= 0x20 || (ch2 - offset) >= 0x7f) return __UNKNOWN_10646_CHAR; |