summary refs log tree commit diff
path: root/libidn
diff options
context:
space:
mode:
authorJakub Jelinek <jakub@redhat.com>2005-03-19 21:04:10 +0000
committerJakub Jelinek <jakub@redhat.com>2005-03-19 21:04:10 +0000
commit8f8ebbc438fcb4b22fba8beb3ef3d1aa59d9d7bf (patch)
treeb7091affa76bbaf47e78a59dfc72b2102554eaf9 /libidn
parentf5c3480e830e94e0e51a0bdb1053944daed8bc58 (diff)
downloadglibc-8f8ebbc438fcb4b22fba8beb3ef3d1aa59d9d7bf.tar.gz
glibc-8f8ebbc438fcb4b22fba8beb3ef3d1aa59d9d7bf.tar.xz
glibc-8f8ebbc438fcb4b22fba8beb3ef3d1aa59d9d7bf.zip
Updated to fedora-glibc-20050319T1907 cvs/fedora-glibc-2_3_4-15
Diffstat (limited to 'libidn')
-rw-r--r--libidn/ChangeLog10
-rw-r--r--libidn/iconvme.c18
2 files changed, 25 insertions, 3 deletions
diff --git a/libidn/ChangeLog b/libidn/ChangeLog
index df3a6269e8..f9303743fc 100644
--- a/libidn/ChangeLog
+++ b/libidn/ChangeLog
@@ -1,3 +1,13 @@
+2005-03-08  Paul Eggert  <eggert@cs.ucla.edu>
+
+	* iconvme.c (SIZE_MAX): New macro, if not already defined.
+	(iconv_string): Don't guess a size-zero buffer, as that might cause
+	buffer overrun.  Instead, avoid multiplying by MB_LEN_MAX if the
+	result would be 'too large', where 'too large' is (heuristically)
+	the square root of SIZE_MAX, divided by MB_LEN_MAX to allay
+	overflow concerns.  This will prevent some unwanted malloc failures
+	when the inputs are very large.
+
 2005-02-12  Simon Josefsson  <jas@extundo.com >
 
 	* iconvme.h: New file, extracted from toutf8.c but improved.
diff --git a/libidn/iconvme.c b/libidn/iconvme.c
index daf0c8e349..cc4dd1daa5 100644
--- a/libidn/iconvme.c
+++ b/libidn/iconvme.c
@@ -41,10 +41,14 @@
 #if HAVE_ICONV
 /* Get iconv etc. */
 # include <iconv.h>
-/* Get MB_LEN_MAX. */
+/* Get MB_LEN_MAX, CHAR_BIT.  */
 # include <limits.h>
 #endif
 
+#ifndef SIZE_MAX
+# define SIZE_MAX ((size_t) -1)
+#endif
+
 /* Convert a zero-terminated string STR from the FROM_CODSET code set
    to the TO_CODESET code set.  The returned string is allocated using
    malloc, and must be dellocated by the caller using free.  On
@@ -63,10 +67,18 @@ iconv_string (const char *str, const char *from_codeset,
   char *p = (char *) str;
   size_t inbytes_remaining = strlen (p);
   /* Guess the maximum length the output string can have.  */
-  size_t outbuf_size = (inbytes_remaining + 1) * MB_LEN_MAX;
-  size_t outbytes_remaining = outbuf_size - 1; /* -1 for NUL */
+  size_t outbuf_size = inbytes_remaining + 1;
+  size_t outbytes_remaining;
   size_t err;
   int have_error = 0;
+
+  /* Use a worst-case output size guess, so long as that wouldn't be
+     too large for comfort.  It's OK if the guess is wrong so long as
+     it's nonzero.  */
+  size_t approx_sqrt_SIZE_MAX = SIZE_MAX >> (sizeof (size_t) * CHAR_BIT / 2);
+  if (outbuf_size <= approx_sqrt_SIZE_MAX / MB_LEN_MAX)
+    outbuf_size *= MB_LEN_MAX;
+  outbytes_remaining = outbuf_size - 1;
 #endif
 
   if (strcmp (to_codeset, from_codeset) == 0)