diff options
| author | Rich Felker <dalias@aerifal.cx> | 2024-03-02 15:01:18 -0500 |
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2024-03-02 22:17:49 -0500 |
| commit | 7ada6dde6f9dc6a2836c3d92c2f762d35fd229e0 (patch) | |
| tree | a9fb539bb6553839248f8bce59ecea0a3e3a2b38 | |
| parent | fd7d018521115f2674bf85cbccaf745852b9ed3a (diff) | |
| download | musl-7ada6dde6f9dc6a2836c3d92c2f762d35fd229e0.tar.gz musl-7ada6dde6f9dc6a2836c3d92c2f762d35fd229e0.tar.xz musl-7ada6dde6f9dc6a2836c3d92c2f762d35fd229e0.zip | |
iconv: fix missing bounds checking for shift_jis decoding
the jis0208 table we use is only 84x94 in size, but the shift_jis encoding supports a 94x94 grid. attempts to convert sequences outside of the supported zone resulted in out-of-bounds table reads, misinterpreting adjacent rodata as part of the character table and thereby converting these sequences to unexpected characters.
| -rw-r--r-- | src/locale/iconv.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/locale/iconv.c b/src/locale/iconv.c index 4b7967a7..7fb2e1ef 100644 --- a/src/locale/iconv.c +++ b/src/locale/iconv.c @@ -340,6 +340,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri c++; d -= 159; } + if (c>=84) goto ilseq; c = jis0208[c][d]; if (!c) goto ilseq; break; |