about summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
authorWill Dietz <w@wdtz.org>2018-05-01 14:16:44 -0500
committerRich Felker <dalias@aerifal.cx>2018-05-09 16:27:42 -0400
commit55a661ff5ec5c8192091ec0bd74424500761b08d (patch)
treef67da398fac8ac5847f73eb44b5856677fe28dd3 /src
parent40bae2d32fd6f3ffea437fa745ad38a1fe77b27e (diff)
downloadmusl-55a661ff5ec5c8192091ec0bd74424500761b08d.tar.gz
musl-55a661ff5ec5c8192091ec0bd74424500761b08d.tar.xz
musl-55a661ff5ec5c8192091ec0bd74424500761b08d.zip
fix iconv buffer overflow converting to legacy JIS-based encodings
maintainer's notes:

commit a223dbd27ae36fe53f9f67f86caf685b729593fc added the reverse
conversions to JIS-based encodings, but omitted the check for remining
buffer space in the case where the next character to be written was
single-byte, allowing conversion to continue past the end of the
destination buffer.
Diffstat (limited to 'src')
-rw-r--r--src/locale/iconv.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/locale/iconv.c b/src/locale/iconv.c
index d469856c..3c1f4dd2 100644
--- a/src/locale/iconv.c
+++ b/src/locale/iconv.c
@@ -539,6 +539,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
 			if (*outb < 1) goto toobig;
 			if (c<256 && c==legacy_map(tomap, c)) {
 			revout:
+				if (*outb < 1) goto toobig;
 				*(*out)++ = c;
 				*outb -= 1;
 				break;