From 7ada6dde6f9dc6a2836c3d92c2f762d35fd229e0 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Sat, 2 Mar 2024 15:01:18 -0500 Subject: iconv: fix missing bounds checking for shift_jis decoding the jis0208 table we use is only 84x94 in size, but the shift_jis encoding supports a 94x94 grid. attempts to convert sequences outside of the supported zone resulted in out-of-bounds table reads, misinterpreting adjacent rodata as part of the character table and thereby converting these sequences to unexpected characters. --- src/locale/iconv.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src') diff --git a/src/locale/iconv.c b/src/locale/iconv.c index 4b7967a7..7fb2e1ef 100644 --- a/src/locale/iconv.c +++ b/src/locale/iconv.c @@ -340,6 +340,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri c++; d -= 159; } + if (c>=84) goto ilseq; c = jis0208[c][d]; if (!c) goto ilseq; break; -- cgit v1.2.1