From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/12800 Path: news.gmane.org!.POSTED!not-for-mail From: Will Dietz Newsgroups: gmane.linux.lib.musl.general Subject: [PATCH] iconv: add check to avoid writing past end of buffer Date: Wed, 2 May 2018 12:07:17 -0500 Message-ID: Reply-To: musl@lists.openwall.com NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="00000000000088b176056b3c1e5e" X-Trace: blaine.gmane.org 1525280730 29612 195.159.176.226 (2 May 2018 17:05:30 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 2 May 2018 17:05:30 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-12816-gllmg-musl=m.gmane.org@lists.openwall.com Wed May 02 19:05:26 2018 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by blaine.gmane.org with smtp (Exim 4.84_2) (envelope-from ) id 1fDvC0-0007Zy-1n for gllmg-musl@m.gmane.org; Wed, 02 May 2018 19:05:24 +0200 Original-Received: (qmail 11786 invoked by uid 550); 2 May 2018 17:07:31 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 11750 invoked from network); 2 May 2018 17:07:30 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wdtz.org; s=google; h=mime-version:from:date:message-id:subject:to; bh=rZ+72xXCBWVse8L67/bCAt5vx1cixJggMFQVA0Kw8qY=; b=gzFddpYIqeIxU5OYRiL+38jyp/bXylAn94eceCF/idoHHjKN1zQQU+8lLACQerllDo THV3TWru4IhAE2vu4eQyX+5bWdyX2CQulz7tno55FLcC6YOYkYsWGI3WfUihKALFFARB haQ9rhmT/HTErFfLAdWbWg3kIKAhx2Wssi120= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=rZ+72xXCBWVse8L67/bCAt5vx1cixJggMFQVA0Kw8qY=; b=Pdp45i7YTOH+SYcAMNNWMDKMOB8go6zjgPoCXUbxZOosANRNAtSYavwpIhGHWI0zkd +M+WcYr8gZW0h62op2vzl+OhnzWqOWUH0Gck2w+hpb6zat9LPtF6Uj7V2A2Qrv9fyqqm CgAjJzamDAsuNTST/1rg6wEhY3LPNbdkTXER5XRVNgAvHPL853JXAw6+JAUY8OgDhSJD u97nyfJgUmJkU2yPNerV4fXIx9v6FUqdD7S9yz5Ine4tpleUqW/mPaNQrdKI4jMRJl1W 5k1PCeRT0y5Dqou8FW1xuCChlVCRiRp8iqyJv8AWCzRuL9eqNfDy5PWxZphmmq4Id7io orHg== X-Gm-Message-State: ALQs6tAueXkyi9Ys+/1T2bofTl4gKY4yV/VzmEiU3mdxHNk5/TzLl0Sz Yxaq021jYsx8vUMp+Fp5ue4a1cljVY6hLeYwUVIM1iu8nQ== X-Google-Smtp-Source: AB8JxZrJWIRlinW+nLd4Y+m5Qa+/pOyMcBDAxSAc+2sNsXnSQmdjpd2eT5DVYwPlXKwhUXvIMYKJOUI21pO+Vs3V+Gc= X-Received: by 2002:a9d:704b:: with SMTP id x11-v6mr1772931otj.56.1525280838026; Wed, 02 May 2018 10:07:18 -0700 (PDT) X-Originating-IP: [99.4.166.28] Xref: news.gmane.org gmane.linux.lib.musl.general:12800 Archived-At: --00000000000088b176056b3c1e5e Content-Type: text/plain; charset="UTF-8" Attached. Example based on [1] that crashes without this fix can be found here: https://gist.github.com/7bc07da1dcd02e01c2fbb28cbaa81420 Input is from git's tests (2.17.0), and fixes tests when using noxcuse-based iconv utility and musl's iconv implementation. Well, *almost*. At least no more crashing :). One final test involving autosquash fails-- I believe due to a comparison breaking due to unexpected shifts in ISO-2022-JP encoding (as described in [2]) but I'm not sure of details just yet. Neat to get this far! ~Will [1] http://www.openwall.com/lists/musl/2017/05/03/1 [2] http://www.openwall.com/lists/musl/2014/11/09/1 --00000000000088b176056b3c1e5e Content-Type: text/x-patch; charset="US-ASCII"; name="iconv.patch" Content-Disposition: attachment; filename="iconv.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_jgpbr4sa0 RnJvbSBkNDUxNmJiY2E2YjMxNTkyN2I4MjI1MmJhYTI0NTc0YWUxMmYwYjA2IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBXaWxsIERpZXR6IDx3QHdkdHoub3JnPgpEYXRlOiBUdWUsIDEg TWF5IDIwMTggMTQ6MTY6NDQgLTA1MDAKU3ViamVjdDogW1BBVENIXSBpY29udi5jOiBhZGQgbWlz c2luZyBjaGVjayBhZ2FpbnN0IG91dHB1dCBidWZmZXIgc2l6ZQoKLS0tCiBzcmMvbG9jYWxlL2lj b252LmMgfCAxICsKIDEgZmlsZSBjaGFuZ2VkLCAxIGluc2VydGlvbigrKQoKZGlmZiAtLWdpdCBh L3NyYy9sb2NhbGUvaWNvbnYuYyBiL3NyYy9sb2NhbGUvaWNvbnYuYwppbmRleCBkNDY5ODU2Yy4u M2MxZjRkZDIgMTAwNjQ0Ci0tLSBhL3NyYy9sb2NhbGUvaWNvbnYuYworKysgYi9zcmMvbG9jYWxl L2ljb252LmMKQEAgLTUzOSw2ICs1MzksNyBAQCBzaXplX3QgaWNvbnYoaWNvbnZfdCBjZCwgY2hh ciAqKnJlc3RyaWN0IGluLCBzaXplX3QgKnJlc3RyaWN0IGluYiwgY2hhciAqKnJlc3RyaQogCQkJ aWYgKCpvdXRiIDwgMSkgZ290byB0b29iaWc7CiAJCQlpZiAoYzwyNTYgJiYgYz09bGVnYWN5X21h cCh0b21hcCwgYykpIHsKIAkJCXJldm91dDoKKwkJCQlpZiAoKm91dGIgPCAxKSBnb3RvIHRvb2Jp ZzsKIAkJCQkqKCpvdXQpKysgPSBjOwogCQkJCSpvdXRiIC09IDE7CiAJCQkJYnJlYWs7Ci0tIAoy LjE3LjAKCg== --00000000000088b176056b3c1e5e--