From 55a661ff5ec5c8192091ec0bd74424500761b08d Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Tue, 1 May 2018 14:16:44 -0500 Subject: [PATCH] fix iconv buffer overflow converting to legacy JIS-based encodings maintainer's notes: commit a223dbd27ae36fe53f9f67f86caf685b729593fc added the reverse conversions to JIS-based encodings, but omitted the check for remining buffer space in the case where the next character to be written was single-byte, allowing conversion to continue past the end of the destination buffer. --- src/locale/iconv.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/locale/iconv.c b/src/locale/iconv.c index d469856c..3c1f4dd2 100644 --- a/src/locale/iconv.c +++ b/src/locale/iconv.c @@ -539,6 +539,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri if (*outb < 1) goto toobig; if (c<256 && c==legacy_map(tomap, c)) { revout: + if (*outb < 1) goto toobig; *(*out)++ = c; *outb -= 1; break;