public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 [not found] <bug-24973-131@http.sourceware.org/bugzilla/> @ 2020-12-21 3:37 ` siddhesh at sourceware dot org 2021-01-04 19:52 ` carnil at debian dot org ` (3 subsequent siblings) 4 siblings, 0 replies; 5+ messages in thread From: siddhesh at sourceware dot org @ 2020-12-21 3:37 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=24973 Siddhesh Poyarekar <siddhesh at sourceware dot org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.33 Status|NEW |RESOLVED Resolution|--- |FIXED CC| |siddhesh at sourceware dot org --- Comment #1 from Siddhesh Poyarekar <siddhesh at sourceware dot org> --- Fixed in master: https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b Author: Andreas Schwab <schwab@suse.de> Date: Mon Dec 21 08:56:43 2020 +0530 Fix buffer overrun in EUC-KR conversion module (bz #24973) The byte 0xfe as input to the EUC-KR conversion denotes a user-defined area and is not allowed. The from_euc_kr function used to skip two bytes when told to skip over the unknown designation, potentially running over the buffer end. -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 [not found] <bug-24973-131@http.sourceware.org/bugzilla/> 2020-12-21 3:37 ` [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 siddhesh at sourceware dot org @ 2021-01-04 19:52 ` carnil at debian dot org 2021-01-04 19:59 ` [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013) fweimer at redhat dot com ` (2 subsequent siblings) 4 siblings, 0 replies; 5+ messages in thread From: carnil at debian dot org @ 2021-01-04 19:52 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=24973 Salvatore Bonaccorso <carnil at debian dot org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |carnil at debian dot org Alias| |CVE-2019-25013 -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013) [not found] <bug-24973-131@http.sourceware.org/bugzilla/> 2020-12-21 3:37 ` [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 siddhesh at sourceware dot org 2021-01-04 19:52 ` carnil at debian dot org @ 2021-01-04 19:59 ` fweimer at redhat dot com 2021-09-30 17:45 ` soko246 at gmail dot com 2021-10-01 2:03 ` siddhesh at sourceware dot org 4 siblings, 0 replies; 5+ messages in thread From: fweimer at redhat dot com @ 2021-01-04 19:59 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=24973 Florian Weimer <fweimer at redhat dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|iconv encounters |iconv encounters |segmentation fault when |segmentation fault when |converting 0x00 0xfe in |converting 0x00 0xfe in |EUC-KR to UTF-8 |EUC-KR to UTF-8 | |(CVE-2019-25013) -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013) [not found] <bug-24973-131@http.sourceware.org/bugzilla/> ` (2 preceding siblings ...) 2021-01-04 19:59 ` [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013) fweimer at redhat dot com @ 2021-09-30 17:45 ` soko246 at gmail dot com 2021-10-01 2:03 ` siddhesh at sourceware dot org 4 siblings, 0 replies; 5+ messages in thread From: soko246 at gmail dot com @ 2021-09-30 17:45 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=24973 soko246 <soko246 at gmail dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |soko246 at gmail dot com --- Comment #2 from soko246 <soko246 at gmail dot com> --- Using iconv results in corrupted output, when "-c" flag is used for input where characters that *can* and *cannot* be converted appear together. The issue only manifests for rather large inputs (presumably > 32K). Run in bash: >export LANG=C >perl -E 'say "\x58\xe2\x58\xc3\x92\x58\xe2\x58\x58\xe2\x58\xc3\x92\x58\xe2\x58\n" x 15000' | iconv -c -f ISO-8859-3 -t UTF-8 | sort | uniq -c Expected output: >15000 XâX�XâXXâX�XâX Actual output: > 1 > 2 XXâX�XâX > 2 XâX�XXâX > 2 XâX�XâX > 1 XâX�XâXX > 2 XâX�XâXXâX�X�XâXXâX�XâX > 14917 XâX�XâXXâX�XâX As can be seen, many lines just disappear (14917+2+1+2+2+2+1 don't sum up to 15000). Actual specific input does not matter, as long as it has a mix of convertable and non-convertable characters. Reducing number of input lines to smaller number (ex. 1000) and all works as expected: >1000 XâX�XâXXâX�XâX I tried this for ISO-8859-3 and ISO-8859-8 (same input) with similar (wrong) results. Using piconv (Perl variant of iconv) instead of iconv produces correct results. -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013) [not found] <bug-24973-131@http.sourceware.org/bugzilla/> ` (3 preceding siblings ...) 2021-09-30 17:45 ` soko246 at gmail dot com @ 2021-10-01 2:03 ` siddhesh at sourceware dot org 4 siblings, 0 replies; 5+ messages in thread From: siddhesh at sourceware dot org @ 2021-10-01 2:03 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=24973 --- Comment #3 from Siddhesh Poyarekar <siddhesh at sourceware dot org> --- Please file a separate bug for it. -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-10-01 2:03 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <bug-24973-131@http.sourceware.org/bugzilla/> 2020-12-21 3:37 ` [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 siddhesh at sourceware dot org 2021-01-04 19:52 ` carnil at debian dot org 2021-01-04 19:59 ` [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013) fweimer at redhat dot com 2021-09-30 17:45 ` soko246 at gmail dot com 2021-10-01 2:03 ` siddhesh at sourceware dot org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).