public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8
       [not found] <bug-24973-131@http.sourceware.org/bugzilla/>
@ 2020-12-21  3:37 ` siddhesh at sourceware dot org
  2021-01-04 19:52 ` carnil at debian dot org
                   ` (3 subsequent siblings)
  4 siblings, 0 replies; 5+ messages in thread
From: siddhesh at sourceware dot org @ 2020-12-21  3:37 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=24973

Siddhesh Poyarekar <siddhesh at sourceware dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |2.33
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED
                 CC|                            |siddhesh at sourceware dot org

--- Comment #1 from Siddhesh Poyarekar <siddhesh at sourceware dot org> ---
Fixed in master:

https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b

Author: Andreas Schwab <schwab@suse.de>
Date:   Mon Dec 21 08:56:43 2020 +0530

    Fix buffer overrun in EUC-KR conversion module (bz #24973)

    The byte 0xfe as input to the EUC-KR conversion denotes a user-defined
    area and is not allowed.  The from_euc_kr function used to skip two bytes
    when told to skip over the unknown designation, potentially running over
    the buffer end.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8
       [not found] <bug-24973-131@http.sourceware.org/bugzilla/>
  2020-12-21  3:37 ` [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 siddhesh at sourceware dot org
@ 2021-01-04 19:52 ` carnil at debian dot org
  2021-01-04 19:59 ` [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013) fweimer at redhat dot com
                   ` (2 subsequent siblings)
  4 siblings, 0 replies; 5+ messages in thread
From: carnil at debian dot org @ 2021-01-04 19:52 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=24973

Salvatore Bonaccorso <carnil at debian dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |carnil at debian dot org
              Alias|                            |CVE-2019-25013

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013)
       [not found] <bug-24973-131@http.sourceware.org/bugzilla/>
  2020-12-21  3:37 ` [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 siddhesh at sourceware dot org
  2021-01-04 19:52 ` carnil at debian dot org
@ 2021-01-04 19:59 ` fweimer at redhat dot com
  2021-09-30 17:45 ` soko246 at gmail dot com
  2021-10-01  2:03 ` siddhesh at sourceware dot org
  4 siblings, 0 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2021-01-04 19:59 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=24973

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|iconv encounters            |iconv encounters
                   |segmentation fault when     |segmentation fault when
                   |converting 0x00 0xfe in     |converting 0x00 0xfe in
                   |EUC-KR to UTF-8             |EUC-KR to UTF-8
                   |                            |(CVE-2019-25013)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013)
       [not found] <bug-24973-131@http.sourceware.org/bugzilla/>
                   ` (2 preceding siblings ...)
  2021-01-04 19:59 ` [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013) fweimer at redhat dot com
@ 2021-09-30 17:45 ` soko246 at gmail dot com
  2021-10-01  2:03 ` siddhesh at sourceware dot org
  4 siblings, 0 replies; 5+ messages in thread
From: soko246 at gmail dot com @ 2021-09-30 17:45 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=24973

soko246 <soko246 at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |soko246 at gmail dot com

--- Comment #2 from soko246 <soko246 at gmail dot com> ---
Using iconv results in corrupted output, when "-c" flag is used for input where
characters that *can* and *cannot* be converted appear together.
The issue only manifests for rather large inputs (presumably > 32K).

Run in bash:
>export LANG=C
>perl -E 'say "\x58\xe2\x58\xc3\x92\x58\xe2\x58\x58\xe2\x58\xc3\x92\x58\xe2\x58\n" x 15000' | iconv -c -f ISO-8859-3 -t UTF-8 | sort | uniq -c

Expected output:
>15000 XâX�XâXXâX�XâX

Actual output:
> 1
> 2 XXâX�XâX
> 2 XâX�XXâX
> 2 XâX�XâX
> 1 XâX�XâXX
> 2 XâX�XâXXâX�X�XâXXâX�XâX
> 14917 XâX�XâXXâX�XâX

As can be seen, many lines just disappear (14917+2+1+2+2+2+1 don't sum up to
15000). 

Actual specific input does not matter, as long as it has a mix of convertable
and non-convertable characters.
Reducing number of input lines to smaller number (ex. 1000) and all works as
expected:
>1000 XâX�XâXXâX�XâX

I tried this for ISO-8859-3 and ISO-8859-8 (same input) with similar (wrong)
results.

Using piconv (Perl variant of iconv) instead of iconv produces correct results.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013)
       [not found] <bug-24973-131@http.sourceware.org/bugzilla/>
                   ` (3 preceding siblings ...)
  2021-09-30 17:45 ` soko246 at gmail dot com
@ 2021-10-01  2:03 ` siddhesh at sourceware dot org
  4 siblings, 0 replies; 5+ messages in thread
From: siddhesh at sourceware dot org @ 2021-10-01  2:03 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=24973

--- Comment #3 from Siddhesh Poyarekar <siddhesh at sourceware dot org> ---
Please file a separate bug for it.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-10-01  2:03 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <bug-24973-131@http.sourceware.org/bugzilla/>
2020-12-21  3:37 ` [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 siddhesh at sourceware dot org
2021-01-04 19:52 ` carnil at debian dot org
2021-01-04 19:59 ` [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013) fweimer at redhat dot com
2021-09-30 17:45 ` soko246 at gmail dot com
2021-10-01  2:03 ` siddhesh at sourceware dot org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).