public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8
[not found] <bug-24973-131@http.sourceware.org/bugzilla/>
@ 2020-12-21 3:37 ` siddhesh at sourceware dot org
2021-01-04 19:52 ` carnil at debian dot org
` (3 subsequent siblings)
4 siblings, 0 replies; 5+ messages in thread
From: siddhesh at sourceware dot org @ 2020-12-21 3:37 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=24973
Siddhesh Poyarekar <siddhesh at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |2.33
Status|NEW |RESOLVED
Resolution|--- |FIXED
CC| |siddhesh at sourceware dot org
--- Comment #1 from Siddhesh Poyarekar <siddhesh at sourceware dot org> ---
Fixed in master:
https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b
Author: Andreas Schwab <schwab@suse.de>
Date: Mon Dec 21 08:56:43 2020 +0530
Fix buffer overrun in EUC-KR conversion module (bz #24973)
The byte 0xfe as input to the EUC-KR conversion denotes a user-defined
area and is not allowed. The from_euc_kr function used to skip two bytes
when told to skip over the unknown designation, potentially running over
the buffer end.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8
[not found] <bug-24973-131@http.sourceware.org/bugzilla/>
2020-12-21 3:37 ` [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 siddhesh at sourceware dot org
@ 2021-01-04 19:52 ` carnil at debian dot org
2021-01-04 19:59 ` [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013) fweimer at redhat dot com
` (2 subsequent siblings)
4 siblings, 0 replies; 5+ messages in thread
From: carnil at debian dot org @ 2021-01-04 19:52 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=24973
Salvatore Bonaccorso <carnil at debian dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |carnil at debian dot org
Alias| |CVE-2019-25013
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013)
[not found] <bug-24973-131@http.sourceware.org/bugzilla/>
2020-12-21 3:37 ` [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 siddhesh at sourceware dot org
2021-01-04 19:52 ` carnil at debian dot org
@ 2021-01-04 19:59 ` fweimer at redhat dot com
2021-09-30 17:45 ` soko246 at gmail dot com
2021-10-01 2:03 ` siddhesh at sourceware dot org
4 siblings, 0 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2021-01-04 19:59 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=24973
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|iconv encounters |iconv encounters
|segmentation fault when |segmentation fault when
|converting 0x00 0xfe in |converting 0x00 0xfe in
|EUC-KR to UTF-8 |EUC-KR to UTF-8
| |(CVE-2019-25013)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013)
[not found] <bug-24973-131@http.sourceware.org/bugzilla/>
` (2 preceding siblings ...)
2021-01-04 19:59 ` [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013) fweimer at redhat dot com
@ 2021-09-30 17:45 ` soko246 at gmail dot com
2021-10-01 2:03 ` siddhesh at sourceware dot org
4 siblings, 0 replies; 5+ messages in thread
From: soko246 at gmail dot com @ 2021-09-30 17:45 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=24973
soko246 <soko246 at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |soko246 at gmail dot com
--- Comment #2 from soko246 <soko246 at gmail dot com> ---
Using iconv results in corrupted output, when "-c" flag is used for input where
characters that *can* and *cannot* be converted appear together.
The issue only manifests for rather large inputs (presumably > 32K).
Run in bash:
>export LANG=C
>perl -E 'say "\x58\xe2\x58\xc3\x92\x58\xe2\x58\x58\xe2\x58\xc3\x92\x58\xe2\x58\n" x 15000' | iconv -c -f ISO-8859-3 -t UTF-8 | sort | uniq -c
Expected output:
>15000 XâX�XâXXâX�XâX
Actual output:
> 1
> 2 XXâX�XâX
> 2 XâX�XXâX
> 2 XâX�XâX
> 1 XâX�XâXX
> 2 XâX�XâXXâX�X�XâXXâX�XâX
> 14917 XâX�XâXXâX�XâX
As can be seen, many lines just disappear (14917+2+1+2+2+2+1 don't sum up to
15000).
Actual specific input does not matter, as long as it has a mix of convertable
and non-convertable characters.
Reducing number of input lines to smaller number (ex. 1000) and all works as
expected:
>1000 XâX�XâXXâX�XâX
I tried this for ISO-8859-3 and ISO-8859-8 (same input) with similar (wrong)
results.
Using piconv (Perl variant of iconv) instead of iconv produces correct results.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013)
[not found] <bug-24973-131@http.sourceware.org/bugzilla/>
` (3 preceding siblings ...)
2021-09-30 17:45 ` soko246 at gmail dot com
@ 2021-10-01 2:03 ` siddhesh at sourceware dot org
4 siblings, 0 replies; 5+ messages in thread
From: siddhesh at sourceware dot org @ 2021-10-01 2:03 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=24973
--- Comment #3 from Siddhesh Poyarekar <siddhesh at sourceware dot org> ---
Please file a separate bug for it.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-10-01 2:03 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <bug-24973-131@http.sourceware.org/bugzilla/>
2020-12-21 3:37 ` [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 siddhesh at sourceware dot org
2021-01-04 19:52 ` carnil at debian dot org
2021-01-04 19:59 ` [Bug locale/24973] iconv encounters segmentation fault when converting 0x00 0xfe in EUC-KR to UTF-8 (CVE-2019-25013) fweimer at redhat dot com
2021-09-30 17:45 ` soko246 at gmail dot com
2021-10-01 2:03 ` siddhesh at sourceware dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).