public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug locale/26923] New: Assertion failure in iconv when converting invalid UCS4
@ 2020-11-19 18:22 mcolavita at fb dot com
2020-11-19 18:40 ` [Bug locale/26923] " carlos at redhat dot com
` (11 more replies)
0 siblings, 12 replies; 13+ messages in thread
From: mcolavita at fb dot com @ 2020-11-19 18:22 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26923
Bug ID: 26923
Summary: Assertion failure in iconv when converting invalid
UCS4
Product: glibc
Version: 2.30
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: locale
Assignee: unassigned at sourceware dot org
Reporter: mcolavita at fb dot com
Target Milestone: ---
Created attachment 12978
--> https://sourceware.org/bugzilla/attachment.cgi?id=12978&action=edit
An example of an iconv call that causes an assertion failure.
When converting UCS4 containing an irreversible character, an assertion failure
can occur within __gconv_transform_ucs4_internal. See attachment for an easy
reproducible example.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug locale/26923] Assertion failure in iconv when converting invalid UCS4
2020-11-19 18:22 [Bug locale/26923] New: Assertion failure in iconv when converting invalid UCS4 mcolavita at fb dot com
@ 2020-11-19 18:40 ` carlos at redhat dot com
2020-11-19 18:42 ` mcolavita at fb dot com
` (10 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: carlos at redhat dot com @ 2020-11-19 18:40 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26923
Carlos O'Donell <carlos at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Status|UNCONFIRMED |NEW
Last reconfirmed| |2020-11-19
CC| |carlos at redhat dot com
--- Comment #1 from Carlos O'Donell <carlos at redhat dot com> ---
I can confirm this causes an assertion failure.
test: ../iconv/skeleton.c:746: __gconv_transform_ucs4_internal: Assertion
`outbuf == outerr' failed.
Aborted (core dumped)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug locale/26923] Assertion failure in iconv when converting invalid UCS4
2020-11-19 18:22 [Bug locale/26923] New: Assertion failure in iconv when converting invalid UCS4 mcolavita at fb dot com
2020-11-19 18:40 ` [Bug locale/26923] " carlos at redhat dot com
@ 2020-11-19 18:42 ` mcolavita at fb dot com
2020-11-19 18:43 ` carlos at redhat dot com
` (9 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: mcolavita at fb dot com @ 2020-11-19 18:42 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26923
--- Comment #2 from Michael Colavita <mcolavita at fb dot com> ---
(In reply to Carlos O'Donell from comment #1)
> I can confirm this causes an assertion failure.
>
> test: ../iconv/skeleton.c:746: __gconv_transform_ucs4_internal: Assertion
> `outbuf == outerr' failed.
> Aborted (core dumped)
I believe the root cause is due to improper bounds used when converting UCS4 to
the internal UCS4-like format. I have submitted a patch that I believe should
resolve the issue and explains the problem in a bit more depth.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug locale/26923] Assertion failure in iconv when converting invalid UCS4
2020-11-19 18:22 [Bug locale/26923] New: Assertion failure in iconv when converting invalid UCS4 mcolavita at fb dot com
2020-11-19 18:40 ` [Bug locale/26923] " carlos at redhat dot com
2020-11-19 18:42 ` mcolavita at fb dot com
@ 2020-11-19 18:43 ` carlos at redhat dot com
2020-11-19 21:06 ` P at draigBrady dot com
` (8 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: carlos at redhat dot com @ 2020-11-19 18:43 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26923
--- Comment #3 from Carlos O'Donell <carlos at redhat dot com> ---
Patch posted:
https://sourceware.org/pipermail/libc-alpha/2020-November/119822.html
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug locale/26923] Assertion failure in iconv when converting invalid UCS4
2020-11-19 18:22 [Bug locale/26923] New: Assertion failure in iconv when converting invalid UCS4 mcolavita at fb dot com
` (2 preceding siblings ...)
2020-11-19 18:43 ` carlos at redhat dot com
@ 2020-11-19 21:06 ` P at draigBrady dot com
2020-11-20 8:22 ` siddhesh at sourceware dot org
` (7 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: P at draigBrady dot com @ 2020-11-19 21:06 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26923
Pádraig Brady <P at draigBrady dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |P at draigBrady dot com,
| |schwab@linux-m68k.org
--- Comment #4 from Pádraig Brady <P at draigBrady dot com> ---
The fix for bug 18830 may have been the trigger.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug locale/26923] Assertion failure in iconv when converting invalid UCS4
2020-11-19 18:22 [Bug locale/26923] New: Assertion failure in iconv when converting invalid UCS4 mcolavita at fb dot com
` (3 preceding siblings ...)
2020-11-19 21:06 ` P at draigBrady dot com
@ 2020-11-20 8:22 ` siddhesh at sourceware dot org
2020-12-04 14:11 ` carnil at debian dot org
` (6 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: siddhesh at sourceware dot org @ 2020-11-20 8:22 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26923
Siddhesh Poyarekar <siddhesh at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |siddhesh at sourceware dot org
Flags| |security+
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug locale/26923] Assertion failure in iconv when converting invalid UCS4
2020-11-19 18:22 [Bug locale/26923] New: Assertion failure in iconv when converting invalid UCS4 mcolavita at fb dot com
` (4 preceding siblings ...)
2020-11-20 8:22 ` siddhesh at sourceware dot org
@ 2020-12-04 14:11 ` carnil at debian dot org
2020-12-07 16:54 ` [Bug locale/26923] Assertion failure in iconv when converting invalid UCS4 (CVE-2020-29562) siddhesh at sourceware dot org
` (5 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: carnil at debian dot org @ 2020-12-04 14:11 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26923
Salvatore Bonaccorso <carnil at debian dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |carnil at debian dot org
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug locale/26923] Assertion failure in iconv when converting invalid UCS4 (CVE-2020-29562)
2020-11-19 18:22 [Bug locale/26923] New: Assertion failure in iconv when converting invalid UCS4 mcolavita at fb dot com
` (5 preceding siblings ...)
2020-12-04 14:11 ` carnil at debian dot org
@ 2020-12-07 16:54 ` siddhesh at sourceware dot org
2020-12-07 17:19 ` siddhesh at sourceware dot org
` (4 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: siddhesh at sourceware dot org @ 2020-12-07 16:54 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26923
Siddhesh Poyarekar <siddhesh at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Alias| |CVE-2020-29562
Summary|Assertion failure in iconv |Assertion failure in iconv
|when converting invalid |when converting invalid
|UCS4 |UCS4 (CVE-2020-29562)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug locale/26923] Assertion failure in iconv when converting invalid UCS4 (CVE-2020-29562)
2020-11-19 18:22 [Bug locale/26923] New: Assertion failure in iconv when converting invalid UCS4 mcolavita at fb dot com
` (6 preceding siblings ...)
2020-12-07 16:54 ` [Bug locale/26923] Assertion failure in iconv when converting invalid UCS4 (CVE-2020-29562) siddhesh at sourceware dot org
@ 2020-12-07 17:19 ` siddhesh at sourceware dot org
2020-12-08 14:35 ` cvs-commit at gcc dot gnu.org
` (3 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: siddhesh at sourceware dot org @ 2020-12-07 17:19 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26923
Siddhesh Poyarekar <siddhesh at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
Target Milestone|--- |2.33
--- Comment #5 from Siddhesh Poyarekar <siddhesh at sourceware dot org> ---
Fixed in master.
commit 228edd356f03bf62dcf2b1335f25d43c602ee68d
Author: Michael Colavita <mcolavita@fb.com>
Date: Thu Nov 19 11:44:40 2020 -0500
iconv: Fix incorrect UCS4 inner loop bounds (BZ#26923)
Previously, in UCS4 conversion routines we limit the number of
characters we examine to the minimum of the number of characters in the
input and the number of characters in the output. This is not the
correct behavior when __GCONV_IGNORE_ERRORS is set, as we do not consume
an output character when we skip a code unit. Instead, track the input
and output pointers and terminate the loop when either reaches its
limit.
This resolves assertion failures when resetting the input buffer in a step
of
iconv, which assumes that the input will be fully consumed given sufficient
output space.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug locale/26923] Assertion failure in iconv when converting invalid UCS4 (CVE-2020-29562)
2020-11-19 18:22 [Bug locale/26923] New: Assertion failure in iconv when converting invalid UCS4 mcolavita at fb dot com
` (7 preceding siblings ...)
2020-12-07 17:19 ` siddhesh at sourceware dot org
@ 2020-12-08 14:35 ` cvs-commit at gcc dot gnu.org
2021-01-03 13:47 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-12-08 14:35 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26923
--- Comment #6 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Siddhesh Poyarekar
<siddhesh@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=38a9e93cb1c58e3c899d638480e6d6e42af8e6fc
commit 38a9e93cb1c58e3c899d638480e6d6e42af8e6fc
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Mon Dec 7 22:29:18 2020 +0530
Add NEWS entry for CVE-2020-29562 (BZ #26923)
BZ #26923 now has a CVE entry, so add a NEWS entry for it.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug locale/26923] Assertion failure in iconv when converting invalid UCS4 (CVE-2020-29562)
2020-11-19 18:22 [Bug locale/26923] New: Assertion failure in iconv when converting invalid UCS4 mcolavita at fb dot com
` (8 preceding siblings ...)
2020-12-08 14:35 ` cvs-commit at gcc dot gnu.org
@ 2021-01-03 13:47 ` cvs-commit at gcc dot gnu.org
2021-09-21 0:54 ` cvs-commit at gcc dot gnu.org
2022-10-07 8:20 ` cvs-commit at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-01-03 13:47 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26923
--- Comment #7 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.31/master branch has been updated by Aurelien Jarno
<aurel32@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0858f46440db4936303de0117908c1de7f4f8215
commit 0858f46440db4936303de0117908c1de7f4f8215
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Mon Dec 7 22:29:18 2020 +0530
Add NEWS entry for CVE-2020-29562 (BZ #26923)
BZ #26923 now has a CVE entry, so add a NEWS entry for it.
(cherry picked from commit 38a9e93cb1c58e3c899d638480e6d6e42af8e6fc)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug locale/26923] Assertion failure in iconv when converting invalid UCS4 (CVE-2020-29562)
2020-11-19 18:22 [Bug locale/26923] New: Assertion failure in iconv when converting invalid UCS4 mcolavita at fb dot com
` (9 preceding siblings ...)
2021-01-03 13:47 ` cvs-commit at gcc dot gnu.org
@ 2021-09-21 0:54 ` cvs-commit at gcc dot gnu.org
2022-10-07 8:20 ` cvs-commit at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2021-09-21 0:54 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26923
--- Comment #8 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.27/master branch has been updated by Dmitry Levin
<ldv@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3668134a9ef34b1a96f6b56666ae04886a99d33f
commit 3668134a9ef34b1a96f6b56666ae04886a99d33f
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Mon Dec 7 22:29:18 2020 +0530
Add NEWS entry for CVE-2020-29562 (BZ #26923)
BZ #26923 now has a CVE entry, so add a NEWS entry for it.
(cherry picked from commit 38a9e93cb1c58e3c899d638480e6d6e42af8e6fc)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug locale/26923] Assertion failure in iconv when converting invalid UCS4 (CVE-2020-29562)
2020-11-19 18:22 [Bug locale/26923] New: Assertion failure in iconv when converting invalid UCS4 mcolavita at fb dot com
` (10 preceding siblings ...)
2021-09-21 0:54 ` cvs-commit at gcc dot gnu.org
@ 2022-10-07 8:20 ` cvs-commit at gcc dot gnu.org
11 siblings, 0 replies; 13+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-10-07 8:20 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26923
--- Comment #9 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.32/master branch has been updated by Dmitry Levin
<ldv@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6fd634e9b922a4a1293f0cf5a8f6c908f68c5401
commit 6fd634e9b922a4a1293f0cf5a8f6c908f68c5401
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Mon Dec 7 22:29:18 2020 +0530
NEWS: Mention CVE-2020-29562 (BZ #26923)
BZ #26923 now has a CVE entry, so add a NEWS entry for it.
(cherry picked from commit 38a9e93cb1c58e3c899d638480e6d6e42af8e6fc)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2022-10-07 8:20 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-19 18:22 [Bug locale/26923] New: Assertion failure in iconv when converting invalid UCS4 mcolavita at fb dot com
2020-11-19 18:40 ` [Bug locale/26923] " carlos at redhat dot com
2020-11-19 18:42 ` mcolavita at fb dot com
2020-11-19 18:43 ` carlos at redhat dot com
2020-11-19 21:06 ` P at draigBrady dot com
2020-11-20 8:22 ` siddhesh at sourceware dot org
2020-12-04 14:11 ` carnil at debian dot org
2020-12-07 16:54 ` [Bug locale/26923] Assertion failure in iconv when converting invalid UCS4 (CVE-2020-29562) siddhesh at sourceware dot org
2020-12-07 17:19 ` siddhesh at sourceware dot org
2020-12-08 14:35 ` cvs-commit at gcc dot gnu.org
2021-01-03 13:47 ` cvs-commit at gcc dot gnu.org
2021-09-21 0:54 ` cvs-commit at gcc dot gnu.org
2022-10-07 8:20 ` cvs-commit at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).