public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug locale/27256] New: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters
@ 2021-01-27 12:33 fweimer at redhat dot com
2021-01-27 12:42 ` [Bug locale/27256] " fweimer at redhat dot com
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2021-01-27 12:33 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27256
Bug ID: 27256
Summary: Assertion failure in ISO-2022-JP-3 gconv module
related to combining characters
Product: glibc
Version: 2.33
Status: NEW
Severity: normal
Priority: P1
Component: locale
Assignee: fweimer at redhat dot com
Reporter: fweimer at redhat dot com
Target Milestone: ---
Flags: security+
Tavis Ormandy reported that when converting from ISO-2022-JP-3 to UTF-8, the
gconv module could trigger an assertion failure in iconv/skeleton.c if the
second wide character in a two-wide-character sequence cannot be written to the
output buffer during character set conversion.
If glibc is built with assertions, this assertion failure can typically be
triggered by applications (such as mail clients) which use the glibc iconv
subsystem for MIME character set processing.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug locale/27256] Assertion failure in ISO-2022-JP-3 gconv module related to combining characters
2021-01-27 12:33 [Bug locale/27256] New: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters fweimer at redhat dot com
@ 2021-01-27 12:42 ` fweimer at redhat dot com
2021-01-27 12:58 ` carnil at debian dot org
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2021-01-27 12:42 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27256
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
--- Comment #1 from Florian Weimer <fweimer at redhat dot com> ---
Patch posted:
https://sourceware.org/pipermail/libc-alpha/2021-January/122058.html
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug locale/27256] Assertion failure in ISO-2022-JP-3 gconv module related to combining characters
2021-01-27 12:33 [Bug locale/27256] New: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters fweimer at redhat dot com
2021-01-27 12:42 ` [Bug locale/27256] " fweimer at redhat dot com
@ 2021-01-27 12:58 ` carnil at debian dot org
2021-01-27 13:04 ` fweimer at redhat dot com
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: carnil at debian dot org @ 2021-01-27 12:58 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27256
Salvatore Bonaccorso <carnil at debian dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |carnil at debian dot org
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug locale/27256] Assertion failure in ISO-2022-JP-3 gconv module related to combining characters
2021-01-27 12:33 [Bug locale/27256] New: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters fweimer at redhat dot com
2021-01-27 12:42 ` [Bug locale/27256] " fweimer at redhat dot com
2021-01-27 12:58 ` carnil at debian dot org
@ 2021-01-27 13:04 ` fweimer at redhat dot com
2021-01-27 20:18 ` carnil at debian dot org
2021-01-27 20:28 ` [Bug locale/27256] Assertion failure in ISO-2022-JP-3 gconv module related to combining characters (CVE-2021-3326) fweimer at redhat dot com
4 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2021-01-27 13:04 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27256
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
Target Milestone|--- |2.33
--- Comment #2 from Florian Weimer <fweimer at redhat dot com> ---
Fixed for 2.33 via:
commit 7d88c6142c6efc160c0ee5e4f85cde382c072888
Author: Florian Weimer <fweimer@redhat.com>
Date: Wed Jan 27 13:36:12 2021 +0100
gconv: Fix assertion failure in ISO-2022-JP-3 module (bug 27256)
The conversion loop to the internal encoding does not follow
the interface contract that __GCONV_FULL_OUTPUT is only returned
after the internal wchar_t buffer has been filled completely. This
is enforced by the first of the two asserts in iconv/skeleton.c:
/* We must run out of output buffer space in this
rerun. */
assert (outbuf == outerr);
assert (nstatus == __GCONV_FULL_OUTPUT);
This commit solves this issue by queuing a second wide character
which cannot be written immediately in the state variable, like
other converters already do (e.g., BIG5-HKSCS or TSCII).
Reported-by: Tavis Ormandy <taviso@gmail.com>
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug locale/27256] Assertion failure in ISO-2022-JP-3 gconv module related to combining characters
2021-01-27 12:33 [Bug locale/27256] New: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters fweimer at redhat dot com
` (2 preceding siblings ...)
2021-01-27 13:04 ` fweimer at redhat dot com
@ 2021-01-27 20:18 ` carnil at debian dot org
2021-01-27 20:28 ` [Bug locale/27256] Assertion failure in ISO-2022-JP-3 gconv module related to combining characters (CVE-2021-3326) fweimer at redhat dot com
4 siblings, 0 replies; 6+ messages in thread
From: carnil at debian dot org @ 2021-01-27 20:18 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27256
Salvatore Bonaccorso <carnil at debian dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Alias| |CVE-2021-3326
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug locale/27256] Assertion failure in ISO-2022-JP-3 gconv module related to combining characters (CVE-2021-3326)
2021-01-27 12:33 [Bug locale/27256] New: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters fweimer at redhat dot com
` (3 preceding siblings ...)
2021-01-27 20:18 ` carnil at debian dot org
@ 2021-01-27 20:28 ` fweimer at redhat dot com
4 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2021-01-27 20:28 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=27256
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Assertion failure in |Assertion failure in
|ISO-2022-JP-3 gconv module |ISO-2022-JP-3 gconv module
|related to combining |related to combining
|characters |characters (CVE-2021-3326)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-01-27 20:28 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-27 12:33 [Bug locale/27256] New: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters fweimer at redhat dot com
2021-01-27 12:42 ` [Bug locale/27256] " fweimer at redhat dot com
2021-01-27 12:58 ` carnil at debian dot org
2021-01-27 13:04 ` fweimer at redhat dot com
2021-01-27 20:18 ` carnil at debian dot org
2021-01-27 20:28 ` [Bug locale/27256] Assertion failure in ISO-2022-JP-3 gconv module related to combining characters (CVE-2021-3326) fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).