[Bug locale/32046] New: iconv -c fails to report input encoding errors if output buffer is full

[Bug locale/32046] New: iconv -c fails to report input encoding errors if output buffer is full

[fweimer at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=32046

            Bug ID: 32046
           Summary: iconv -c fails to report input encoding errors if
                    output buffer is full
           Product: glibc
           Version: 2.41
            Status: NEW
          Severity: normal
          Priority: P2
         Component: locale
          Assignee: unassigned at sourceware dot org
          Reporter: fweimer at redhat dot com
  Target Milestone: ---

If the output buffer is full, E2BIG takes precedence, and iconv (the program)
never sees the preceding error about the invalid input.  The error is discarded
here in iconv/loop.c:

      if ((MIN_NEEDED_OUTPUT != 1
           && __builtin_expect (outptr + MIN_NEEDED_OUTPUT > outend, 0))
          || (MIN_NEEDED_OUTPUT == 1
              && __builtin_expect (outptr >= outend, 0)))
        {
          /* Overflow in the output buffer.  */
          result = __GCONV_FULL_OUTPUT;
          break;
        }

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug locale/32046] iconv -c fails to report input encoding errors if output buffer is full

[fweimer at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=32046

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |security-
           Assignee|unassigned at sourceware dot org   |fweimer at redhat dot com
             Status|NEW                         |ASSIGNED
                 CC|                            |fweimer at redhat dot com

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug locale/32046] iconv -c fails to report input encoding errors if output buffer is full

[fweimer at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=32046

--- Comment #1 from Florian Weimer <fweimer at redhat dot com> ---
This isn't the only code that needs changing (there is another occurrence in
loop.c). We have plenty of places that produce __GCONV_FULL_OUTPUT, and those
would need to be audited if they need to do something is similar to checking
for a previous error instead.

Conversely, it is also not trivial to add a sticky error indicator because we
produce __GCONV_ILLEGAL_INPUT in many places as well. This direction seems more
promising because we can set a sticky error bit unconditionally. We can use the
__flags member of struct __gconv_step_data for that bit. At the end, the iconv
program can check that bit in all steps of the conversion descriptor, and
produce a non-zero exit status even if there was a hidden error.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug locale/32046] iconv -c fails to report input encoding errors if output buffer is full

[fweimer at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=32046

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
   Target Milestone|---                         |2.41
         Resolution|---                         |FIXED

--- Comment #2 from Florian Weimer <fweimer at redhat dot com> ---
Fixed for 2.41 via:

commit 6cbf845fcdc76131d0e674cee454fe738b69c69d
Author: Florian Weimer <fweimer@redhat.com>
Date:   Fri Sep 20 13:10:54 2024 +0200

    iconv: Preserve iconv -c error exit on invalid inputs (bug 32046)

    In several converters, a __GCONV_ILLEGAL_INPUT result gets overwritten
    with __GCONV_FULL_OUTPUT.  As a result, iconv (the function) returns
    E2BIG instead of EILSEQ.  The iconv program does not see the original
    EILSEQ failure, does not recognize the invalid input, and may
    incorrectly exit successfully.

    To address this, a new __flags bit is used to indicate a sticky input
    error state.  All __GCONV_ILLEGAL_INPUT results are replaced with a
    function call that sets this new __GCONV_ENCOUNTERED_ILLEGAL_INPUT and
    returns __GCONV_ILLEGAL_INPUT.  The iconv program checks for
    __GCONV_ENCOUNTERED_ILLEGAL_INPUT and overrides the exit status.

    The converter changes introducing __gconv_mark_illegal_input are
    mostly mechanical, except for the res variable initialization in
    iconvdata/iso-2022-jp.c: this error gets overwritten with __GCONV_OK
    and other results in the following code.  If res ==
    __GCONV_ILLEGAL_INPUT afterwards, STANDARD_TO_LOOP_ERR_HANDLER below
    will handle it.

    The __gconv_mark_illegal_input changes do not alter the errno value
    set by the iconv function.  This is simpler to implement than
    reviewing each __GCONV_FULL_OUTPUT result and adjust it not to
    override a previous __GCONV_ILLEGAL_INPUT result.  Doing it that way
    would also change some E2BIG errors in to EILSEQ errors, so it had to
    be done conditionally (under a flag set by the iconv program only), to
    avoid confusing buffer management in other applications.

    Reviewed-by: DJ Delorie <dj@redhat.com>

-- 
You are receiving this mail because:
You are on the CC list for the bug.