Fix validation check when converting from ibm930 to utf

[BZ #14134]

When converting IBM930 code with iconv(), if IBM930 code which
includes invalid multibyte character "0xffff" is specified, then
iconv() segfaults. This is easy to see using the following command:

echo '0x0e 0x43 0x8c 0xff 0xff 0x43 0xbd 0x43 0xbd' | xxd -r |
	iconv -f IBM930 -t UTF-8

diff --git a/ChangeLog b/ChangeLog
index 1615aad42f025d7351900b8cec63171414bb6406..b2fd4818f724a4e60e7210252f32c1524d86cedf 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2012-06-06  Siddhesh Poyarekar  <siddhesh@redhat.com>
+
+       [BZ #14134]
+       * iconvdata/ibm930.c (BODY) [FROM_LOOP]: Check for invalid
+       character 0xffff that matches the last element of the
+       conversion table.
+
 2012-06-05  Adhemerval Zanella  <azanella@linux.vnet.ibm.com>
 
        * sysdeps/ieee754/ldbl-128ibm/e_fmodl.c: Fix for wrong ldbl128-ibm

diff --git a/NEWS b/NEWS
index d332708d77f708197c4c669b7f67fabb9fa2e436..4804cb278af1d901f8cb1560c7202260a7dd998b 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -29,7 +29,7 @@ Version 2.16
   13963, 13967, 13968, 13970, 13973, 13979, 13983, 13986, 13996, 14012,
   14027, 14033, 14034, 14036, 14040, 14043, 14044, 14048, 14049, 14053,
   14055, 14059, 14064, 14075, 14080, 14083, 14103, 14104, 14109, 14112,
-  14122, 14123, 14153, 14183, 14188, 14199
+  14122, 14123, 14134, 14153, 14183, 14188, 14199
 
 * Support for the x32 ABI on x86-64 added.  The x32 target is selected by
   configuring glibc with:

diff --git a/iconvdata/ibm930.c b/iconvdata/ibm930.c
index 25a9be02d808addaf8bd24f68d3dca11cb5e0112..587d54f08b2c0ede489e5811ff5b33ce7f573384 100644 (file)
--- a/iconvdata/ibm930.c
+++ b/iconvdata/ibm930.c
@@ -1,5 +1,5 @@
 /* Conversion from and to IBM930.
-   Copyright (C) 2000-2002, 2008 Free Software Foundation, Inc.
+   Copyright (C) 2000-2012 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Masahide Washizawa <washi@yamato.ibm.co.jp>, 2000.
 
@@ -162,7 +162,8 @@ enum
        while (ch > rp2->end)                                                 \
          ++rp2;                                                              \
                                                                              \
-       if (__builtin_expect (ch < rp2->start, 0)                             \
+       if (__builtin_expect (rp2->start == 0xffff, 0)                        \
+           || __builtin_expect (ch < rp2->start, 0)                          \
            || (res = __ibm930db_to_ucs4[ch + rp2->idx],                      \
                __builtin_expect (res, L'\1') == L'\0' && ch != '\0'))        \
          {                                                                   \