[gmime/gmime-2-2] fixed buffer overrun in charset conversion code
- From: Jeffrey Stedfast <fejj src gnome org>
- To: svn-commits-list gnome org
- Cc:
- Subject: [gmime/gmime-2-2] fixed buffer overrun in charset conversion code
- Date: Wed, 12 Aug 2009 15:05:55 +0000 (UTC)
commit 30fdf4415b9c387c63d63f7fbd4464104f04ea55
Author: Jeffrey Stedfast <fejj gnome org>
Date: Wed Aug 12 11:04:42 2009 -0400
fixed buffer overrun in charset conversion code
2009-08-12 Jeffrey Stedfast <fejj novell com>
* gmime/gmime-utils.c (charset_convert): If iconv() fails, treat
conditions where outleft == 0 the same as if we had gotten an
E2BIG error (e.g. we need to grow the output buffer) so that we
don't overrun it while appending a '?' placeholder character.
ChangeLog | 7 +++++++
gmime/gmime-utils.c | 9 ++++++---
2 files changed, 13 insertions(+), 3 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index fb98574..f722262 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2009-08-12 Jeffrey Stedfast <fejj novell com>
+
+ * gmime/gmime-utils.c (charset_convert): If iconv() fails, treat
+ conditions where outleft == 0 the same as if we had gotten an
+ E2BIG error (e.g. we need to grow the output buffer) so that we
+ don't overrun it while appending a '?' placeholder character.
+
2009-07-02 Stanislav Brabec <sbrabec suse cz>
* configure.in: Simplified configuring of gmime in a
diff --git a/gmime/gmime-utils.c b/gmime/gmime-utils.c
index f3815f1..2890d8d 100644
--- a/gmime/gmime-utils.c
+++ b/gmime/gmime-utils.c
@@ -1497,15 +1497,18 @@ charset_convert (iconv_t cd, const char *inbuf, size_t inleft, char **outp, size
break;
}
- if (errno == E2BIG) {
+ if (errno == E2BIG || outleft == 0) {
/* need to grow the output buffer */
outlen += (inleft * 2) + 16;
rc = (size_t) (outbuf - out);
out = g_realloc (out, outlen + 1);
outleft = outlen - rc;
outbuf = out + rc;
- } else {
- /* invalid byte(-sequence) in the input buffer */
+ }
+
+ if (errno == EINVAL || errno == EILSEQ) {
+ /* invalid or incomplete multibyte
+ * sequence in the input buffer */
*outbuf++ = '?';
outleft--;
inleft--;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]