[gmime/gmime-2-2] fixed buffer overrun in charset conversion code

From: Jeffrey Stedfast <fejj src gnome org>
To: svn-commits-list gnome org
Cc:
Subject: [gmime/gmime-2-2] fixed buffer overrun in charset conversion code
Date: Wed, 12 Aug 2009 15:05:55 +0000 (UTC)

commit 30fdf4415b9c387c63d63f7fbd4464104f04ea55
Author: Jeffrey Stedfast <fejj gnome org>
Date:   Wed Aug 12 11:04:42 2009 -0400

    fixed buffer overrun in charset conversion code
    
    2009-08-12  Jeffrey Stedfast  <fejj novell com>
    
    	* gmime/gmime-utils.c (charset_convert): If iconv() fails, treat
    	conditions where outleft == 0 the same as if we had gotten an
    	E2BIG error (e.g. we need to grow the output buffer) so that we
    	don't overrun it while appending a '?' placeholder character.

 ChangeLog           |    7 +++++++
 gmime/gmime-utils.c |    9 ++++++---
 2 files changed, 13 insertions(+), 3 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index fb98574..f722262 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2009-08-12  Jeffrey Stedfast  <fejj novell com>
+
+	* gmime/gmime-utils.c (charset_convert): If iconv() fails, treat
+	conditions where outleft == 0 the same as if we had gotten an
+	E2BIG error (e.g. we need to grow the output buffer) so that we
+	don't overrun it while appending a '?' placeholder character.
+
 2009-07-02  Stanislav Brabec  <sbrabec suse cz>
 
 	* configure.in: Simplified configuring of gmime in a
diff --git a/gmime/gmime-utils.c b/gmime/gmime-utils.c
index f3815f1..2890d8d 100644
--- a/gmime/gmime-utils.c
+++ b/gmime/gmime-utils.c
@@ -1497,15 +1497,18 @@ charset_convert (iconv_t cd, const char *inbuf, size_t inleft, char **outp, size
 				break;
 			}
 			
-			if (errno == E2BIG) {
+			if (errno == E2BIG || outleft == 0) {
 				/* need to grow the output buffer */
 				outlen += (inleft * 2) + 16;
 				rc = (size_t) (outbuf - out);
 				out = g_realloc (out, outlen + 1);
 				outleft = outlen - rc;
 				outbuf = out + rc;
-			} else {
-				/* invalid byte(-sequence) in the input buffer */
+			}
+			
+			if (errno == EINVAL || errno == EILSEQ) {
+				/* invalid or incomplete multibyte
+				 * sequence in the input buffer */
 				*outbuf++ = '?';
 				outleft--;
 				inleft--;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]