Bug 128674 - iconv(3) causes SIGSEGV on specific input
iconv(3) causes SIGSEGV on specific input
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: glibc (Show other bugs)
2
i586 Linux
medium Severity high
: ---
: ---
Assigned To: Jakub Jelinek
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-07-27 16:19 EDT by Boleslaw Ciesielski
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version: 2.3.3-42
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-08-12 04:44:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
test case (488 bytes, text/plain)
2004-07-27 16:23 EDT, Boleslaw Ciesielski
no flags Details

  None (edit)
Description Boleslaw Ciesielski 2004-07-27 16:19:09 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET 
CLR 1.1.4322)

Description of problem:
The following C program causes SIGSEGV inside the iconv(3) call:

#include <stdio.h>
#include <wchar.h>
#include <iconv.h>

int main()
{
  wchar_t inbuf[16] = { 0x10000, 0, };
  char outbuf[16] = { 0, };
  char *in_ptr = (char *) inbuf;
  size_t in_size = sizeof(wchar_t);
  char *out_ptr = outbuf;
  size_t out_size = sizeof outbuf;

  iconv_t enc = iconv_open("ibm943", "UCS-4LE");
  int n = iconv(enc, &in_ptr, &in_size, &out_ptr, &out_size);
  printf("n = %d  in_size = %d  out_size = %d\n", n, in_size, 
out_size);

  iconv_close(enc);
  return 0;
}



Version-Release number of selected component (if applicable):
glibc-2.3.3-27

How reproducible:
Always

Steps to Reproduce:
1. gcc -o iconv_bug iconv_bug.c
2. ./iconv_bug


Actual Results:  Program terminated with SIGSEGV

Expected Results:  n = 0  in_size = 0  out_size = 14

(the particular numbers are not important)

Additional info:

There is a similar case with character 0x10001 and "ibm932" (instead 
of 0x10000 and "ibm943")
Comment 1 Boleslaw Ciesielski 2004-07-27 16:23:22 EDT
Created attachment 102240 [details]
test case
Comment 3 Jakub Jelinek 2004-08-12 04:44:12 EDT
Should be fixed in glibc-2.3.3-42.
Comment 4 Jay Turner 2004-09-02 01:57:34 EDT
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2004-384.html

Note You need to log in before you can comment on or make changes to this bug.