Bug 128674 - iconv(3) causes SIGSEGV on specific input
Summary: iconv(3) causes SIGSEGV on specific input
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: glibc
Version: 2
Hardware: i586
OS: Linux
medium
high
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-07-27 20:19 UTC by Boleslaw Ciesielski
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version: 2.3.3-42
Clone Of:
Environment:
Last Closed: 2004-08-12 08:44:12 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
test case (488 bytes, text/plain)
2004-07-27 20:23 UTC, Boleslaw Ciesielski
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2004:384 0 normal SHIPPED_LIVE Updated glibc packages 2004-09-02 04:00:00 UTC

Description Boleslaw Ciesielski 2004-07-27 20:19:09 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET 
CLR 1.1.4322)

Description of problem:
The following C program causes SIGSEGV inside the iconv(3) call:

#include <stdio.h>
#include <wchar.h>
#include <iconv.h>

int main()
{
  wchar_t inbuf[16] = { 0x10000, 0, };
  char outbuf[16] = { 0, };
  char *in_ptr = (char *) inbuf;
  size_t in_size = sizeof(wchar_t);
  char *out_ptr = outbuf;
  size_t out_size = sizeof outbuf;

  iconv_t enc = iconv_open("ibm943", "UCS-4LE");
  int n = iconv(enc, &in_ptr, &in_size, &out_ptr, &out_size);
  printf("n = %d  in_size = %d  out_size = %d\n", n, in_size, 
out_size);

  iconv_close(enc);
  return 0;
}



Version-Release number of selected component (if applicable):
glibc-2.3.3-27

How reproducible:
Always

Steps to Reproduce:
1. gcc -o iconv_bug iconv_bug.c
2. ./iconv_bug


Actual Results:  Program terminated with SIGSEGV

Expected Results:  n = 0  in_size = 0  out_size = 14

(the particular numbers are not important)

Additional info:

There is a similar case with character 0x10001 and "ibm932" (instead 
of 0x10000 and "ibm943")

Comment 1 Boleslaw Ciesielski 2004-07-27 20:23:22 UTC
Created attachment 102240 [details]
test case

Comment 3 Jakub Jelinek 2004-08-12 08:44:12 UTC
Should be fixed in glibc-2.3.3-42.

Comment 4 Jay Turner 2004-09-02 05:57:34 UTC
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2004-384.html



Note You need to log in before you can comment on or make changes to this bug.