From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322) Description of problem: The following C program causes SIGSEGV inside the iconv(3) call: #include <stdio.h> #include <wchar.h> #include <iconv.h> int main() { wchar_t inbuf[16] = { 0x10000, 0, }; char outbuf[16] = { 0, }; char *in_ptr = (char *) inbuf; size_t in_size = sizeof(wchar_t); char *out_ptr = outbuf; size_t out_size = sizeof outbuf; iconv_t enc = iconv_open("ibm943", "UCS-4LE"); int n = iconv(enc, &in_ptr, &in_size, &out_ptr, &out_size); printf("n = %d in_size = %d out_size = %d\n", n, in_size, out_size); iconv_close(enc); return 0; } Version-Release number of selected component (if applicable): glibc-2.3.3-27 How reproducible: Always Steps to Reproduce: 1. gcc -o iconv_bug iconv_bug.c 2. ./iconv_bug Actual Results: Program terminated with SIGSEGV Expected Results: n = 0 in_size = 0 out_size = 14 (the particular numbers are not important) Additional info: There is a similar case with character 0x10001 and "ibm932" (instead of 0x10000 and "ibm943")
Created attachment 102240 [details] test case
http://sources.redhat.com/ml/libc-hacker/2004-08/msg00000.html
Should be fixed in glibc-2.3.3-42.
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2004-384.html