bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: iconv test on AIX 7.1BETA


From: Bruno Haible
Subject: Re: iconv test on AIX 7.1BETA
Date: Sat, 31 Jul 2010 13:37:51 +0200
User-agent: KMail/1.9.9

Rainer Tammer wrote:
> # ./testme
> res = 0
> outptr-buf = 2, outbytesleft = -1, buf = { 0xC3, 0x84 }

This is a buffer overrun bug: Although an outbytesleft argument of 1 is
given, the iconv() function writes 2 bytes into memory. This kind of bug,
if not worked around, can crash any program that uses iconv.

I'm adding this detection to gnulib. It will have the effect that the
iconv() function is not used in this case, which is better than using a
function that can crash the program.


2010-07-31  Bruno Haible  <address@hidden>

        iconv: Work around AIX 6.1..7.1 bug.
        * doc/posix-functions/iconv.texi: Mention AIX 6.1, 7.1 bug.
        * m4/iconv.m4 (AM_ICONV_LINK): Test against AIX 6.1, 7.1 bug. When
        cross-compiling, guess no on all versions of AIX.
        Reported by Rainer Tammer.

--- doc/posix-functions/iconv.texi.orig Sat Jul 31 13:30:52 2010
+++ doc/posix-functions/iconv.texi      Sat Jul 31 13:24:05 2010
@@ -13,6 +13,9 @@
 @item
 Failures are not distinguishable from successful returns on some platforms:
 AIX 5.1, Solaris 10.
address@hidden
+A buffer overrun can occur on some platforms:
+AIX 6.1..7.1.
 @end itemize
 
 Portability problems not fixed by Gnulib:
--- m4/iconv.m4.orig    Sat Jul 31 13:30:52 2010
+++ m4/iconv.m4 Sat Jul 31 13:29:09 2010
@@ -1,4 +1,4 @@
-# iconv.m4 serial 11a
+# iconv.m4 serial 11b
 dnl Copyright (C) 2000-2002, 2007-2010 Free Software Foundation, Inc.
 dnl This file is free software; the Free Software Foundation
 dnl gives unlimited permission to copy and/or distribute it,
@@ -58,7 +58,8 @@
   ])
   if test "$am_cv_func_iconv" = yes; then
     AC_CACHE_CHECK([for working iconv], [am_cv_func_iconv_works], [
-      dnl This tests against bugs in AIX 5.1, HP-UX 11.11, Solaris 10.
+      dnl This tests against bugs in AIX 5.1, AIX 6.1..7.1, HP-UX 11.11,
+      dnl Solaris 10.
       am_save_LIBS="$LIBS"
       if test $am_cv_lib_iconv = yes; then
         LIBS="$LIBS $LIBICONV"
@@ -106,6 +107,24 @@
           return 1;
       }
   }
+  /* Test against AIX 6.1..7.1 bug: Buffer overrun.  */
+  {
+    iconv_t cd_88591_to_utf8 = iconv_open ("UTF-8", "ISO-8859-1");
+    if (cd_88591_to_utf8 != (iconv_t)(-1))
+      {
+        static const char input[] = "\304";
+        static char buf[2] = { (char)0xDE, (char)0xAD };
+        const char *inptr = input;
+        size_t inbytesleft = 1;
+        char *outptr = buf;
+        size_t outbytesleft = 1;
+        size_t res = iconv (cd_88591_to_utf8,
+                            (char **) &inptr, &inbytesleft,
+                            &outptr, &outbytesleft);
+        if (res != (size_t)(-1) || outptr - buf > 1 || buf[1] != (char)0xAD)
+          return 1;
+      }
+  }
 #if 0 /* This bug could be worked around by the caller.  */
   /* Test against HP-UX 11.11 bug: Positive return value instead of 0.  */
   {
@@ -142,8 +161,8 @@
         [
 changequote(,)dnl
          case "$host_os" in
-           aix | aix[3-6]* | hpux*) am_cv_func_iconv_works="guessing no" ;;
-           *)                       am_cv_func_iconv_works="guessing yes" ;;
+           aix* | hpux*) am_cv_func_iconv_works="guessing no" ;;
+           *)            am_cv_func_iconv_works="guessing yes" ;;
          esac
 changequote([,])dnl
         ])



reply via email to

[Prev in Thread] Current Thread [Next in Thread]