Fix validation check when converting from ibm930 to utf

[BZ #14134]

When converting IBM930 code with iconv(), if IBM930 code which
includes invalid multibyte character "0xffff" is specified, then
iconv() segfaults. This is easy to see using the following command:

echo '0x0e 0x43 0x8c 0xff 0xff 0x43 0xbd 0x43 0xbd' | xxd -r |
	iconv -f IBM930 -t UTF-8

diff --git a/ChangeLog b/ChangeLog
index 1615aad..b2fd481 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2012-06-06  Siddhesh Poyarekar  <siddhesh@redhat.com>
+
+       [BZ #14134]
+       * iconvdata/ibm930.c (BODY) [FROM_LOOP]: Check for invalid
+       character 0xffff that matches the last element of the
+       conversion table.
+
 2012-06-05  Adhemerval Zanella  <azanella@linux.vnet.ibm.com>
 
        * sysdeps/ieee754/ldbl-128ibm/e_fmodl.c: Fix for wrong ldbl128-ibm

diff --git a/NEWS b/NEWS
index d332708..4804cb2 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -29,7 +29,7 @@ Version 2.16
   13963, 13967, 13968, 13970, 13973, 13979, 13983, 13986, 13996, 14012,
   14027, 14033, 14034, 14036, 14040, 14043, 14044, 14048, 14049, 14053,
   14055, 14059, 14064, 14075, 14080, 14083, 14103, 14104, 14109, 14112,
-  14122, 14123, 14153, 14183, 14188, 14199
+  14122, 14123, 14134, 14153, 14183, 14188, 14199
 
 * Support for the x32 ABI on x86-64 added.  The x32 target is selected by
   configuring glibc with:

diff --git a/iconvdata/ibm930.c b/iconvdata/ibm930.c
index 25a9be0..587d54f 100644 (file)
--- a/iconvdata/ibm930.c
+++ b/iconvdata/ibm930.c
@@ -1,5 +1,5 @@
 /* Conversion from and to IBM930.
-   Copyright (C) 2000-2002, 2008 Free Software Foundation, Inc.
+   Copyright (C) 2000-2012 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Masahide Washizawa <washi@yamato.ibm.co.jp>, 2000.
 
@@ -162,7 +162,8 @@ enum
        while (ch > rp2->end)                                                 \
          ++rp2;                                                              \
                                                                              \
-       if (__builtin_expect (ch < rp2->start, 0)                             \
+       if (__builtin_expect (rp2->start == 0xffff, 0)                        \
+           || __builtin_expect (ch < rp2->start, 0)                          \
            || (res = __ibm930db_to_ucs4[ch + rp2->idx],                      \
                __builtin_expect (res, L'\1') == L'\0' && ch != '\0'))        \
          {                                                                   \