This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug locale/19519] iconv(1) with -c option hangs on illegal multi-byte sequences (CVE-2016-10228)
- From: "rschiele at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 07 Mar 2017 10:27:42 +0000
- Subject: [Bug locale/19519] iconv(1) with -c option hangs on illegal multi-byte sequences (CVE-2016-10228)
- Auto-submitted: auto-generated
- References: <bug-19519-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=19519
--- Comment #6 from Robert Schiele <rschiele at gmail dot com> ---
(In reply to Jan Engelhardt from comment #5)
> >2. Is advancing by one byte generally a good idea?
>
> In case where each codepoint is known to be encoded as the same number of
> bytes, e.g. 4 octets in UTF-32, I would expect it to advance by that stride.
>
> echo -en '\xff\xff\xff\xff' | iconv -f utf-32 -t utf-32//translit//ignore -c
Exactly such a case I had in mind with my concern. Thus next task is to find a
way to determine within that context the size of each code point in bytes. This
might probably be a bit difficult given that this knowledge seems to be totally
encapsulated within the iconv function call.
--
You are receiving this mail because:
You are on the CC list for the bug.