diff options
| author | Jakub Jelinek <jakub@redhat.com> | 2005-03-19 21:04:10 +0000 |
|---|---|---|
| committer | Jakub Jelinek <jakub@redhat.com> | 2005-03-19 21:04:10 +0000 |
| commit | 8f8ebbc438fcb4b22fba8beb3ef3d1aa59d9d7bf (patch) | |
| tree | b7091affa76bbaf47e78a59dfc72b2102554eaf9 /libidn | |
| parent | f5c3480e830e94e0e51a0bdb1053944daed8bc58 (diff) | |
Updated to fedora-glibc-20050319T1907cvs/fedora-glibc-2_3_4-15
Diffstat (limited to 'libidn')
| -rw-r--r-- | libidn/ChangeLog | 10 | ||||
| -rw-r--r-- | libidn/iconvme.c | 18 |
2 files changed, 25 insertions, 3 deletions
diff --git a/libidn/ChangeLog b/libidn/ChangeLog index df3a6269e8..f9303743fc 100644 --- a/libidn/ChangeLog +++ b/libidn/ChangeLog @@ -1,3 +1,13 @@ +2005-03-08 Paul Eggert <eggert@cs.ucla.edu> + + * iconvme.c (SIZE_MAX): New macro, if not already defined. + (iconv_string): Don't guess a size-zero buffer, as that might cause + buffer overrun. Instead, avoid multiplying by MB_LEN_MAX if the + result would be 'too large', where 'too large' is (heuristically) + the square root of SIZE_MAX, divided by MB_LEN_MAX to allay + overflow concerns. This will prevent some unwanted malloc failures + when the inputs are very large. + 2005-02-12 Simon Josefsson <jas@extundo.com > * iconvme.h: New file, extracted from toutf8.c but improved. diff --git a/libidn/iconvme.c b/libidn/iconvme.c index daf0c8e349..cc4dd1daa5 100644 --- a/libidn/iconvme.c +++ b/libidn/iconvme.c @@ -41,10 +41,14 @@ #if HAVE_ICONV /* Get iconv etc. */ # include <iconv.h> -/* Get MB_LEN_MAX. */ +/* Get MB_LEN_MAX, CHAR_BIT. */ # include <limits.h> #endif +#ifndef SIZE_MAX +# define SIZE_MAX ((size_t) -1) +#endif + /* Convert a zero-terminated string STR from the FROM_CODSET code set to the TO_CODESET code set. The returned string is allocated using malloc, and must be dellocated by the caller using free. On @@ -63,10 +67,18 @@ iconv_string (const char *str, const char *from_codeset, char *p = (char *) str; size_t inbytes_remaining = strlen (p); /* Guess the maximum length the output string can have. */ - size_t outbuf_size = (inbytes_remaining + 1) * MB_LEN_MAX; - size_t outbytes_remaining = outbuf_size - 1; /* -1 for NUL */ + size_t outbuf_size = inbytes_remaining + 1; + size_t outbytes_remaining; size_t err; int have_error = 0; + + /* Use a worst-case output size guess, so long as that wouldn't be + too large for comfort. It's OK if the guess is wrong so long as + it's nonzero. */ + size_t approx_sqrt_SIZE_MAX = SIZE_MAX >> (sizeof (size_t) * CHAR_BIT / 2); + if (outbuf_size <= approx_sqrt_SIZE_MAX / MB_LEN_MAX) + outbuf_size *= MB_LEN_MAX; + outbytes_remaining = outbuf_size - 1; #endif if (strcmp (to_codeset, from_codeset) == 0) |