This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug locale/19519] iconv(1) with -c option hangs on illegal multi-byte sequences (CVE-2016-10228)
- From: "arjun.is at lostca dot se" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Thu, 22 Jun 2017 14:05:14 +0000
- Subject: [Bug locale/19519] iconv(1) with -c option hangs on illegal multi-byte sequences (CVE-2016-10228)
- Auto-submitted: auto-generated
- References: <bug-19519-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=19519
--- Comment #12 from Arjun Shankar <arjun.is at lostca dot se> ---
I quickly want to point out that passing an input character that requires
transliteration and then passing //translit as the second suffix also leads to
erroneous program behaviour (it reports an error instead of performing
transliteration). Some test cases:
Exits successfully with 'A' written to stdout (because //translit is the only
or first suffix):
$ echo -en '\xc3\x81' | iconv -f utf8 -t "us-ascii//translit"
$ echo -en '\xc3\x81' | iconv -f utf8 -t "us-ascii//translit//ignore"
No transliteration and corresponding "illegal input sequence" error thrown,
even though //translit is passed, but it is incorrectly ignored by the program
because it is not the first suffix:
$ echo -en '\xc3\x81' | iconv -f utf8 -t "us-ascii//ignore//translit"
Exits without error messages but (incorrectly) writes nothing to stdout. This
is because 'translit' got ignored (2nd suffix), but '-c' leads to silently
dropping the input character that wasn't transliterated:
$ echo -en '\xc3\x81' | iconv -f utf8 -t "us-ascii//ignore//translit" -c
--
You are receiving this mail because:
You are on the CC list for the bug.