Created attachment 9039 [details] sample input. libidn's stringprep_utf8_nfkc_normalize function may read out of bounds if an invalid utf-8 string gets passed. glibc bundles libidn. This has been fixed upstream here: http://git.savannah.gnu.org/gitweb/?p=libidn.git;a=commit;h=1fbee57ef3c72db2206dd87e4162108b2f425555 Attached is a sample input that can be triggered with idn -n. Found with american fuzzy lop.
*** Bug 22334 has been marked as a duplicate of this bug. ***
*** Bug 22333 has been marked as a duplicate of this bug. ***