I found the following hangs when running an iconv input fuzzer I wrote while trying to fix bug 19519. The hangs are present in master: echo -en '\x00\x0f' | iconv -t UTF-8 -c -f IBM1364 echo -en '\x00\x0f' | iconv -t UTF-8 -c -f IBM1371 echo -en '\x00\x0f' | iconv -t UTF-8 -c -f IBM1388 echo -en '\x00\x0f' | iconv -t UTF-8 -c -f IBM1390 echo -en '\x00\x0f' | iconv -t UTF-8 -c -f IBM1399 These hangs are presently mentioned but commented out in iconv/tst-iconv_prog.sh and should eventually be un-commented when this bug is fixed. The fuzzer itself (attachment 11786 [details]) should also be run against these character sets after this bug is fixed, because they skip all remaining inputs for a character set once they encounter a hang in the corresponding converter, and thus any other hangs (from possibly other bugs) aren't tested for.
Fixed by: commit 9a99c682144bdbd40792ebf822fe9264e0376fb5 Author: Arjun Shankar <arjun@redhat.com> Date: Wed Nov 4 12:19:38 2020 +0100 iconv: Accept redundant shift sequences in IBM1364 [BZ #26224] The IBM1364, IBM1371, IBM1388, IBM1390 and IBM1399 character sets share converter logic (iconvdata/ibm1364.c) which would reject redundant shift sequences when processing input in these character sets. This led to a hang in the iconv program (CVE-2020-27618). This commit adjusts the converter to ignore redundant shift sequences and adds test cases for iconv_prog hangs that would be triggered upon their rejection. This brings the implementation in line with other converters that also ignore redundant shift sequences (e.g. IBM930 etc., fixed in commit 692de4b3960d). Reviewed-by: Carlos O'Donell <carlos@redhat.com>