36 lines
1.1 KiB
Diff
36 lines
1.1 KiB
Diff
From 8def647eea27f7fd7ad33ff79c2d6d3e39948dce Mon Sep 17 00:00:00 2001
|
|
From: Ileana Dumitrescu <ileanadumitrescu95@gmail.com>
|
|
Date: Mon, 10 Mar 2025 20:36:05 +0200
|
|
Subject: [PATCH] src/conv.c: Check src_length to avoid an unitinialized heap
|
|
read
|
|
|
|
---
|
|
src/conv.c | 7 +++++--
|
|
1 file changed, 5 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/conv.c b/src/conv.c
|
|
index 9a2a418..3099202 100644
|
|
--- a/src/conv.c
|
|
+++ b/src/conv.c
|
|
@@ -578,8 +578,8 @@ strndup_iconv_from_ucs2 (unsigned long * out_size,
|
|
* @returns
|
|
* A pointer to the allocated buffer. You must free() the buffer
|
|
* when it is no longer needed. The function returns @c NULL when
|
|
- * the conversion fails, when it runs out of memory or when @a src
|
|
- * is @c NULL.
|
|
+ * the conversion fails, when it runs out of memory, src_length is
|
|
+ * set to zero, or when @a src is @c NULL.
|
|
*
|
|
* @since 0.2.23
|
|
*/
|
|
@@ -593,6 +593,9 @@ vbi_strndup_iconv_ucs2 (const char * dst_codeset,
|
|
char *result;
|
|
unsigned long size;
|
|
|
|
+ if (0 == src_length)
|
|
+ return NULL;
|
|
+
|
|
buffer = strndup_iconv_from_ucs2 (&size,
|
|
dst_codeset,
|
|
src, src_length,
|