Project

General

Profile

Actions

Bug #18651

closed

oob access in CP51932 -> CP50220 transcoder

Added by ahorek (Pavel Rosický) almost 2 years ago. Updated 7 months ago.


Description

Hello,
while working on a port of Japanese transcoder, I found a potential out of bounds access:
https://github.com/ruby/ruby/blob/73541cdc2f192f856ab19781472cdccbf9c21f71/enc/trans/iso2022.trans#L465

tbl0208 has 126 chars
in this example const char *p = tbl0208 + 186 leads to undefined behavior (without any error)

test case

str = "\x00\x7F\x8E\xA1\x8E\xFE\xA1\xA1\xA1\xFE".force_encoding("CP51932")
str.encode("CP50220").bytes
[0, 127, 27, 36, 66, 33, 35, 80, 0, 33, 33, 33, 126, 27, 40, 66]

nkf does convert the string differently

nkf --ic=CP51932 --oc=CP50220 test.txt > out.txt
[0, 127, 27, 40, 73, 33, 126, 27, 36, 66, 33, 33, 33, 126, 27, 40, 66]

is it a bug?

Updated by duerst (Martin Dürst) almost 2 years ago

  • Assignee set to akr (Akira Tanaka)

Updated by nobu (Nobuyoshi Nakada) almost 2 years ago

Accessing outside the table is definitely a bug.
Before that, SS2+0xA1 which should be JIS0201 is converted to JIS0208.

Updated by nobu (Nobuyoshi Nakada) almost 2 years ago

As this converter seems to convert JIS0201 to JIS0208 as possible, this part would be intentional.

Actions #4

Updated by jeremyevans0 (Jeremy Evans) 7 months ago

  • Status changed from Open to Closed
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0