Project

General

Profile

Actions

Bug #18651

open

oob access in CP51932 -> CP50220 transcoder

Added by ahorek (Pavel Rosický) 2 months ago. Updated 2 months ago.

Status:
Open
Priority:
Normal
Target version:
-
[ruby-core:107994]

Description

Hello,
while working on a port of Japanese transcoder, I found a potential out of bounds access:
https://github.com/ruby/ruby/blob/73541cdc2f192f856ab19781472cdccbf9c21f71/enc/trans/iso2022.trans#L465

tbl0208 has 126 chars
in this example const char *p = tbl0208 + 186 leads to undefined behavior (without any error)

test case

str = "\x00\x7F\x8E\xA1\x8E\xFE\xA1\xA1\xA1\xFE".force_encoding("CP51932")
str.encode("CP50220").bytes
[0, 127, 27, 36, 66, 33, 35, 80, 0, 33, 33, 33, 126, 27, 40, 66]

nkf does convert the string differently

nkf --ic=CP51932 --oc=CP50220 test.txt > out.txt
[0, 127, 27, 40, 73, 33, 126, 27, 36, 66, 33, 33, 33, 126, 27, 40, 66]

is it a bug?

Updated by duerst (Martin Dürst) 2 months ago

  • Assignee set to akr (Akira Tanaka)

Updated by nobu (Nobuyoshi Nakada) 2 months ago

Accessing outside the table is definitely a bug.
Before that, SS2+0xA1 which should be JIS0201 is converted to JIS0208.

Updated by nobu (Nobuyoshi Nakada) 2 months ago

As this converter seems to convert JIS0201 to JIS0208 as possible, this part would be intentional.

Actions

Also available in: Atom PDF