php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-31 04:32:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix legacy conversion filter for ISO-2022-KR

Browse Source 
When I was working on this code before, it really, really
looked like the index into `uhc3_ucs_table` could never
overrun the size of the table. Why did I get this wrong?
Don't know. Anyways, libfuzzer tore away my illusions
and unequivocally demonstrated that the index CAN be
larger than the size of the table.
This commit is contained in:
Alex Dowad
2022-06-30 14:05:17 +02:00
parent cebb8009c6
commit c8e4f313fa
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ext/mbstring/libmbfl/filters/mbfilter_iso2022_kr.c
View File

@@ -125,8 +125,11 @@ int mbfl_filt_conv_2022kr_wchar(int c, mbfl_convert_filter *filter)
}
} else {
w = (c1 - 0x47)*94 + c - 0x21;
ZEND_ASSERT(w < uhc3_ucs_table_size);
w = uhc3_ucs_table[w];
if (w < uhc3_ucs_table_size) {
w = uhc3_ucs_table[w];
} else {
w = MBFL_BAD_INPUT;
}
}
if (w <= 0) {