Actions
Bug #18651
closedoob access in CP51932 -> CP50220 transcoder
Description
Hello,
while working on a port of Japanese transcoder, I found a potential out of bounds access:
https://github.com/ruby/ruby/blob/73541cdc2f192f856ab19781472cdccbf9c21f71/enc/trans/iso2022.trans#L465
tbl0208
has 126 chars
in this example const char *p = tbl0208 + 186
leads to undefined behavior (without any error)
test case
str = "\x00\x7F\x8E\xA1\x8E\xFE\xA1\xA1\xA1\xFE".force_encoding("CP51932")
str.encode("CP50220").bytes
[0, 127, 27, 36, 66, 33, 35, 80, 0, 33, 33, 33, 126, 27, 40, 66]
nkf does convert the string differently
nkf --ic=CP51932 --oc=CP50220 test.txt > out.txt
[0, 127, 27, 40, 73, 33, 126, 27, 36, 66, 33, 33, 33, 126, 27, 40, 66]
is it a bug?
Updated by duerst (Martin Dürst) over 2 years ago
- Assignee set to akr (Akira Tanaka)
Updated by nobu (Nobuyoshi Nakada) over 2 years ago
Accessing outside the table is definitely a bug.
Before that, SS2+0xA1 which should be JIS0201 is converted to JIS0208.
Updated by nobu (Nobuyoshi Nakada) over 2 years ago
As this converter seems to convert JIS0201 to JIS0208 as possible, this part would be intentional.
Updated by jeremyevans0 (Jeremy Evans) over 1 year ago
- Status changed from Open to Closed
Actions
Like0
Like0Like0Like0Like0