Bug #18651: oob access in CP51932 -> CP50220 transcoder - Ruby master - Ruby Issue Tracking System

Actions

Copy link

Bug #18651

closed

oob access in CP51932 -> CP50220 transcoder

Added by ahorek (Pavel Rosický) about 2 years ago. Updated 8 months ago.

Status:

Closed

Assignee:

akr (Akira Tanaka)

Target version:

ruby -v:

Backport:

2.6: UNKNOWN, 2.7: UNKNOWN, 3.0: UNKNOWN, 3.1: UNKNOWN

[ruby-core:107994]

Description

Hello,
while working on a port of Japanese transcoder, I found a potential out of bounds access:
https://github.com/ruby/ruby/blob/73541cdc2f192f856ab19781472cdccbf9c21f71/enc/trans/iso2022.trans#L465

tbl0208 has 126 chars
in this example const char *p = tbl0208 + 186 leads to undefined behavior (without any error)

test case

str = "\x00\x7F\x8E\xA1\x8E\xFE\xA1\xA1\xA1\xFE".force_encoding("CP51932")
str.encode("CP50220").bytes
[0, 127, 27, 36, 66, 33, 35, 80, 0, 33, 33, 33, 126, 27, 40, 66]

nkf does convert the string differently

nkf --ic=CP51932 --oc=CP50220 test.txt > out.txt
[0, 127, 27, 40, 73, 33, 126, 27, 36, 66, 33, 33, 33, 126, 27, 40, 66]

is it a bug?

Actions

Copy link

Also available in: Atom PDF

Like0

Like0Like0Like0Like0

Project

General

Profile

Ruby » Ruby master

Custom queries

Bug #18651

oob access in CP51932 -> CP50220 transcoder

Updated by duerst (Martin Dürst) about 2 years ago

Updated by nobu (Nobuyoshi Nakada) about 2 years ago

Updated by nobu (Nobuyoshi Nakada) about 2 years ago

Updated by jeremyevans0 (Jeremy Evans) 8 months ago