This is an automated email from the ASF dual-hosted git repository.
swebb2066 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/logging-log4cxx.git
The following commit(s) were added to refs/heads/master by this push:
new 49361f32 Fix nullptr pointer arithmetic in charset decoder (#670)
49361f32 is described below
commit 49361f32c2696d4e8005166371445a7e5cf6649a
Author: metsw24-max <[email protected]>
AuthorDate: Fri May 15 13:04:49 2026 +0530
Fix nullptr pointer arithmetic in charset decoder (#670)
---
src/main/cpp/charsetdecoder.cpp | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/src/main/cpp/charsetdecoder.cpp b/src/main/cpp/charsetdecoder.cpp
index 569e7c5c..90977573 100644
--- a/src/main/cpp/charsetdecoder.cpp
+++ b/src/main/cpp/charsetdecoder.cpp
@@ -197,7 +197,26 @@ class MbstowcsCharsetDecoder : public CharsetDecoder
&src,
BUFSIZE - 1,
&mbstate);
- auto converted = src - cbuf;
+ // mbsrtowcs sets *src to nullptr when
it consumes a null wide character.
+ // Performing pointer arithmetic on
that nullptr (src - cbuf) is undefined
+ // behaviour, so recover the consumed
byte count from the position of the
+ // null that stopped the conversion
instead.
+ size_t converted;
+ if (src == nullptr)
+ {
+ size_t nullPos = 0;
+ while (nullPos < available &&
cbuf[nullPos] != 0)
+ {
+ ++nullPos;
+ }
+ // If the null came from the
input bytes, it was consumed too;
+ // if it is the sentinel we
wrote at cbuf[available], stop at available.
+ converted = (nullPos <
available) ? nullPos + 1 : available;
+ }
+ else
+ {
+ converted =
static_cast<size_t>(src - cbuf);
+ }
in.increment_position(converted);
if (wCharCount == (size_t) -1) //
Illegal byte sequence?
