Launchpad has imported 3 comments from the remote bug at https://sourceware.org/bugzilla/show_bug.cgi?id=27256.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2021-01-27T12:33:46+00:00 Florian Weimer wrote: Tavis Ormandy reported that when converting from ISO-2022-JP-3 to UTF-8, the gconv module could trigger an assertion failure in iconv/skeleton.c if the second wide character in a two-wide-character sequence cannot be written to the output buffer during character set conversion. If glibc is built with assertions, this assertion failure can typically be triggered by applications (such as mail clients) which use the glibc iconv subsystem for MIME character set processing. Reply at: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1929105/comments/0 ------------------------------------------------------------------------ On 2021-01-27T12:42:11+00:00 Florian Weimer wrote: Patch posted: https://sourceware.org/pipermail/libc- alpha/2021-January/122058.html Reply at: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1929105/comments/1 ------------------------------------------------------------------------ On 2021-01-27T13:04:29+00:00 Florian Weimer wrote: Fixed for 2.33 via: commit 7d88c6142c6efc160c0ee5e4f85cde382c072888 Author: Florian Weimer <[email protected]> Date: Wed Jan 27 13:36:12 2021 +0100 gconv: Fix assertion failure in ISO-2022-JP-3 module (bug 27256) The conversion loop to the internal encoding does not follow the interface contract that __GCONV_FULL_OUTPUT is only returned after the internal wchar_t buffer has been filled completely. This is enforced by the first of the two asserts in iconv/skeleton.c: /* We must run out of output buffer space in this rerun. */ assert (outbuf == outerr); assert (nstatus == __GCONV_FULL_OUTPUT); This commit solves this issue by queuing a second wide character which cannot be written immediately in the state variable, like other converters already do (e.g., BIG5-HKSCS or TSCII). Reported-by: Tavis Ormandy <[email protected]> Reply at: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1929105/comments/2 ** Changed in: glibc Status: Unknown => Fix Released ** Changed in: glibc Importance: Unknown => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1929105 Title: CVE-2021-3326: The iconv app in glibc when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion & aborts To manage notifications about this bug go to: https://bugs.launchpad.net/glibc/+bug/1929105/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
