Fix off-by-one OOB write in iconv/tst-iconv-mt

The iconv buffer sizes must not include the \0 string terminator. When \0 cannot be part of a valid character encoding glibc iconv would copy it to the output as expected, but then later the explicit output termination with *outbufpos = '\0' is out of bounds.
author: Szabolcs Nagy <szabolcs.nagy@arm.com> 2022-09-26 15:38:19 +0100
committer: Szabolcs Nagy <szabolcs.nagy@arm.com> 2022-10-27 14:46:47 +0100
commit: dd9ec10913da97c0a5b64f5fd9ac195a61ef13b1 (patch)
tree: 37f24cdff22a8dd33a7b7561b7ae1963c5e65af1
parent: adeba2c19ae48a833cbf09267666e44c2375f2b4 (diff)
download: glibc-dd9ec10913da97c0a5b64f5fd9ac195a61ef13b1.tar
glibc-dd9ec10913da97c0a5b64f5fd9ac195a61ef13b1.tar.gz
glibc-dd9ec10913da97c0a5b64f5fd9ac195a61ef13b1.tar.bz2
glibc-dd9ec10913da97c0a5b64f5fd9ac195a61ef13b1.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/iconv/tst-iconv-mt.c b/iconv/tst-iconv-mt.c
index daaebd273b..0320885c06 100644
--- a/iconv/tst-iconv-mt.c
+++ b/iconv/tst-iconv-mt.c
@@ -58,11 +58,11 @@ worker (void * arg)
 
   char ascii[] = CONV_INPUT;
   char *inbufpos = ascii;
-  size_t inbytesleft = sizeof (CONV_INPUT);
+  size_t inbytesleft = sizeof (CONV_INPUT) - 1;
 
   char *utf8 = xcalloc (sizeof (CONV_INPUT), 1);
   char *outbufpos = utf8;
-  size_t outbytesleft = sizeof (CONV_INPUT);
+  size_t outbytesleft = sizeof (CONV_INPUT) - 1;
 
   if (tidx < TCOUNT/2)
     /* The first half of the worker thread pool synchronize together here,
author	Szabolcs Nagy <szabolcs.nagy@arm.com>	2022-09-26 15:38:19 +0100
committer	Szabolcs Nagy <szabolcs.nagy@arm.com>	2022-10-27 14:46:47 +0100
commit	dd9ec10913da97c0a5b64f5fd9ac195a61ef13b1 (patch)
tree	37f24cdff22a8dd33a7b7561b7ae1963c5e65af1
parent	adeba2c19ae48a833cbf09267666e44c2375f2b4 (diff)
download	glibc-dd9ec10913da97c0a5b64f5fd9ac195a61ef13b1.tar glibc-dd9ec10913da97c0a5b64f5fd9ac195a61ef13b1.tar.gz glibc-dd9ec10913da97c0a5b64f5fd9ac195a61ef13b1.tar.bz2 glibc-dd9ec10913da97c0a5b64f5fd9ac195a61ef13b1.zip