From 41488498b6d9440ee66ab033808cce8323bba7ac Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Wed, 3 Sep 2014 19:45:43 +0200
Subject: CVE-2014-6040: Crashes on invalid input in IBM gconv modules [BZ
 #17325]

These changes are based on the fix for BZ #14134 in commit
6e230d11837f3ae7b375ea69d7905f0d18eb79e5.
---
 iconvdata/ibm943.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'iconvdata/ibm943.c')

diff --git a/iconvdata/ibm943.c b/iconvdata/ibm943.c
index be0c14f681..c5d5742136 100644
--- a/iconvdata/ibm943.c
+++ b/iconvdata/ibm943.c
@@ -75,11 +75,12 @@
 	  }								      \
 									      \
 	ch = (ch * 0x100) + inptr[1];					      \
+	/* ch was less than 0xfd.  */					      \
+	assert (ch < 0xfd00);						      \
 	while (ch > rp2->end)						      \
 	  ++rp2;							      \
 									      \
-	if (__builtin_expect (rp2 == NULL, 0)				      \
-	    || __builtin_expect (ch < rp2->start, 0)			      \
+	if (__builtin_expect (ch < rp2->start, 0)			      \
 	    || (res = __ibm943db_to_ucs4[ch + rp2->idx],		      \
 	    __builtin_expect (res, '\1') == 0 && ch !=0))		      \
 	  {								      \
-- 
cgit v1.2.3