advancetoolchain / advance-toolchain

Advance Toolchain for Linux on Power build system.
https://www.ibm.com/support/pages/advance-toolchain-linux-power
Apache License 2.0
35 stars 27 forks source link

[CVE-2021-3326] glibc: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters #1938

Closed tuliom closed 3 years ago

tuliom commented 3 years ago

It affects AT 12.0, 13.0 and 14.0.

References:

tuliom commented 3 years ago

Notice there are 3 patches for this:

commit 7d88c6142c6efc160c0ee5e4f85cde382c072888
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Jan 27 13:36:12 2021 +0100

    gconv: Fix assertion failure in ISO-2022-JP-3 module (bug 27256)

    The conversion loop to the internal encoding does not follow
    the interface contract that __GCONV_FULL_OUTPUT is only returned
    after the internal wchar_t buffer has been filled completely.  This
    is enforced by the first of the two asserts in iconv/skeleton.c:

                  /* We must run out of output buffer space in this
                     rerun.  */
                  assert (outbuf == outerr);
                  assert (nstatus == __GCONV_FULL_OUTPUT);

    This commit solves this issue by queuing a second wide character
    which cannot be written immediately in the state variable, like
    other converters already do (e.g., BIG5-HKSCS or TSCII).

    Reported-by: Tavis Ormandy <taviso@gmail.com>

commit d7f4f3f5fb1275f0b3d9f4e1b3d9d7b75a5a9e26
Author: Florian Weimer <fweimer@redhat.com>
Date:   Fri Jan 29 17:29:57 2021 +0100

    NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3)

commit 934c48a05b3491c39253678dd4bf671af8c3425e (origin/master, origin/HEAD)
Author: Florian Weimer <fweimer@redhat.com>
Date:   Fri Jan 29 18:20:54 2021 +0100

    NEWS: Fix typo in CVE-2021-3326 entry
er-1 commented 3 years ago

Fixed on AT 13.0: 6d59f50. I'll be available in AT 13.0-4.

er-1 commented 3 years ago

Fixed on AT 14.0: 5d066b5dd73502d0bffec0bb83ef3dbb63d4c367. Available in AT 14.0-3.