Bug 228502 - [patch] news/slrn: sigsegv due to --with-non-gnu-iconv under FreeBSD 11.1
Summary: [patch] news/slrn: sigsegv due to --with-non-gnu-iconv under FreeBSD 11.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Johan van Selst
URL:
Keywords: easy, patch-ready
Depends on:
Blocks:
 
Reported: 2018-05-26 13:11 UTC by Eugene Grosbein
Modified: 2018-06-30 01:11 UTC (History)
1 user (show)

See Also:
eugen: maintainer-feedback-
eugen: maintainer-feedback-


Attachments
unbreak iconv_convert_string() (364 bytes, patch)
2018-05-26 13:11 UTC, Eugene Grosbein
eugen: maintainer-approval? (johans)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Eugene Grosbein freebsd_committer 2018-05-26 13:11:26 UTC
Created attachment 193710 [details]
unbreak iconv_convert_string()

Hi!

slrn may crash with sigserv trying to parse "Subject:" header what contains unconvertable data as our iconv() function now correctly returns non-zero count of convertable symbols but new/slrn is built with --with-non-gnu-iconv flag and expects zero return value for such error.

This code is located in src/charset.c, function iconv_convert_string().
The flag --with-non-gnu-iconv defines NON_GNU_ICONV and this function is the only place where NON_GNU_ICONV is checked. Due to this problem, unsigned "size_t inbytesleft" variable underflow occurs, negative value turns to large positive leading to incorrect memory accesses later.

Solution is to backout https://svnweb.freebsd.org/ports?view=revision&revision=349278 as base system's iconv(3) function is now compatible with GNU one.
Comment 1 commit-hook freebsd_committer 2018-06-30 00:49:54 UTC
A commit references this bug:

Author: eugen
Date: Sat Jun 30 00:49:19 UTC 2018
New revision: 473592
URL: https://svnweb.freebsd.org/changeset/ports/473592

Log:
  news/slrn: fix crash with SIGSERV in the iconv_convert_string()

  Back out r349278 that added --with-non-gnu-iconv trying to solve
  our early iconv() inconsistences that are not actual anymore
  as it now now correctly returns non-zero count of convertable symbols.

  This fixes unsigned underflow in the slrn code turning
  negative value to large positive leading to incorrect memory accesses later.

  PR:		228502
  Approved by:	johans (maintainer timeout, 1 month)

Changes:
  head/news/slrn/Makefile