From 9b586ba6f3454274f268a4e05c7c6783c6c51622 Mon Sep 17 00:00:00 2001 From: Sam Clegg Date: Mon, 2 Jun 2025 16:20:25 -0700 Subject: [PATCH] Apply CVE patches from musl 1.2.5 This change applies the 2 security patches listed for musl 1.2.5 on https://musl.libc.org/. --- system/lib/libc/musl/src/locale/iconv.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/system/lib/libc/musl/src/locale/iconv.c b/system/lib/libc/musl/src/locale/iconv.c index 175def1c63f1a..3dd9fd902e09d 100644 --- a/system/lib/libc/musl/src/locale/iconv.c +++ b/system/lib/libc/musl/src/locale/iconv.c @@ -495,7 +495,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri if (c >= 93 || d >= 94) { c += (0xa1-0x81); d += 0xa1; - if (c >= 93 || c>=0xc6-0x81 && d>0x52) + if (c > 0xc6-0x81 || c==0xc6-0x81 && d>0x52) goto ilseq; if (d-'A'<26) d = d-'A'; else if (d-'a'<26) d = d-'a'+26; @@ -538,6 +538,10 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri if (*outb < k) goto toobig; memcpy(*out, tmp, k); } else k = wctomb_utf8(*out, c); + /* This failure condition should be unreachable, but + * is included to prevent decoder bugs from translating + * into advancement outside the output buffer range. */ + if (k>4) goto ilseq; *out += k; *outb -= k; break;