fuzz: Work around glibc iconv() bug

2025-04-01 10:50:08 +03:00 · 2025-02-11 00:21:12 +01:00 · 2025-02-11 00:21:12 +01:00 · cfc854b839
commit cfc854b839
parent 3a1526a5f7
1 changed files with 41 additions and 0 deletions
--- a/encoding.c
+++ b/encoding.c
@ -1140,6 +1140,32 @@ xmlIconvFree(void *vctxt) {
    xmlFree(ctxt);
 }

+#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) && \
+    defined(__GLIBC__)
+#include "private/parser.h"
+
+static int
+xmlEncodingMatch(const char *name1, const char *name2) {
+    /*
+     * Fuzzy match for encoding names
+     */
+    while (1) {
+        while ((*name1 != 0) && (!IS_ASCII_LETTER(*name1)))
+            name1 += 1;
+        while ((*name2 != 0) && (!IS_ASCII_LETTER(*name2)))
+            name2 += 1;
+        if ((*name1 == 0) || (*name2 == 0))
+            break;
+        if ((*name1 | 0x20) != (*name2 | 0x20))
+            return(0);
+        name1 += 1;
+        name2 += 1;
+    }
+
+    return((*name1 == 0) && (*name2 == 0));
+}
+#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
+
 static int
 xmlCharEncIconv(void *vctxt, const char *name, xmlCharEncConverter *conv) {
    xmlCharEncodingHandler *handler = vctxt;
@ -1180,6 +1206,21 @@ xmlCharEncIconv(void *vctxt, const char *name, xmlCharEncConverter *conv) {
        goto error;
    }

+#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) && \
+    defined(__GLIBC__)
+    /*
+     * This glibc bug can lead to unpredictable results with the
+     * push parser.
+     *
+     * https://sourceware.org/bugzilla/show_bug.cgi?id=32633
+     */
+    if ((xmlEncodingMatch(name, "TSCII")) ||
+        (xmlEncodingMatch(name, "BIG5-HKSCS"))) {
+        ret = XML_ERR_UNSUPPORTED_ENCODING;
+        goto error;
+    }
+#endif
+
    inputCtxt = xmlMalloc(sizeof(xmlIconvCtxt));
    if (inputCtxt == NULL) {
        ret = XML_ERR_NO_MEMORY;