Fix invalid memory access when parsing netgroup files with blank lines (BZ #16506)
[glibc.git] / wcsmbs / mbrtoc16.c
blob9fa31bc568b60d96dd46bb5d77c0e13d5e1d7c1c
1 /* Copyright (C) 2011-2014 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Ulrich Drepper <drepper@gmail.com>, 2011.
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <http://www.gnu.org/licenses/>. */
19 #include <assert.h>
20 #include <dlfcn.h>
21 #include <errno.h>
22 #include <gconv.h>
23 #include <uchar.h>
24 #include <wcsmbsload.h>
26 #include <sysdep.h>
28 #ifndef EILSEQ
29 # define EILSEQ EINVAL
30 #endif
33 /* This is the private state used if PS is NULL. */
34 static mbstate_t state;
36 size_t
37 mbrtoc16 (char16_t *pc16, const char *s, size_t n, mbstate_t *ps)
39 if (ps == NULL)
40 ps = &state;
42 /* The standard text does not say that S being NULL means the state
43 is reset even if the second half of a surrogate still have to be
44 returned. In fact, the error code description indicates
45 otherwise. Therefore always first try to return a second
46 half. */
47 if (ps->__count & 0x80000000)
49 /* We have to return the second word for a surrogate. */
50 ps->__count &= 0x7fffffff;
51 *pc16 = ps->__value.__wch;
52 ps->__value.__wch = L'\0';
53 return (size_t) -3;
56 wchar_t wc;
57 struct __gconv_step_data data;
58 int status;
59 size_t result;
60 size_t dummy;
61 const unsigned char *inbuf, *endbuf;
62 unsigned char *outbuf = (unsigned char *) &wc;
63 const struct gconv_fcts *fcts;
65 /* Set information for this step. */
66 data.__invocation_counter = 0;
67 data.__internal_use = 1;
68 data.__flags = __GCONV_IS_LAST;
69 data.__statep = ps;
70 data.__trans = NULL;
72 /* A first special case is if S is NULL. This means put PS in the
73 initial state. */
74 if (s == NULL)
76 pc16 = NULL;
77 s = "";
78 n = 1;
81 /* Tell where we want the result. */
82 data.__outbuf = outbuf;
83 data.__outbufend = outbuf + sizeof (wchar_t);
85 /* Get the conversion functions. */
86 fcts = get_gconv_fcts (_NL_CURRENT_DATA (LC_CTYPE));
88 /* Do a normal conversion. */
89 inbuf = (const unsigned char *) s;
90 endbuf = inbuf + n;
91 if (__builtin_expect (endbuf < inbuf, 0))
93 endbuf = (const unsigned char *) ~(uintptr_t) 0;
94 if (endbuf == inbuf)
95 goto ilseq;
97 __gconv_fct fct = fcts->towc->__fct;
98 #ifdef PTR_DEMANGLE
99 if (fcts->towc->__shlib_handle != NULL)
100 PTR_DEMANGLE (fct);
101 #endif
103 status = DL_CALL_FCT (fct, (fcts->towc, &data, &inbuf, endbuf,
104 NULL, &dummy, 0, 1));
106 /* There must not be any problems with the conversion but illegal input
107 characters. The output buffer must be large enough, otherwise the
108 definition of MB_CUR_MAX is not correct. All the other possible
109 errors also must not happen. */
110 assert (status == __GCONV_OK || status == __GCONV_EMPTY_INPUT
111 || status == __GCONV_ILLEGAL_INPUT
112 || status == __GCONV_INCOMPLETE_INPUT
113 || status == __GCONV_FULL_OUTPUT);
115 if (status == __GCONV_OK || status == __GCONV_EMPTY_INPUT
116 || status == __GCONV_FULL_OUTPUT)
118 result = inbuf - (const unsigned char *) s;
120 if (wc < 0x10000)
122 if (pc16 != NULL)
123 *pc16 = wc;
125 if (data.__outbuf != outbuf && wc == L'\0')
127 /* The converted character is the NUL character. */
128 assert (__mbsinit (data.__statep));
129 result = 0;
132 else
134 /* This is a surrogate. */
135 if (pc16 != NULL)
136 *pc16 = 0xd7c0 + (wc >> 10);
138 ps->__count |= 0x80000000;
139 ps->__value.__wch = 0xdc00 + (wc & 0x3ff);
142 else if (status == __GCONV_INCOMPLETE_INPUT)
143 result = (size_t) -2;
144 else
146 ilseq:
147 result = (size_t) -1;
148 __set_errno (EILSEQ);
151 return result;