From: ahorek <noreply@...>
Date: 2022-03-21T00:51:53+00:00
Subject: [ruby-core:107994] [Ruby master Bug#18651] oob access in CP51932 -> CP50220 transcoder

Issue #18651 has been reported by ahorek (Pavel Rosick��).

----------------------------------------
Bug #18651: oob access in CP51932 -> CP50220 transcoder
https://bugs.ruby-lang.org/issues/18651

* Author: ahorek (Pavel Rosick��)
* Status: Open
* Priority: Normal
* Backport: 2.6: UNKNOWN, 2.7: UNKNOWN, 3.0: UNKNOWN, 3.1: UNKNOWN
----------------------------------------
Hello,
while working on a port of Japanese transcoder, I found a potential out of bounds access:
https://github.com/ruby/ruby/blob/73541cdc2f192f856ab19781472cdccbf9c21f71/enc/trans/iso2022.trans#L465

```tbl0208``` has 126 chars
in this example ```const char *p = tbl0208 + 186``` leads to undefined behavior (without any error)


test case
```
str = "\x00\x7F\x8E\xA1\x8E\xFE\xA1\xA1\xA1\xFE".force_encoding("CP51932")
str.encode("CP50220").bytes
[0, 127, 27, 36, 66, 33, 35, 80, 0, 33, 33, 33, 126, 27, 40, 66]
```

nkf does convert the string differently
```
nkf --ic=CP51932 --oc=CP50220 test.txt > out.txt
[0, 127, 27, 40, 73, 33, 126, 27, 36, 66, 33, 33, 33, 126, 27, 40, 66]
```

is it a bug?



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>