poparser: avoid invalid memory access

1. y-x is larger than the charset string by 8. we should write to [y-x-8] instead. it may lead to a memory corruption. 2. though, i've checked before: the maxiumum length of charset string should be 11. let's avoid meeting a unknown charset, or an invalid one.
author: xhe <xw897002528@gmail.com> 2018-12-09 13:27:24 +0800
committer: rofl0r <retnyg@gmx.net> 2019-01-16 02:38:18 +0000
commit: c4075b1f5d5a503f2063c130d3348dc94663ff1e (patch)
tree: 7278526aa0132ac3b93be2c020fce3f74d2e7d71 /src
parent: b4c057ed629ecfb4973769b45b9ab7a9af3224ca (diff)
download: gettext-tiny-c4075b1f5d5a503f2063c130d3348dc94663ff1e.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/src/poparser.c b/src/poparser.c
index 7ed00d7..75f2b0f 100644
--- a/src/poparser.c
+++ b/src/poparser.c
@@ -55,8 +55,12 @@ static inline enum po_error poparser_feed_hdr(struct po_parser *p, po_message_t
 
 		if ((x = strstr(msg->str[0], "charset="))) {
 			for (y = x; *y && !isspace(*y); y++);
+
+			if ((y-x-8) > sizeof(p->hdr.charset))
+				return -po_unsupported_charset;
+
 			memcpy(p->hdr.charset, x+8, y-x-8);
-			p->hdr.charset[y-x] = 0;
+			p->hdr.charset[y-x-8] = 0;
 
 			p->cd = iconv_open("UTF-8", p->hdr.charset);
 			if (p->cd == (iconv_t)-1) {
author	xhe <xw897002528@gmail.com>	2018-12-09 13:27:24 +0800
committer	rofl0r <retnyg@gmx.net>	2019-01-16 02:38:18 +0000
commit	c4075b1f5d5a503f2063c130d3348dc94663ff1e (patch)
tree	7278526aa0132ac3b93be2c020fce3f74d2e7d71 /src
parent	b4c057ed629ecfb4973769b45b9ab7a9af3224ca (diff)
download	gettext-tiny-c4075b1f5d5a503f2063c130d3348dc94663ff1e.tar.gz