Fix buffer overrun (oss-fuzz/28832+28807)

len_out was wrapping to a large number when bad input was encountered. Ensure it's non-zero before proceeding with iconv.
2025-04-05 20:31:00 +08:00 · 2021-01-15 07:44:50 -05:00 · 2021-01-15 07:44:50 -05:00 · 89e2361582
commit 89e2361582
parent 0e3a627ee6
1 changed files with 1 additions and 1 deletions
--- a/src/libmdb/iconv.c
+++ b/src/libmdb/iconv.c
@ -53,7 +53,7 @@ static size_t decompressed_to_utf8_with_iconv(MdbHandle *mdb, const char *in_ptr
 	char *out_ptr = dest;
 	size_t len_out = dlen - 1;

-	while (1) {
+	while (len_out) {
 		iconv(mdb->iconv_in, (ICONV_CONST char **)&in_ptr, &len_in, &out_ptr, &len_out);
 		/* 
 		 * Have seen database with odd number of bytes in UCS-2, shouldn't happen but protect against it