On Wed, 14 Jan 2026 23:31:06 +0100 Corinna Vinschen wrote: > From: Corinna Vinschen <[email protected]> > > c32rtomb neglects to check the input character for being outside > the valid UNICODE planes. It happily converts the invalid character > into a valid (but wrong) surrogate pair and carries on. > > Add a check so characters beyond 0x10ffff are not converted anymore. > Return -1 with errno set to EILSEQ instead. > > Fixes: 4f258c55e87f ("Cygwin: Add ISO C11 functions c16rtomb, c32rtomb, > mbrtoc16, mbrtoc32.") > Signed-off-by: Corinna Vinschen <[email protected]> > --- > winsup/cygwin/release/3.6.7 | 5 +++++ > winsup/cygwin/strfuncs.cc | 7 +++++++ > 2 files changed, 12 insertions(+) > create mode 100644 winsup/cygwin/release/3.6.7 > > diff --git a/winsup/cygwin/release/3.6.7 b/winsup/cygwin/release/3.6.7 > new file mode 100644 > index 000000000000..defe55ffe75e > --- /dev/null > +++ b/winsup/cygwin/release/3.6.7 > @@ -0,0 +1,5 @@ > +Fixes: > +------ > + > +- Guard c32rtomb against invalid input characters. > + Addresses a testsuite error in current gawk git master. > diff --git a/winsup/cygwin/strfuncs.cc b/winsup/cygwin/strfuncs.cc > index eb6576051d90..0cf41cefc8a2 100644 > --- a/winsup/cygwin/strfuncs.cc > +++ b/winsup/cygwin/strfuncs.cc > @@ -146,6 +146,13 @@ c32rtomb (char *s, char32_t wc, mbstate_t *ps) > if (wc <= 0xffff || !s) > return wcrtomb (s, (wchar_t) wc, ps); > > + /* Check for character outside valid UNICODE planes */ > + if (wc > 0x10ffff) > + { > + _REENT_ERRNO(_REENT) = EILSEQ; > + return (size_t)(-1); > + } > + > wchar_t wc_arr[2]; > const wchar_t *wcp = wc_arr; > > -- > 2.52.0
LGTM. What does this change address for? -- Takashi Yano <[email protected]>
