Package: libofx4 Version: 1:0.9.0-2.2 Severity: important Tags: patch
The library libofx uses libiconv to convert OFX files from their input encoding to UTF-8. However, the same buffer size is used for the input and output of the conversion function iconv. Thus, the call to iconv fails when the input buffer is full and contains non-ASCII characters (which are encoding with several bytes in UTF-8). The following patch fixes this issue by using a larger ouput buffer. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.25-2-amd64 (SMP w/2 CPU cores) Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) (ignored: LC_ALL set to [EMAIL PROTECTED]) Shell: /bin/sh linked to /bin/bash Versions of packages libofx4 depends on: ii libc6 2.7-11 GNU C Library: Shared libraries ii libgcc1 1:4.3.1-2 GCC support library ii libosp5 1.5.2-6 Runtime library for OpenJade group ii libstdc++6 4.3.1-2 The GNU Standard C++ Library v3 libofx4 recommends no packages. Versions of packages libofx4 suggests: ii ofx 1:0.9.0-2.2 Open Financial Exchange programs -- no debconf information
--- /home/jerome/Desktop/libofx-0.9.0/lib/ofx_preproc.cpp 2007-11-12 07:07:48.000000000 +0100 +++ lib/ofx_preproc.cpp 2008-08-03 16:04:30.785316106 +0200 @@ -76,7 +76,7 @@ ifstream input_file; ofstream tmp_file; char buffer[READ_BUFFER_SIZE]; - char iconv_buffer[READ_BUFFER_SIZE]; + char iconv_buffer[READ_BUFFER_SIZE * 2]; string s_buffer; char *filenames[3]; char tmp_filename[256]; @@ -182,9 +182,9 @@ s_buffer=sanitize_proprietary_tags(s_buffer); //cout<< s_buffer<<"\n"; #ifdef HAVE_ICONV - memset(iconv_buffer,0,READ_BUFFER_SIZE); + memset(iconv_buffer,0,READ_BUFFER_SIZE * 2); size_t inbytesleft = strlen(s_buffer.c_str()); - size_t outbytesleft = READ_BUFFER_SIZE; + size_t outbytesleft = READ_BUFFER_SIZE * 2 - 1; #ifdef OS_WIN32 const char * inchar = (const char *)s_buffer.c_str(); #else