+2005-03-08 Paul Eggert <eggert@cs.ucla.edu>
+
+ * iconvme.c (SIZE_MAX): New macro, if not already defined.
+ (iconv_string): Don't guess a size-zero buffer, as that might cause
+ buffer overrun. Instead, avoid multiplying by MB_LEN_MAX if the
+ result would be 'too large', where 'too large' is (heuristically)
+ the square root of SIZE_MAX, divided by MB_LEN_MAX to allay
+ overflow concerns. This will prevent some unwanted malloc failures
+ when the inputs are very large.
+
2005-03-15 Bruno Haible <bruno@clisp.org>
* regex.c (byte_re_match_2_internal): Rename local variable 'not' to
#if HAVE_ICONV
/* Get iconv etc. */
# include <iconv.h>
-/* Get MB_LEN_MAX. */
+/* Get MB_LEN_MAX, CHAR_BIT. */
# include <limits.h>
#endif
+#ifndef SIZE_MAX
+# define SIZE_MAX ((size_t) -1)
+#endif
+
/* Convert a zero-terminated string STR from the FROM_CODSET code set
to the TO_CODESET code set. The returned string is allocated using
malloc, and must be dellocated by the caller using free. On
char *p = (char *) str;
size_t inbytes_remaining = strlen (p);
/* Guess the maximum length the output string can have. */
- size_t outbuf_size = (inbytes_remaining + 1) * MB_LEN_MAX;
- size_t outbytes_remaining = outbuf_size - 1; /* -1 for NUL */
+ size_t outbuf_size = inbytes_remaining + 1;
+ size_t outbytes_remaining;
size_t err;
int have_error = 0;
+
+ /* Use a worst-case output size guess, so long as that wouldn't be
+ too large for comfort. It's OK if the guess is wrong so long as
+ it's nonzero. */
+ size_t approx_sqrt_SIZE_MAX = SIZE_MAX >> (sizeof (size_t) * CHAR_BIT / 2);
+ if (outbuf_size <= approx_sqrt_SIZE_MAX / MB_LEN_MAX)
+ outbuf_size *= MB_LEN_MAX;
+ outbytes_remaining = outbuf_size - 1;
#endif
if (strcmp (to_codeset, from_codeset) == 0)
projects / pspp / commitdiff