Fixed bug 5022 - SDL_iconv_string can get stuck in an infinite loop w…

…hen encountering invalid characters ciremo6483 In `SDL_iconv_string` the `while (inbytesleft > 0)` loop can end up in a state where it never terminates because the library `iconv` function called from `SDL_iconv` doesn't consume any bytes. This happened when a `WCHAR_T` input string was being converted to `UTF-8` but contained invalid characters. It would first It would first skip a few bytes due to `case SDL_ICONV_EILSEQ` but when there were 3 bytes remaining of `inbytesleft` `iconv` just didn't consume anything more (but didn't throw an error either). It just so happens that the Microsoft Classic IntelliMouse `product_string` contains such invalid characters (`"Microsoft? Classic IntelliMouse?"`), meaning the function would get stuck with said mouse plugged in. A fix for this would be to check if `inbytesleft` was unchanged after an iteration and in that case either decrement the counter like when `SDL_ICONV_EILSEQ` is returned or simply break the loop.
libsdl-org · Mar 10, 2020 · 342f62c · 342f62c
1 parent 1f4965c
commit 342f62c
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/stdlib/SDL_iconv.c b/src/stdlib/SDL_iconv.c
@@ -898,6 +898,7 @@ SDL_iconv_string(const char *tocode, const char *fromcode, const char *inbuf,
     SDL_memset(outbuf, 0, 4);
 
     while (inbytesleft > 0) {
+        const size_t oldinbytesleft = inbytesleft;
         retCode = SDL_iconv(cd, &inbuf, &inbytesleft, &outbuf, &outbytesleft);
         switch (retCode) {
         case SDL_ICONV_E2BIG:
@@ -925,6 +926,11 @@ SDL_iconv_string(const char *tocode, const char *fromcode, const char *inbuf,
             inbytesleft = 0;
             break;
         }
+        /* Avoid infinite loops when nothing gets converted */
+        if (oldinbytesleft == inbytesleft)
+        {
+            break;
+        }
     }
     SDL_iconv_close(cd);