Fixed bug 5022 - SDL_iconv_string can get stuck in an infinite loop when encountering invalid characters
authorSam Lantinga <slouken@libsdl.org>
Tue, 10 Mar 2020 16:29:28 -0700
changeset 136013d3649fe086e
parent 13600 e42055c6d8b5
child 13602 e6a2558ec791
Fixed bug 5022 - SDL_iconv_string can get stuck in an infinite loop when encountering invalid characters

ciremo6483

In `SDL_iconv_string` the `while (inbytesleft > 0)` loop can end up in a state where it never terminates because the library `iconv` function called from `SDL_iconv` doesn't consume any bytes.

This happened when a `WCHAR_T` input string was being converted to `UTF-8` but contained invalid characters. It would first It would first skip a few bytes due to `case SDL_ICONV_EILSEQ` but when there were 3 bytes remaining of `inbytesleft` `iconv` just didn't consume anything more (but didn't throw an error either).

It just so happens that the Microsoft Classic IntelliMouse `product_string` contains such invalid characters (`"MicrosoftÆ Classic IntelliMouseÆ"`), meaning the function would get stuck with said mouse plugged in.

A fix for this would be to check if `inbytesleft` was unchanged after an iteration and in that case either decrement the counter like when `SDL_ICONV_EILSEQ` is returned or simply break the loop.
src/stdlib/SDL_iconv.c
     1.1 --- a/src/stdlib/SDL_iconv.c	Sun Mar 08 21:24:06 2020 -0700
     1.2 +++ b/src/stdlib/SDL_iconv.c	Tue Mar 10 16:29:28 2020 -0700
     1.3 @@ -898,6 +898,7 @@
     1.4      SDL_memset(outbuf, 0, 4);
     1.5  
     1.6      while (inbytesleft > 0) {
     1.7 +        const size_t oldinbytesleft = inbytesleft;
     1.8          retCode = SDL_iconv(cd, &inbuf, &inbytesleft, &outbuf, &outbytesleft);
     1.9          switch (retCode) {
    1.10          case SDL_ICONV_E2BIG:
    1.11 @@ -925,6 +926,11 @@
    1.12              inbytesleft = 0;
    1.13              break;
    1.14          }
    1.15 +        /* Avoid infinite loops when nothing gets converted */
    1.16 +        if (oldinbytesleft == inbytesleft)
    1.17 +        {
    1.18 +            break;
    1.19 +        }
    1.20      }
    1.21      SDL_iconv_close(cd);
    1.22