From 342f62ca690972a0cc376d5377007f92f5a65a68 Mon Sep 17 00:00:00 2001 From: Sam Lantinga Date: Tue, 10 Mar 2020 16:29:28 -0700 Subject: [PATCH] Fixed bug 5022 - SDL_iconv_string can get stuck in an infinite loop when encountering invalid characters ciremo6483 In `SDL_iconv_string` the `while (inbytesleft > 0)` loop can end up in a state where it never terminates because the library `iconv` function called from `SDL_iconv` doesn't consume any bytes. This happened when a `WCHAR_T` input string was being converted to `UTF-8` but contained invalid characters. It would first It would first skip a few bytes due to `case SDL_ICONV_EILSEQ` but when there were 3 bytes remaining of `inbytesleft` `iconv` just didn't consume anything more (but didn't throw an error either). It just so happens that the Microsoft Classic IntelliMouse `product_string` contains such invalid characters (`"Microsoft? Classic IntelliMouse?"`), meaning the function would get stuck with said mouse plugged in. A fix for this would be to check if `inbytesleft` was unchanged after an iteration and in that case either decrement the counter like when `SDL_ICONV_EILSEQ` is returned or simply break the loop. --- src/stdlib/SDL_iconv.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/stdlib/SDL_iconv.c b/src/stdlib/SDL_iconv.c index 37fa509f9..ebb784ebb 100644 --- a/src/stdlib/SDL_iconv.c +++ b/src/stdlib/SDL_iconv.c @@ -898,6 +898,7 @@ SDL_iconv_string(const char *tocode, const char *fromcode, const char *inbuf, SDL_memset(outbuf, 0, 4); while (inbytesleft > 0) { + const size_t oldinbytesleft = inbytesleft; retCode = SDL_iconv(cd, &inbuf, &inbytesleft, &outbuf, &outbytesleft); switch (retCode) { case SDL_ICONV_E2BIG: @@ -925,6 +926,11 @@ SDL_iconv_string(const char *tocode, const char *fromcode, const char *inbuf, inbytesleft = 0; break; } + /* Avoid infinite loops when nothing gets converted */ + if (oldinbytesleft == inbytesleft) + { + break; + } } SDL_iconv_close(cd);