From 41488498b6d9440ee66ab033808cce8323bba7ac Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Wed, 3 Sep 2014 19:45:43 +0200
Subject: CVE-2014-6040: Crashes on invalid input in IBM gconv modules [BZ
 #17325]

These changes are based on the fix for BZ #14134 in commit
6e230d11837f3ae7b375ea69d7905f0d18eb79e5.
---
 iconvdata/ibm937.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'iconvdata/ibm937.c')

diff --git a/iconvdata/ibm937.c b/iconvdata/ibm937.c
index 239be613e9..69b154d1ae 100644
--- a/iconvdata/ibm937.c
+++ b/iconvdata/ibm937.c
@@ -162,7 +162,7 @@ enum
 	while (ch > rp2->end)						      \
 	  ++rp2;							      \
 									      \
-	if (__builtin_expect (rp2 == NULL, 0)				      \
+	if (__builtin_expect (rp2->start == 0xffff, 0)			      \
 	    || __builtin_expect (ch < rp2->start, 0)			      \
 	    || (res = __ibm937db_to_ucs4[ch + rp2->idx],		      \
 		__builtin_expect (res, L'\1') == L'\0' && ch != '\0'))	      \
-- 
cgit v1.2.1