Re: infinite loop bug in libidn (pr29

help-libidn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: infinite loop bug in libidn (pr29_4)

From:	Simon Josefsson
Subject:	Re: infinite loop bug in libidn (pr29_4)
Date:	Sun, 08 Jan 2012 23:31:52 +0100
User-agent:	Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.92 (gnu/linux)

Simon Josefsson <address@hidden> writes:

> Jon Nelson <address@hidden> writes:
>
>> On or around line 1260 of lib/pr29.c, in the pr29_4 function.
>>
>>   for (i = 0; i < len; i++)
>>     if ((row = first_column (in[i])) > 0)
>>       for (j = i + 1; j < len; j++)
>>     if (combinationclass (in[j]))
>>       for (k = j + 1; k < len; j++)
>>         if (in_last_column_row (in[k], row))
>>           return PR29_PROBLEM;
>>
>> The infinite loop occurs when the character is present in
>> combinationclass but the following character is *not* in
>> in_last_column_row.
>> I believe the "k" loop should be incrementing *k* not *j*.
>
> Thanks for the report, Jon.  Do you have any example input strings that
> trigger this?  I'm sure I can work it out, but if you have them it would
> speed things up.

I was able to reproduce the bug using the string U+1100 U+0300 U+4711.
I agree with your fix, although there may be more problems with that
code.  I'm working on it.

/Simon

[Prev in Thread]

Current Thread

[Next in Thread]

infinite loop bug in libidn (pr29_4), Jon Nelson, 2012/01/05
- Re: infinite loop bug in libidn (pr29_4), Simon Josefsson, 2012/01/07
  - Re: infinite loop bug in libidn (pr29_4), Simon Josefsson <=
    - Re: infinite loop bug in libidn (pr29_4), Simon Josefsson, 2012/01/10

Prev by Date: Re: infinite loop bug in libidn (pr29_4)
Next by Date: Re: [Platform-testers] libidn 1.24 take two
Previous by thread: Re: infinite loop bug in libidn (pr29_4)
Next by thread: Re: infinite loop bug in libidn (pr29_4)
Index(es):
- Date
- Thread