From b70fd80c0fb3ce56e6722898eadee38a945e1cbb Mon Sep 17 00:00:00 2001 From: Aleksander Morgado Date: Thu, 18 May 2023 20:54:49 +0000 Subject: charsets: fix read of uninitialized memory in gsm unpacked conversion ==1==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x59c6c88a31ef in gsm_ext_char_to_utf8 src/mm-charsets.c:256:13 #1 0x59c6c88a31ef in charset_gsm_unpacked_to_utf8 src/mm-charsets.c:339:20 #2 0x59c6c88a31ef in mm_modem_charset_bytearray_to_utf8 src/mm-charsets.c:857:30 #3 0x59c6c889babd in sms_decode_address src/mm-sms-part-3gpp.c:143:16 #4 0x59c6c8899d3a in mm_sms_part_3gpp_new_from_binary_pdu src/mm-sms-part-3gpp.c:514:15 --- src/mm-charsets.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'src/mm-charsets.c') diff --git a/src/mm-charsets.c b/src/mm-charsets.c index 0cbad337..0df99471 100644 --- a/src/mm-charsets.c +++ b/src/mm-charsets.c @@ -310,7 +310,7 @@ charset_gsm_unpacked_to_utf8 (const guint8 *gsm, for (i = 0; i < len; i++) { guint8 uchars[4]; - guint8 ulen; + guint8 ulen = 0; /* * 0x00 is NULL (when followed only by 0x00 up to the @@ -336,9 +336,11 @@ charset_gsm_unpacked_to_utf8 (const guint8 *gsm, if (gsm[i] == GSM_ESCAPE_CHAR) { /* Extended alphabet, decode next char */ - ulen = gsm_ext_char_to_utf8 (gsm[i+1], uchars); - if (ulen) - i += 1; + if (i + 1 < len) { + ulen = gsm_ext_char_to_utf8 (gsm[i + 1], uchars); + if (ulen) + i += 1; + } } else { /* Default alphabet */ ulen = gsm_def_char_to_utf8 (gsm[i], uchars); -- cgit v1.2.3-70-g09d2