Steps to reproduce the problem

Call iconv with __src_bytes_left = NULL.

What happened.

Null pointer dereference (while (*src_bytes_left > 0) {) https://android.googlesource.com/platform/bionic/+/master/libc/bionic/iconv.cpp#131

What you think the correct behavior should be.

Check that src_bytes_left is not NULL. Or at least check beforehand that src_buf is not NULL - it's the special case of iconv.

Info

Android 10.

https://www.atozed.com/forums/thread-2269.html :

01-28 16:05:24.303  2648  2648 F DEBUG   : Cause: null pointer dereference
01-28 16:05:24.303  2648  2648 F DEBUG   :     r0  e9595fb4  r1  00000000  r2  00000000  r3  00000000
01-28 16:05:24.303  2648  2648 F DEBUG   :     r4  e9595f80  r5  ecc07048  r6  ed0fb200  r7  ed0fb200
01-28 16:05:24.303  2648  2648 F DEBUG   :     r8  c4e2efe8  r9  ed0f3160  r10 c4e093bc  r11 c38b871c
01-28 16:05:24.303  2648  2648 F DEBUG   :     ip  c38b86bc  sp  c38b8600  lr  c4d8b850  pc  efe3a950
01-28 16:05:24.309  2648  2648 F DEBUG   : 
01-28 16:05:24.309  2648  2648 F DEBUG   : backtrace:
01-28 16:05:24.309  2648  2648 F DEBUG   :       #00 pc 00066950  /apex/com.android.runtime/lib/bionic/libc.so (iconv+36) (BuildId: dcf0e174e93e33d22f35a631ba9c0de5)
01-28 16:05:24.309  2648  2648 F DEBUG   :       #01 pc 0010284c  /data/app/org.teamlooktools.teamlookmobile-s_uRfmpjft4VcskmjhvlvQ==/lib/arm/libcontrols.so (BuildId: d24f8df194618599d7a0a2d459ad6f929a806d9b)```

Issue 180598400

Links (4)

Issue metadata