https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=7c9c9bcfcf59f43fd9776c6a809ba67eef76bcb4
commit 7c9c9bcfcf59f43fd9776c6a809ba67eef76bcb4 Author: Corinna Vinschen <[email protected]> AuthorDate: Wed Jan 14 20:31:18 2026 +0100 Commit: Corinna Vinschen <[email protected]> CommitDate: Thu Jan 15 16:45:01 2026 +0100 Cygwin: c32rtomb: add missing check for invalid UNICODE character c32rtomb neglects to check the input character for being outside the valid UNICODE planes. It happily converts the invalid character into a valid (but wrong) surrogate pair and carries on. Add a check so characters beyond 0x10ffff are not converted anymore. Return -1 with errno set to EILSEQ instead. Fixes: 4f258c55e87f ("Cygwin: Add ISO C11 functions c16rtomb, c32rtomb, mbrtoc16, mbrtoc32.") Signed-off-by: Corinna Vinschen <[email protected]> Diff: --- winsup/cygwin/release/3.6.7 | 5 +++++ winsup/cygwin/strfuncs.cc | 7 +++++++ 2 files changed, 12 insertions(+) diff --git a/winsup/cygwin/release/3.6.7 b/winsup/cygwin/release/3.6.7 new file mode 100644 index 000000000000..defe55ffe75e --- /dev/null +++ b/winsup/cygwin/release/3.6.7 @@ -0,0 +1,5 @@ +Fixes: +------ + +- Guard c32rtomb against invalid input characters. + Addresses a testsuite error in current gawk git master. diff --git a/winsup/cygwin/strfuncs.cc b/winsup/cygwin/strfuncs.cc index eb6576051d90..0cf41cefc8a2 100644 --- a/winsup/cygwin/strfuncs.cc +++ b/winsup/cygwin/strfuncs.cc @@ -146,6 +146,13 @@ c32rtomb (char *s, char32_t wc, mbstate_t *ps) if (wc <= 0xffff || !s) return wcrtomb (s, (wchar_t) wc, ps); + /* Check for character outside valid UNICODE planes */ + if (wc > 0x10ffff) + { + _REENT_ERRNO(_REENT) = EILSEQ; + return (size_t)(-1); + } + wchar_t wc_arr[2]; const wchar_t *wcp = wc_arr;
