OxBat opened a new pull request, #589: URL: https://github.com/apache/logging-log4cxx/pull/589
### Summary I identified a potential Infinite Loop vulnerability in `MbstowcsCharsetDecoder::decode`. This class handles multibyte decoding when `LOG4CXX_LOGCHAR_IS_WCHAR` is enabled. **The Issue:** The decoding loop calls `mbsrtowcs`. If it encounters an incomplete multibyte sequence at the end of the buffer (e.g., a trailing UTF-8 start byte), standard behavior on some platforms (Windows MSVC, older libc, embedded uClibc) is to return 0 converted characters without consuming the input byte. Since `in.remaining()` does not decrease, the loop repeats infinitely (100% CPU). **Comparison:** The sibling class `LocaleCharsetDecoder` in the same file correctly handles this by checking for `(size_t)-2` (Incomplete). `MbstowcsCharsetDecoder` lacked this safety check. **The Fix:** I added a guard clause: if `mbsrtowcs` returns success (not `-1`) but `converted == 0` while data remains, the loop explicitly breaks to prevent the DoS. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
