* Alejandro Colomar:

Hi Jason, Florian,

On Sun, Jan 19, 2025 at 08:17:46AM -0500, Jason Yundt wrote:

quoted

quoted

It seems you're passing a non-terminated string, and thus it's producing
a non-terminated string.  Why don't you pass a null-terminated string?

That is, inbytesleft should include be the length + 1.

Here’re my concern: iconv(3) is going to see the final element of
utf32_pathname and interpret it as a U+0000 null character.  In some
character encodings, U+0000 null is encoded as a single null byte.  In
other character encodings, U+0000 null is encoded as something other
than a single null byte.  For example, in Modified UTF-8, U+0000 null is
encoded as the bytes C0 80.  Is there any guarantee that
nl_langinfo(CODESET) will return a character encoding where U+0000 is
represented as a single null byte?

Florian, do you know this?

Character sets used by glibc locales must be mostly ASCII-transparent.
This includes the mapping of the null byte.  It is possible to create
locales that do not follow these rules, but they tend to introduce
security vulnerabilities, particularly if shell metacharacters are
mapped differently.

Thanks,
Florian