pull up r22348 from trunk

 ------------------------------------------------------------------------
 r22348 | tlyu | 2009-05-13 22:41:37 +0200 (Wed, 13 May 2009) | 13 lines

 ticket: 6486
 tags: pullup
 target_version: 1.7

 In util/support/utf8_conv.c, the SWAP16 macro is invoked with an
 argument that has side effects.  On platforms where SWAP16 can
 evaluate its argument twice (including platforms where utf8_conv.c
 creates a fallback definition for the SWAP16 macro), this can cause a
 read overrun by a factor of two.

 Rearrange the data flow to avoid calling SWAP16 with an argument that
 has side effects.

ticket: 6486
version_fixed: 1.7

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22371 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/util/support/utf8_conv.c b/src/util/support/utf8_conv.c
index 15e4521ccfcff5f5229999ecffc446127e79b585..c74d0366a9601b8797c44ab8f203b765732b75f5 100644 (file)
--- a/src/util/support/utf8_conv.c
+++ b/src/util/support/utf8_conv.c
@@ -267,12 +267,11 @@ k5_ucs2s_to_utf8s(char *utf8str, const krb5_ucs2 *ucs2str,
     {
        while (ucs2len == -1 ? *ucs2str : --ucs2len >= 0) {
            /* Get UTF-8 size of next wide char */
+         ch = *ucs2str++;
 #ifdef K5_BE
            if (little_endian)
-               ch = SWAP16(*ucs2str++);
-           else
+               ch = SWAP16(ch);
 #endif
-               ch = *ucs2str++;
 
            n = krb5int_ucs2_to_utf8(ch, NULL);
            if (n < 1)
@@ -289,12 +288,11 @@ k5_ucs2s_to_utf8s(char *utf8str, const krb5_ucs2 *ucs2str,
 
     n = 1;                                     /* In case of empty ucs2str */
     while (ucs2len == -1 ? *ucs2str != 0 : --ucs2len >= 0) {
+      ch = *ucs2str++;
 #ifdef K5_BE
        if (little_endian)
-           ch = SWAP16(*ucs2str++);
-       else
+           ch = SWAP16(ch);
 #endif
-           ch = *ucs2str++;
 
        n = krb5int_ucs2_to_utf8(ch, p);