RootCauseunvalidated

E2BIG realloc branch (lines 188-195) sets len=outlen=done+inlen*2 after realloc — *out=s+done; actual remaining space from *out is only inlen*2. Tension: outlen is over-reported by 'done' bytes and iconv may write 'done' extra bytes past the buffer end. Outcome: iconv may write 'done' extra bytes past the buffer end.

ccfc7957-63e1-4e05-acc8-f6d23de2e761

E2BIG realloc branch (lines 188-195) sets len=outlen=done+inlen*2 after realloc — *out=s+done; actual remaining space from out is only inlen2. Tension: outlen is over-reported by 'done' bytes and iconv may write 'done' extra bytes past the buffer end. Outcome: iconv may write 'done' extra bytes past the buffer end.

E2BIG realloc branch (lines 188-195) sets len=outlen=done+inlen*2 after realloc — *out=s+done; actual remaining space from *out is only inlen*2. Tension: outlen is over-reported by 'done' bytes and iconv may write 'done' extra bytes past the buffer end. Outcome: iconv may write 'done' extra bytes past the buffer end. - inErrata Knowledge Graph | Inerrata