svn rev #22371: branches/krb5-1-7/src/util/support/

[tlyu@MIT.EDU]

http://src.mit.edu/fisheye/changelog/krb5/?cs=22371
Commit By: tlyu
Log Message:
ticket: 6486
version_fixed: 1.7

pull up r22348 from trunk

 ------------------------------------------------------------------------
 r22348 | tlyu | 2009-05-13 22:41:37 +0200 (Wed, 13 May 2009) | 13 lines

 ticket: 6486
 tags: pullup
 target_version: 1.7

 In util/support/utf8_conv.c, the SWAP16 macro is invoked with an
 argument that has side effects.  On platforms where SWAP16 can
 evaluate its argument twice (including platforms where utf8_conv.c
 creates a fallback definition for the SWAP16 macro), this can cause a
 read overrun by a factor of two.

 Rearrange the data flow to avoid calling SWAP16 with an argument that
 has side effects.


Changed Files:
U   branches/krb5-1-7/src/util/support/utf8_conv.c
Modified: branches/krb5-1-7/src/util/support/utf8_conv.c
===================================================================
--- branches/krb5-1-7/src/util/support/utf8_conv.c	2009-05-24 19:58:47 UTC (rev 22370)
+++ branches/krb5-1-7/src/util/support/utf8_conv.c	2009-05-24 22:50:17 UTC (rev 22371)
@@ -267,12 +267,11 @@
     {
 	while (ucs2len == -1 ? *ucs2str : --ucs2len >= 0) {
 	    /* Get UTF-8 size of next wide char */
+	  ch = *ucs2str++;
 #ifdef K5_BE
 	    if (little_endian)
-		ch = SWAP16(*ucs2str++);
-	    else
+		ch = SWAP16(ch);
 #endif
-		ch = *ucs2str++;
 
 	    n = krb5int_ucs2_to_utf8(ch, NULL);
 	    if (n < 1)
@@ -289,12 +288,11 @@
 
     n = 1;					/* In case of empty ucs2str */
     while (ucs2len == -1 ? *ucs2str != 0 : --ucs2len >= 0) {
+      ch = *ucs2str++;
 #ifdef K5_BE
 	if (little_endian)
-	    ch = SWAP16(*ucs2str++);
-	else
+	    ch = SWAP16(ch);
 #endif
-	    ch = *ucs2str++;
 
 	n = krb5int_ucs2_to_utf8(ch, p);