olga / rpms / glibc

Forked from rpms/glibc 5 years ago
Clone

Blame SOURCES/glibc-rh1380680-17.patch

8ae002
From dd5820453c8c8c6521e45e1cb229f70a5ab5f6b0 Mon Sep 17 00:00:00 2001
8ae002
From: Stefan Liebler <stli@linux.vnet.ibm.com>
8ae002
Date: Mon, 7 Nov 2016 17:45:56 +0100
8ae002
Subject: [PATCH 17/17] Fix UTF-16 surrogate handling. [BZ #19727]
8ae002
8ae002
Upstream commit 7ab1de21067d72460ac14089bf6541b10fc14c80
8ae002
8ae002
According to the latest Unicode standard, a conversion from/to UTF-xx has
8ae002
to report an error if the character value is in range of an utf16 surrogate
8ae002
(0xd800..0xdfff). See https://sourceware.org/ml/libc-help/2015-12/msg00015.html.
8ae002
Thus this patch fixes this behaviour for converting from utf32 to internal and
8ae002
from internal to utf8.
8ae002
8ae002
Furthermore the conversion from utf16 to internal does not report an error if the
8ae002
input-stream consists of two low-surrogate values. If an uint16_t value is in the
8ae002
range of 0xd800 .. 0xdfff, the next uint16_t value is checked, if it is in the
8ae002
range of a low surrogate (0xdc00 .. 0xdfff). Afterwards these two uint16_t
8ae002
values are interpreted as a high- and low-surrogates pair. But there is no test
8ae002
if the first uint16_t value is really in the range of a high-surrogate
8ae002
(0xd800 .. 0xdbff). If there would be two uint16_t values in the range of a low
8ae002
surrogate, then they will be treated as a valid high- and low-surrogates pair.
8ae002
This patch adds this test.
8ae002
8ae002
This patch also adds a new testcase, which checks UTF conversions with input
8ae002
values in range of UTF16 surrogates. The test converts from UTF-xx to INTERNAL,
8ae002
INTERNAL to UTF-xx and directly between UTF-xx to UTF-yy. The latter conversion
8ae002
is needed because s390 has iconv-modules, which converts from/to UTF in one step.
8ae002
The new testcase was tested on a s390, power and intel machine.
8ae002
8ae002
ChangeLog:
8ae002
8ae002
	[BZ #19727]
8ae002
	* iconvdata/utf-16.c (BODY): Report an error if first word is not a
8ae002
	valid high surrogate.
8ae002
	* iconvdata/utf-32.c (BODY): Report an error if the value is in range
8ae002
	of an utf16 surrogate.
8ae002
	* iconv/gconv_simple.c (BODY): Likewise.
8ae002
	* iconvdata/bug-iconv12.c: New file.
8ae002
	* iconvdata/Makefile (tests): Add bug-iconv12.
8ae002
---
8ae002
 iconv/gconv_simple.c    |   3 +-
8ae002
 iconvdata/Makefile      |   4 +-
8ae002
 iconvdata/bug-iconv12.c | 263 ++++++++++++++++++++++++++++++++++++++++++++++++
8ae002
 iconvdata/utf-16.c      |  12 +++
8ae002
 iconvdata/utf-32.c      |   3 +-
8ae002
 5 files changed, 282 insertions(+), 3 deletions(-)
8ae002
 create mode 100644 iconvdata/bug-iconv12.c
8ae002
8ae002
diff --git a/iconv/gconv_simple.c b/iconv/gconv_simple.c
8ae002
index b9f846d..48932ee 100644
8ae002
--- a/iconv/gconv_simple.c
8ae002
+++ b/iconv/gconv_simple.c
8ae002
@@ -888,7 +888,8 @@ ucs4le_internal_loop_single (struct __gconv_step *step,
8ae002
     if (__builtin_expect (wc < 0x80, 1))				      \
8ae002
       /* It's an one byte sequence.  */					      \
8ae002
       *outptr++ = (unsigned char) wc;					      \
8ae002
-    else if (__builtin_expect (wc <= 0x7fffffff, 1))			      \
8ae002
+    else if (__builtin_expect (wc <= 0x7fffffff				      \
8ae002
+			       && (wc < 0xd800 || wc > 0xdfff), 1))	      \
8ae002
       {									      \
8ae002
 	size_t step;							      \
8ae002
 	unsigned char *start;						      \
8ae002
diff --git a/iconvdata/Makefile b/iconvdata/Makefile
8ae002
index e2624de..0ec6755 100644
8ae002
--- a/iconvdata/Makefile
8ae002
+++ b/iconvdata/Makefile
8ae002
@@ -68,7 +68,7 @@ include ../Makeconfig
8ae002
 ifeq (yes,$(build-shared))
8ae002
 tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \
8ae002
 	tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \
8ae002
-	bug-iconv10
8ae002
+	bug-iconv10 bug-iconv12
8ae002
 ifeq ($(have-thread-library),yes)
8ae002
 tests += bug-iconv3
8ae002
 endif
8ae002
@@ -294,6 +294,8 @@ $(objpfx)bug-iconv5.out: $(objpfx)gconv-modules \
8ae002
 			 $(addprefix $(objpfx),$(modules.so))
8ae002
 $(objpfx)bug-iconv10.out: $(objpfx)gconv-modules \
8ae002
 			  $(addprefix $(objpfx),$(modules.so))
8ae002
+$(objpfx)bug-iconv12.out: $(objpfx)gconv-modules \
8ae002
+			  $(addprefix $(objpfx),$(modules.so))
8ae002
 $(objpfx)tst-loading.out: $(objpfx)gconv-modules \
8ae002
 			  $(addprefix $(objpfx),$(modules.so))
8ae002
 $(objpfx)tst-iconv4.out: $(objpfx)gconv-modules \
8ae002
diff --git a/iconvdata/bug-iconv12.c b/iconvdata/bug-iconv12.c
8ae002
new file mode 100644
8ae002
index 0000000..49f5208
8ae002
--- /dev/null
8ae002
+++ b/iconvdata/bug-iconv12.c
8ae002
@@ -0,0 +1,263 @@
8ae002
+/* bug 19727: Testing UTF conversions with UTF16 surrogates as input.
8ae002
+   Copyright (C) 2016 Free Software Foundation, Inc.
8ae002
+   This file is part of the GNU C Library.
8ae002
+
8ae002
+   The GNU C Library is free software; you can redistribute it and/or
8ae002
+   modify it under the terms of the GNU Lesser General Public
8ae002
+   License as published by the Free Software Foundation; either
8ae002
+   version 2.1 of the License, or (at your option) any later version.
8ae002
+
8ae002
+   The GNU C Library is distributed in the hope that it will be useful,
8ae002
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
8ae002
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
8ae002
+   Lesser General Public License for more details.
8ae002
+
8ae002
+   You should have received a copy of the GNU Lesser General Public
8ae002
+   License along with the GNU C Library; if not, see
8ae002
+   <http://www.gnu.org/licenses/>.  */
8ae002
+
8ae002
+#include <stdio.h>
8ae002
+#include <stdlib.h>
8ae002
+#include <errno.h>
8ae002
+#include <string.h>
8ae002
+#include <inttypes.h>
8ae002
+#include <iconv.h>
8ae002
+#include <byteswap.h>
8ae002
+
8ae002
+static int
8ae002
+run_conversion (const char *from, const char *to, char *inbuf, size_t inbuflen,
8ae002
+		int exp_errno, int line)
8ae002
+{
8ae002
+  char outbuf[16];
8ae002
+  iconv_t cd;
8ae002
+  char *inptr;
8ae002
+  size_t inlen;
8ae002
+  char *outptr;
8ae002
+  size_t outlen;
8ae002
+  size_t n;
8ae002
+  int e;
8ae002
+  int fails = 0;
8ae002
+
8ae002
+  cd = iconv_open (to, from);
8ae002
+  if (cd == (iconv_t) -1)
8ae002
+    {
8ae002
+      printf ("line %d: cannot convert from %s to %s: %m\n", line, from, to);
8ae002
+      return 1;
8ae002
+    }
8ae002
+
8ae002
+  inptr = (char *) inbuf;
8ae002
+  inlen = inbuflen;
8ae002
+  outptr = outbuf;
8ae002
+  outlen = sizeof (outbuf);
8ae002
+
8ae002
+  errno = 0;
8ae002
+  n = iconv (cd, &inptr, &inlen, &outptr, &outlen);
8ae002
+  e = errno;
8ae002
+
8ae002
+  if (exp_errno == 0)
8ae002
+    {
8ae002
+      if (n == (size_t) -1)
8ae002
+	{
8ae002
+	  puts ("n should be >= 0, but n == -1");
8ae002
+	  fails ++;
8ae002
+	}
8ae002
+
8ae002
+      if (e != 0)
8ae002
+	{
8ae002
+	  printf ("errno should be 0: 'Success', but errno == %d: '%s'\n"
8ae002
+		  , e, strerror(e));
8ae002
+	  fails ++;
8ae002
+	}
8ae002
+    }
8ae002
+  else
8ae002
+    {
8ae002
+      if (n != (size_t) -1)
8ae002
+	{
8ae002
+	  printf ("n should be -1, but n == %zd\n", n);
8ae002
+	  fails ++;
8ae002
+	}
8ae002
+
8ae002
+      if (e != exp_errno)
8ae002
+	{
8ae002
+	  printf ("errno should be %d: '%s', but errno == %d: '%s'\n"
8ae002
+		  , exp_errno, strerror (exp_errno), e, strerror (e));
8ae002
+	  fails ++;
8ae002
+	}
8ae002
+    }
8ae002
+
8ae002
+  iconv_close (cd);
8ae002
+
8ae002
+  if (fails > 0)
8ae002
+    {
8ae002
+      printf ("Errors in line %d while converting %s to %s.\n\n"
8ae002
+	      , line, from, to);
8ae002
+    }
8ae002
+
8ae002
+  return fails;
8ae002
+}
8ae002
+
8ae002
+static int
8ae002
+do_test (void)
8ae002
+{
8ae002
+  int fails = 0;
8ae002
+  char buf[4];
8ae002
+
8ae002
+  /* This test runs iconv() with UTF character in range of an UTF16 surrogate.
8ae002
+     UTF-16 high surrogate is in range 0xD800..0xDBFF and
8ae002
+     UTF-16 low surrogate is in range 0xDC00..0xDFFF.
8ae002
+     Converting from or to UTF-xx has to report errors in those cases.
8ae002
+     In UTF-16, surrogate pairs with a high surrogate in front of a low
8ae002
+     surrogate is valid.  */
8ae002
+
8ae002
+  /* Use RUN_UCS4_UTF32_INPUT to test conversion ...
8ae002
+
8ae002
+     ... from INTERNAL to UTF-xx[LE|BE]:
8ae002
+     Converting from UCS4 to UTF-xx[LE|BE] first converts UCS4 to INTERNAL
8ae002
+     without checking for UTF-16 surrogate values
8ae002
+     and then converts from INTERNAL to UTF-xx[LE|BE].
8ae002
+     The latter conversion has to report an error in those cases.
8ae002
+
8ae002
+     ... from UTF-32[LE|BE] to INTERNAL:
8ae002
+     Converting directly from UTF-32LE to UTF-8|16 is needed,
8ae002
+     because e.g. s390x has iconv-modules which converts directly.  */
8ae002
+#define RUN_UCS4_UTF32_INPUT(b0, b1, b2, b3, err, line)			\
8ae002
+  buf[0] = b0;								\
8ae002
+  buf[1] = b1;								\
8ae002
+  buf[2] = b2;								\
8ae002
+  buf[3] = b3;								\
8ae002
+  fails += run_conversion ("UCS4", "UTF-8", buf, 4, err, line);		\
8ae002
+  fails += run_conversion ("UCS4", "UTF-16LE", buf, 4, err, line);	\
8ae002
+  fails += run_conversion ("UCS4", "UTF-16BE", buf, 4, err, line);	\
8ae002
+  fails += run_conversion ("UCS4", "UTF-32LE", buf, 4, err, line);	\
8ae002
+  fails += run_conversion ("UCS4", "UTF-32BE", buf, 4, err, line);	\
8ae002
+  fails += run_conversion ("UTF-32BE", "WCHAR_T", buf, 4, err, line);	\
8ae002
+  fails += run_conversion ("UTF-32BE", "UTF-8", buf, 4, err, line);	\
8ae002
+  fails += run_conversion ("UTF-32BE", "UTF-16LE", buf, 4, err, line);	\
8ae002
+  fails += run_conversion ("UTF-32BE", "UTF-16BE", buf, 4, err, line);	\
8ae002
+  buf[0] = b3;								\
8ae002
+  buf[1] = b2;								\
8ae002
+  buf[2] = b1;								\
8ae002
+  buf[3] = b0;								\
8ae002
+  fails += run_conversion ("UTF-32LE", "WCHAR_T", buf, 4, err, line);	\
8ae002
+  fails += run_conversion ("UTF-32LE", "UTF-8", buf, 4, err, line);	\
8ae002
+  fails += run_conversion ("UTF-32LE", "UTF-16LE", buf, 4, err, line);	\
8ae002
+  fails += run_conversion ("UTF-32LE", "UTF-16BE", buf, 4, err, line);
8ae002
+
8ae002
+  /* Use UCS4/UTF32 input of 0xD7FF.  */
8ae002
+  RUN_UCS4_UTF32_INPUT (0x0, 0x0, 0xD7, 0xFF, 0, __LINE__);
8ae002
+
8ae002
+  /* Use UCS4/UTF32 input of 0xD800.  */
8ae002
+  RUN_UCS4_UTF32_INPUT (0x0, 0x0, 0xD8, 0x00, EILSEQ, __LINE__);
8ae002
+
8ae002
+  /* Use UCS4/UTF32 input of 0xDBFF.  */
8ae002
+  RUN_UCS4_UTF32_INPUT (0x0, 0x0, 0xDB, 0xFF, EILSEQ, __LINE__);
8ae002
+
8ae002
+  /* Use UCS4/UTF32 input of 0xDC00.  */
8ae002
+  RUN_UCS4_UTF32_INPUT (0x0, 0x0, 0xDC, 0x00, EILSEQ, __LINE__);
8ae002
+
8ae002
+  /* Use UCS4/UTF32 input of 0xDFFF.  */
8ae002
+  RUN_UCS4_UTF32_INPUT (0x0, 0x0, 0xDF, 0xFF, EILSEQ, __LINE__);
8ae002
+
8ae002
+  /* Use UCS4/UTF32 input of 0xE000.  */
8ae002
+  RUN_UCS4_UTF32_INPUT (0x0, 0x0, 0xE0, 0x00, 0, __LINE__);
8ae002
+
8ae002
+
8ae002
+  /* Use RUN_UTF16_INPUT to test conversion from UTF16[LE|BE] to INTERNAL.
8ae002
+     Converting directly from UTF-16 to UTF-8|32 is needed,
8ae002
+     because e.g. s390x has iconv-modules which converts directly.
8ae002
+     Use len == 2 or 4 to specify one or two UTF-16 characters.  */
8ae002
+#define RUN_UTF16_INPUT(b0, b1, b2, b3, len, err, line)			\
8ae002
+  buf[0] = b0;								\
8ae002
+  buf[1] = b1;								\
8ae002
+  buf[2] = b2;								\
8ae002
+  buf[3] = b3;								\
8ae002
+  fails += run_conversion ("UTF-16BE", "WCHAR_T", buf, len, err, line);	\
8ae002
+  fails += run_conversion ("UTF-16BE", "UTF-8", buf, len, err, line);	\
8ae002
+  fails += run_conversion ("UTF-16BE", "UTF-32LE", buf, len, err, line); \
8ae002
+  fails += run_conversion ("UTF-16BE", "UTF-32BE", buf, len, err, line); \
8ae002
+  buf[0] = b1;								\
8ae002
+  buf[1] = b0;								\
8ae002
+  buf[2] = b3;								\
8ae002
+  buf[3] = b2;								\
8ae002
+  fails += run_conversion ("UTF-16LE", "WCHAR_T", buf, len, err, line);	\
8ae002
+  fails += run_conversion ("UTF-16LE", "UTF-8", buf, len, err, line);	\
8ae002
+  fails += run_conversion ("UTF-16LE", "UTF-32LE", buf, len, err, line); \
8ae002
+  fails += run_conversion ("UTF-16LE", "UTF-32BE", buf, len, err, line);
8ae002
+
8ae002
+  /* Use UTF16 input of 0xD7FF.  */
8ae002
+  RUN_UTF16_INPUT (0xD7, 0xFF, 0xD7, 0xFF, 4, 0, __LINE__);
8ae002
+
8ae002
+  /* Use [single] UTF16 high surrogate 0xD800 [with a valid character behind].
8ae002
+     And check an UTF16 surrogate pair [without valid low surrogate].  */
8ae002
+  RUN_UTF16_INPUT (0xD8, 0x0, 0x0, 0x0, 2, EINVAL, __LINE__);
8ae002
+  RUN_UTF16_INPUT (0xD8, 0x0, 0xD7, 0xFF, 4, EILSEQ, __LINE__);
8ae002
+  RUN_UTF16_INPUT (0xD8, 0x0, 0xD8, 0x0, 4, EILSEQ, __LINE__);
8ae002
+  RUN_UTF16_INPUT (0xD8, 0x0, 0xE0, 0x0, 4, EILSEQ, __LINE__);
8ae002
+  RUN_UTF16_INPUT (0xD8, 0x0, 0xDC, 0x0, 4, 0, __LINE__);
8ae002
+
8ae002
+  /* Use [single] UTF16 high surrogate 0xDBFF [with a valid character behind].
8ae002
+     And check an UTF16 surrogate pair [without valid low surrogate].  */
8ae002
+  RUN_UTF16_INPUT (0xDB, 0xFF, 0x0, 0x0, 2, EINVAL, __LINE__);
8ae002
+  RUN_UTF16_INPUT (0xDB, 0xFF, 0xD7, 0xFF, 4, EILSEQ, __LINE__);
8ae002
+  RUN_UTF16_INPUT (0xDB, 0xFF, 0xDB, 0xFF, 4, EILSEQ, __LINE__);
8ae002
+  RUN_UTF16_INPUT (0xDB, 0xFF, 0xE0, 0x0, 4, EILSEQ, __LINE__);
8ae002
+  RUN_UTF16_INPUT (0xDB, 0xFF, 0xDF, 0xFF, 4, 0, __LINE__);
8ae002
+
8ae002
+  /* Use single UTF16 low surrogate 0xDC00 [with a valid character behind].
8ae002
+     And check an UTF16 surrogate pair [without valid high surrogate].   */
8ae002
+  RUN_UTF16_INPUT (0xDC, 0x0, 0x0, 0x0, 2, EILSEQ, __LINE__);
8ae002
+  RUN_UTF16_INPUT (0xDC, 0x0, 0xD7, 0xFF, 4, EILSEQ, __LINE__);
8ae002
+  RUN_UTF16_INPUT (0xD8, 0x0, 0xDC, 0x0, 4, 0, __LINE__);
8ae002
+  RUN_UTF16_INPUT (0xD7, 0xFF, 0xDC, 0x0, 4, EILSEQ, __LINE__);
8ae002
+  RUN_UTF16_INPUT (0xDC, 0x0, 0xDC, 0x0, 4, EILSEQ, __LINE__);
8ae002
+  RUN_UTF16_INPUT (0xE0, 0x0, 0xDC, 0x0, 4, EILSEQ, __LINE__);
8ae002
+
8ae002
+  /* Use single UTF16 low surrogate 0xDFFF [with a valid character behind].
8ae002
+     And check an UTF16 surrogate pair [without valid high surrogate].   */
8ae002
+  RUN_UTF16_INPUT (0xDF, 0xFF, 0x0, 0x0, 2, EILSEQ, __LINE__);
8ae002
+  RUN_UTF16_INPUT (0xDF, 0xFF, 0xD7, 0xFF, 4, EILSEQ, __LINE__);
8ae002
+  RUN_UTF16_INPUT (0xDB, 0xFF, 0xDF, 0xFF, 4, 0, __LINE__);
8ae002
+  RUN_UTF16_INPUT (0xD7, 0xFF, 0xDF, 0xFF, 4, EILSEQ, __LINE__);
8ae002
+  RUN_UTF16_INPUT (0xDF, 0xFF, 0xDF, 0xFF, 4, EILSEQ, __LINE__);
8ae002
+  RUN_UTF16_INPUT (0xE0, 0x0, 0xDF, 0xFF, 4, EILSEQ, __LINE__);
8ae002
+
8ae002
+  /* Use UCS4/UTF32 input of 0xE000.  */
8ae002
+  RUN_UTF16_INPUT (0xE0, 0x0, 0xE0, 0x0, 4, 0, __LINE__);
8ae002
+
8ae002
+
8ae002
+  /* Use RUN_UTF8_3BYTE_INPUT to test conversion from UTF-8 to INTERNAL.
8ae002
+     Converting directly from UTF-8 to UTF-16|32 is needed,
8ae002
+     because e.g. s390x has iconv-modules which converts directly.  */
8ae002
+#define RUN_UTF8_3BYTE_INPUT(b0, b1, b2, err, line)			\
8ae002
+  buf[0] = b0;								\
8ae002
+  buf[1] = b1;								\
8ae002
+  buf[2] = b2;								\
8ae002
+  fails += run_conversion ("UTF-8", "WCHAR_T", buf, 3, err, line);	\
8ae002
+  fails += run_conversion ("UTF-8", "UTF-16LE", buf, 3, err, line);	\
8ae002
+  fails += run_conversion ("UTF-8", "UTF-16BE", buf, 3, err, line);	\
8ae002
+  fails += run_conversion ("UTF-8", "UTF-32LE", buf, 3, err, line);	\
8ae002
+  fails += run_conversion ("UTF-8", "UTF-32BE", buf, 3, err, line);
8ae002
+
8ae002
+  /* Use UTF-8 input of 0xD7FF.  */
8ae002
+  RUN_UTF8_3BYTE_INPUT (0xED, 0x9F, 0xBF, 0, __LINE__);
8ae002
+
8ae002
+  /* Use UTF-8 input of 0xD800.  */
8ae002
+  RUN_UTF8_3BYTE_INPUT (0xED, 0xA0, 0x80, EILSEQ, __LINE__);
8ae002
+
8ae002
+  /* Use UTF-8 input of 0xDBFF.  */
8ae002
+  RUN_UTF8_3BYTE_INPUT (0xED, 0xAF, 0xBF, EILSEQ, __LINE__);
8ae002
+
8ae002
+  /* Use UTF-8 input of 0xDC00.  */
8ae002
+  RUN_UTF8_3BYTE_INPUT (0xED, 0xB0, 0x80, EILSEQ, __LINE__);
8ae002
+
8ae002
+  /* Use UTF-8 input of 0xDFFF.  */
8ae002
+  RUN_UTF8_3BYTE_INPUT (0xED, 0xBF, 0xBF, EILSEQ, __LINE__);
8ae002
+
8ae002
+  /* Use UTF-8 input of 0xF000.  */
8ae002
+  RUN_UTF8_3BYTE_INPUT (0xEF, 0x80, 0x80, 0, __LINE__);
8ae002
+
8ae002
+  return fails > 0 ? EXIT_FAILURE : EXIT_SUCCESS;
8ae002
+}
8ae002
+
8ae002
+#define TEST_FUNCTION do_test ()
8ae002
+#include "../test-skeleton.c"
8ae002
diff --git a/iconvdata/utf-16.c b/iconvdata/utf-16.c
8ae002
index b4ddfeb..e833d3c 100644
8ae002
--- a/iconvdata/utf-16.c
8ae002
+++ b/iconvdata/utf-16.c
8ae002
@@ -294,6 +294,12 @@ gconv_end (struct __gconv_step *data)
8ae002
 	  {								      \
8ae002
 	    uint16_t u2;						      \
8ae002
 									      \
8ae002
+	    if (__glibc_unlikely (u1 >= 0xdc00))			      \
8ae002
+	      {								      \
8ae002
+		/* This is no valid first word for a surrogate.  */	      \
8ae002
+		STANDARD_FROM_LOOP_ERR_HANDLER (2);			      \
8ae002
+	      }								      \
8ae002
+									      \
8ae002
 	    /* It's a surrogate character.  At least the first word says      \
8ae002
 	       it is.  */						      \
8ae002
 	    if (__builtin_expect (inptr + 4 > inend, 0))		      \
8ae002
@@ -328,6 +334,12 @@ gconv_end (struct __gconv_step *data)
8ae002
 	  }								      \
8ae002
 	else								      \
8ae002
 	  {								      \
8ae002
+	    if (__glibc_unlikely (u1 >= 0xdc00))			      \
8ae002
+	      {								      \
8ae002
+		/* This is no valid first word for a surrogate.  */	      \
8ae002
+		STANDARD_FROM_LOOP_ERR_HANDLER (2);			      \
8ae002
+	      }								      \
8ae002
+									      \
8ae002
 	    /* It's a surrogate character.  At least the first word says      \
8ae002
 	       it is.  */						      \
8ae002
 	    if (__builtin_expect (inptr + 4 > inend, 0))		      \
8ae002
diff --git a/iconvdata/utf-32.c b/iconvdata/utf-32.c
8ae002
index e0c4b19..1173d6f 100644
8ae002
--- a/iconvdata/utf-32.c
8ae002
+++ b/iconvdata/utf-32.c
8ae002
@@ -238,7 +238,8 @@ gconv_end (struct __gconv_step *data)
8ae002
     if (swap)								      \
8ae002
       u1 = bswap_32 (u1);						      \
8ae002
 									      \
8ae002
-    if (__builtin_expect (u1 >= 0x110000, 0))				      \
8ae002
+    if (__builtin_expect (u1 >= 0x110000				      \
8ae002
+			  || (u1 >= 0xd800 && u1 < 0xe000), 0))		      \
8ae002
       {									      \
8ae002
 	/* This is illegal.  */						      \
8ae002
 	STANDARD_FROM_LOOP_ERR_HANDLER (4);				      \
8ae002
-- 
8ae002
1.8.3.1
8ae002