We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 5022

Summary: SDL_iconv_string can get stuck in an infinite loop when encountering invalid characters
Product: SDL Reporter: Hampus Liljekvist <hlilje.public>
Component: joystickAssignee: Sam Lantinga <slouken>
Status: RESOLVED FIXED QA Contact: Sam Lantinga <slouken>
Severity: critical    
Priority: P2    
Version: 2.0.10   
Hardware: x86_64   
OS: macOS 10.15   
Attachments: Suggested fix

Description Hampus Liljekvist 2020-03-10 15:43:36 UTC 
In `SDL_iconv_string` the `while (inbytesleft > 0)` loop can end up in a state where it never terminates because the library `iconv` function called from `SDL_iconv` doesn't consume any bytes.

This happened when a `WCHAR_T` input string was being converted to `UTF-8` but contained invalid characters. It would first It would first skip a few bytes due to `case SDL_ICONV_EILSEQ` but when there were 3 bytes remaining of `inbytesleft` `iconv` just didn't consume anything more (but didn't throw an error either).

It just so happens that the Microsoft Classic IntelliMouse `product_string` contains such invalid characters (`"MicrosoftÆ Classic IntelliMouseÆ"`), meaning the function would get stuck with said mouse plugged in.

A fix for this would be to check if `inbytesleft` was unchanged after an iteration and in that case either decrement the counter like when `SDL_ICONV_EILSEQ` is returned or simply break the loop.
Comment 1 Hampus Liljekvist 2020-03-10 15:49:30 UTC 
To clarify the function call to `SDL_iconv_string` stemmed from `HIDAPI_AddDevice`, hence I chose the "joystick" component, but I guess this is a more generic issue than that.
Comment 2 Hampus Liljekvist 2020-03-10 16:13:55 UTC 
Created attachment 4246 [details]
Suggested fix
Comment 3 Sam Lantinga 2020-03-10 23:29:49 UTC 
This patch is added, thanks!
https://hg.libsdl.org/SDL/rev/3d3649fe086e