wcsxfrm() with empty locale crashes the runtime

wcsxfrm() with empty locale crashes the runtime

[LRN]

[-- Attachment #1.1.1: Type: text/plain, Size: 253 bytes --]

The testcase is attached. Running it with Cygwin-i386 leads to a crash. My
guess is that the implementation is not POSIX-conformant and tries to
dereference the first argument (NULL), even though the third argument is 0.

Tested with Cygwin-3.0.4.

[-- Attachment #1.1.2: wcsxfrm_test.c --]
[-- Type: text/plain, Size: 180 bytes --]

#include <wchar.h>
#include <stdlib.h>
#include <locale.h>

int
main ()
{
  wchar_t w[2] = { L'z', L'\0' };
  setlocale (LC_ALL, "");
  int l = wcsxfrm (NULL, w, 0);
  return l;
}

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: wcsxfrm() with empty locale crashes the runtime

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 1219 bytes --]

On Mar 19 22:28, LRN wrote:
> The testcase is attached. Running it with Cygwin-i386 leads to a crash. My
> guess is that the implementation is not POSIX-conformant and tries to
> dereference the first argument (NULL), even though the third argument is 0.
> 
> Tested with Cygwin-3.0.4.

> #include <wchar.h>
> #include <stdlib.h>
> #include <locale.h>
> 
> int
> main ()
> {
>   wchar_t w[2] = { L'z', L'\0' };
>   setlocale (LC_ALL, "");
>   int l = wcsxfrm (NULL, w, 0);
>   return l;
> }

Thanks for the testcase.  The problem has been introduced in commit
c0d7d3e1a2fa (*) when it turned out that combining the LCMAP_SORTKEY and
LCMAP_BYTEREV flags to LCMapStringW(**) were not such a good idea after
all.  The fix at the time was to do the byte swap ourselves, but that
patch forgot to take a char count of 0 into account.

I pushed a patch and uploaded new developer snapshots to
https://cygwin.com/snapshots/

Pleas give them a try.


Thanks,
Corinna

(*) https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;a=commitdiff;h=c0d7d3e1a2fa
(**) https://docs.microsoft.com/en-us/windows/desktop/api/winnls/nf-winnls-lcmapstringex

-- 
Corinna Vinschen
Cygwin Maintainer

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: wcsxfrm() with empty locale crashes the runtime

[Brian Inglis]

On 2019-03-19 13:28, LRN wrote:
> The testcase is attached. Running it with Cygwin-i386 leads to a crash. My
> guess is that the implementation is not POSIX-conformant and tries to
> dereference the first argument (NULL), even though the third argument is 0.
> 
> Tested with Cygwin-3.0.4.

$ man wcsxfrm
...
	If n is 0, stra may be a NULL pointer.

	(NOT Cygwin:) The current implementation of wcsxfrm simply uses wcslcpy
	and does not support any language-specific transformations.
...

As wcslcpy is a BSD extension, any expectations are excessive; OpenBSD says:

"Also note that wcslcpy() and wcslcat() only operate on wide strings that are
terminated with a null wide character (L'\0'). This means that for wcslcpy() src
must be terminated with a null wide character..."

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: wcsxfrm() with empty locale crashes the runtime

[LRN]

[-- Attachment #1.1: Type: text/plain, Size: 329 bytes --]

On 19.03.2019 23:42, Corinna Vinschen wrote:
> On Mar 19 22:28, LRN wrote:
>> The testcase is attached. Running it with Cygwin-i386 leads to a crash.
> 
> I pushed a patch and uploaded new developer snapshots to
> https://cygwin.com/snapshots/
> 
> Pleas give them a try.
> 

Gave them a try, doesn't crash anymore.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]