public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug localedata/14594] New: Testing a mangled pointer results in initializer not being called
@ 2012-09-19 13:35 law at redhat dot com
2013-10-31 19:01 ` [Bug localedata/14594] " neleai at seznam dot cz
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: law at redhat dot com @ 2012-09-19 13:35 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=14594
Bug #: 14594
Summary: Testing a mangled pointer results in initializer not
being called
Product: glibc
Version: 2.17
Status: NEW
Severity: normal
Priority: P2
Component: localedata
AssignedTo: unassigned@sourceware.org
ReportedBy: law@redhat.com
CC: libc-locales@sources.redhat.com
Classification: Unclassified
If a gconv module's init function has an address that is the same as the
pointer guard value, then the gconv module's init function will not be called.
The problem is find_module tests the *mangled* pointer against NULL and if that
test is false, then the initializer is called.
Obviously with the mangling function being a simple xor, if the function's
address is the same as the pointer guard, the mangled value will be zero and
the initializer doesn't get called.
Inspection shows similar problems gconv_db.c. There's also an instance in
btowc.c, but in that case the test is just controlling an optimization and as
far as I can tell doesn't result in incorrect operation.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug localedata/14594] Testing a mangled pointer results in initializer not being called
2012-09-19 13:35 [Bug localedata/14594] New: Testing a mangled pointer results in initializer not being called law at redhat dot com
@ 2013-10-31 19:01 ` neleai at seznam dot cz
2013-10-31 19:40 ` carlos at redhat dot com
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: neleai at seznam dot cz @ 2013-10-31 19:01 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=14594
Ondrej Bilka <neleai at seznam dot cz> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |neleai at seznam dot cz
--- Comment #1 from Ondrej Bilka <neleai at seznam dot cz> ---
If function is xor then we could set last bit of guard to 1. As function
pointers are aligned a result cannot be zero.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug localedata/14594] Testing a mangled pointer results in initializer not being called
2012-09-19 13:35 [Bug localedata/14594] New: Testing a mangled pointer results in initializer not being called law at redhat dot com
2013-10-31 19:01 ` [Bug localedata/14594] " neleai at seznam dot cz
@ 2013-10-31 19:40 ` carlos at redhat dot com
2013-10-31 19:40 ` carlos at redhat dot com
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: carlos at redhat dot com @ 2013-10-31 19:40 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=14594
Carlos O'Donell <carlos at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |carlos at redhat dot com
--- Comment #2 from Carlos O'Donell <carlos at redhat dot com> ---
Fedora has a fix for this already I think, which is just unconditionally
demangle and *then* check for null.
There is almost not performance benefit to checking the mangled value for null,
demangling if it is, and then calling the function.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug localedata/14594] Testing a mangled pointer results in initializer not being called
2012-09-19 13:35 [Bug localedata/14594] New: Testing a mangled pointer results in initializer not being called law at redhat dot com
2013-10-31 19:01 ` [Bug localedata/14594] " neleai at seznam dot cz
2013-10-31 19:40 ` carlos at redhat dot com
@ 2013-10-31 19:40 ` carlos at redhat dot com
2014-06-17 4:28 ` fweimer at redhat dot com
2015-08-27 21:57 ` [Bug locale/14594] " jsm28 at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: carlos at redhat dot com @ 2013-10-31 19:40 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=14594
--- Comment #3 from Carlos O'Donell <carlos at redhat dot com> ---
Created attachment 7263
--> https://sourceware.org/bugzilla/attachment.cgi?id=7263&action=edit
Consistently demangle
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug localedata/14594] Testing a mangled pointer results in initializer not being called
2012-09-19 13:35 [Bug localedata/14594] New: Testing a mangled pointer results in initializer not being called law at redhat dot com
` (2 preceding siblings ...)
2013-10-31 19:40 ` carlos at redhat dot com
@ 2014-06-17 4:28 ` fweimer at redhat dot com
2015-08-27 21:57 ` [Bug locale/14594] " jsm28 at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2014-06-17 4:28 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=14594
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
Flags| |security-
--- Comment #4 from Florian Weimer <fweimer at redhat dot com> ---
(In reply to Carlos O'Donell from comment #3)
> Created attachment 7263 [details]
> Consistently demangle
Does this really work? Are these pointers never initialized to NULL?
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug locale/14594] Testing a mangled pointer results in initializer not being called
2012-09-19 13:35 [Bug localedata/14594] New: Testing a mangled pointer results in initializer not being called law at redhat dot com
` (3 preceding siblings ...)
2014-06-17 4:28 ` fweimer at redhat dot com
@ 2015-08-27 21:57 ` jsm28 at gcc dot gnu.org
4 siblings, 0 replies; 6+ messages in thread
From: jsm28 at gcc dot gnu.org @ 2015-08-27 21:57 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=14594
Joseph Myers <jsm28 at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|localedata |locale
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-08-27 21:57 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-09-19 13:35 [Bug localedata/14594] New: Testing a mangled pointer results in initializer not being called law at redhat dot com
2013-10-31 19:01 ` [Bug localedata/14594] " neleai at seznam dot cz
2013-10-31 19:40 ` carlos at redhat dot com
2013-10-31 19:40 ` carlos at redhat dot com
2014-06-17 4:28 ` fweimer at redhat dot com
2015-08-27 21:57 ` [Bug locale/14594] " jsm28 at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).