public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/15441] New: _nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value.
@ 2013-05-07 18:53 carlos at redhat dot com
  2013-05-07 18:53 ` [Bug libc/15441] " carlos at redhat dot com
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: carlos at redhat dot com @ 2013-05-07 18:53 UTC (permalink / raw)
  To: glibc-bugs

http://sourceware.org/bugzilla/show_bug.cgi?id=15441

             Bug #: 15441
           Summary: _nl_find_msg: Failure to check for NULL, and callers
                    failing to handle -1 return value.
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: unassigned@sourceware.org
        ReportedBy: carlos@redhat.com
                CC: drepper.fsp@gmail.com
    Classification: Unclassified


This commit:
commit 006dd86111c44572dbd3b26e9c63dd0f834d7762
Author: Jeff Law <law at redhat.com>
Date:   Thu Jun 21 17:15:38 2012 -0600

            [BZ #14277]
            * intl/dcigettext.c (_nl_find_msg): Avoid use after potential
            free.  Simplify list management for _LIBC case.

Fails to check malloc's return in intl/dcigettext.c (_nl_find_msg):
~~~~
               freemem_size = INITIAL_BLOCK_SIZE;
               newmem = (transmem_block_t *) malloc (freemem_size);
 # ifdef _LIBC
              /* Add the block to the list of blocks we have to free
             at some point.  */
              newmem->next = transmem_list;
              transmem_list = newmem;
~~~
If malloc fails then newmem is NULL then newmem->next results in a fault.
The fix is easy enough, check for newmem != NULL, and fall through to
the error condition below which returns (char *) -1 e.g. resource error.

The problem is that returning (char *) -1  will break all sorts of other
callers, so while what we did is correct, the real failure case fix is slightly
broader.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug libc/15441] _nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value.
  2013-05-07 18:53 [Bug libc/15441] New: _nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value carlos at redhat dot com
@ 2013-05-07 18:53 ` carlos at redhat dot com
  2013-05-22 18:49 ` carlos at redhat dot com
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: carlos at redhat dot com @ 2013-05-07 18:53 UTC (permalink / raw)
  To: glibc-bugs

http://sourceware.org/bugzilla/show_bug.cgi?id=15441

--- Comment #1 from Carlos O'Donell <carlos at redhat dot com> 2013-05-07 18:53:36 UTC ---
Patch posted:
http://sourceware.org/ml/libc-alpha/2013-05/msg00190.html

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug libc/15441] _nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value.
  2013-05-07 18:53 [Bug libc/15441] New: _nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value carlos at redhat dot com
  2013-05-07 18:53 ` [Bug libc/15441] " carlos at redhat dot com
@ 2013-05-22 18:49 ` carlos at redhat dot com
  2013-05-22 18:56 ` carlos at redhat dot com
  2014-06-13 18:07 ` fweimer at redhat dot com
  3 siblings, 0 replies; 5+ messages in thread
From: carlos at redhat dot com @ 2013-05-22 18:49 UTC (permalink / raw)
  To: glibc-bugs

http://sourceware.org/bugzilla/show_bug.cgi?id=15441

--- Comment #2 from Carlos O'Donell <carlos at redhat dot com> 2013-05-22 18:49:33 UTC ---
Upstream gnu gettext bug submitted:
http://savannah.gnu.org/bugs/?38930

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug libc/15441] _nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value.
  2013-05-07 18:53 [Bug libc/15441] New: _nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value carlos at redhat dot com
  2013-05-07 18:53 ` [Bug libc/15441] " carlos at redhat dot com
  2013-05-22 18:49 ` carlos at redhat dot com
@ 2013-05-22 18:56 ` carlos at redhat dot com
  2014-06-13 18:07 ` fweimer at redhat dot com
  3 siblings, 0 replies; 5+ messages in thread
From: carlos at redhat dot com @ 2013-05-22 18:56 UTC (permalink / raw)
  To: glibc-bugs

http://sourceware.org/bugzilla/show_bug.cgi?id=15441

Carlos O'Donell <carlos at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #3 from Carlos O'Donell <carlos at redhat dot com> 2013-05-22 18:56:47 UTC ---
Fixed by:

commit 7a44c18fb4b1a65ebb1fece0b0d04f2570ed4d82
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Wed May 22 14:50:26 2013 -0400

    Fix _nl_find_msg malloc failure case, and callers.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Bug libc/15441] _nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value.
  2013-05-07 18:53 [Bug libc/15441] New: _nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value carlos at redhat dot com
                   ` (2 preceding siblings ...)
  2013-05-22 18:56 ` carlos at redhat dot com
@ 2014-06-13 18:07 ` fweimer at redhat dot com
  3 siblings, 0 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2014-06-13 18:07 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=15441

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |security-

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-06-13 18:07 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-05-07 18:53 [Bug libc/15441] New: _nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value carlos at redhat dot com
2013-05-07 18:53 ` [Bug libc/15441] " carlos at redhat dot com
2013-05-22 18:49 ` carlos at redhat dot com
2013-05-22 18:56 ` carlos at redhat dot com
2014-06-13 18:07 ` fweimer at redhat dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).