public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/15441] New: _nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value.
@ 2013-05-07 18:53 carlos at redhat dot com
2013-05-07 18:53 ` [Bug libc/15441] " carlos at redhat dot com
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: carlos at redhat dot com @ 2013-05-07 18:53 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=15441
Bug #: 15441
Summary: _nl_find_msg: Failure to check for NULL, and callers
failing to handle -1 return value.
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: unassigned@sourceware.org
ReportedBy: carlos@redhat.com
CC: drepper.fsp@gmail.com
Classification: Unclassified
This commit:
commit 006dd86111c44572dbd3b26e9c63dd0f834d7762
Author: Jeff Law <law at redhat.com>
Date: Thu Jun 21 17:15:38 2012 -0600
[BZ #14277]
* intl/dcigettext.c (_nl_find_msg): Avoid use after potential
free. Simplify list management for _LIBC case.
Fails to check malloc's return in intl/dcigettext.c (_nl_find_msg):
~~~~
freemem_size = INITIAL_BLOCK_SIZE;
newmem = (transmem_block_t *) malloc (freemem_size);
# ifdef _LIBC
/* Add the block to the list of blocks we have to free
at some point. */
newmem->next = transmem_list;
transmem_list = newmem;
~~~
If malloc fails then newmem is NULL then newmem->next results in a fault.
The fix is easy enough, check for newmem != NULL, and fall through to
the error condition below which returns (char *) -1 e.g. resource error.
The problem is that returning (char *) -1 will break all sorts of other
callers, so while what we did is correct, the real failure case fix is slightly
broader.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/15441] _nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value.
2013-05-07 18:53 [Bug libc/15441] New: _nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value carlos at redhat dot com
@ 2013-05-07 18:53 ` carlos at redhat dot com
2013-05-22 18:49 ` carlos at redhat dot com
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: carlos at redhat dot com @ 2013-05-07 18:53 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=15441
--- Comment #1 from Carlos O'Donell <carlos at redhat dot com> 2013-05-07 18:53:36 UTC ---
Patch posted:
http://sourceware.org/ml/libc-alpha/2013-05/msg00190.html
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/15441] _nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value.
2013-05-07 18:53 [Bug libc/15441] New: _nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value carlos at redhat dot com
2013-05-07 18:53 ` [Bug libc/15441] " carlos at redhat dot com
@ 2013-05-22 18:49 ` carlos at redhat dot com
2013-05-22 18:56 ` carlos at redhat dot com
2014-06-13 18:07 ` fweimer at redhat dot com
3 siblings, 0 replies; 5+ messages in thread
From: carlos at redhat dot com @ 2013-05-22 18:49 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=15441
--- Comment #2 from Carlos O'Donell <carlos at redhat dot com> 2013-05-22 18:49:33 UTC ---
Upstream gnu gettext bug submitted:
http://savannah.gnu.org/bugs/?38930
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/15441] _nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value.
2013-05-07 18:53 [Bug libc/15441] New: _nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value carlos at redhat dot com
2013-05-07 18:53 ` [Bug libc/15441] " carlos at redhat dot com
2013-05-22 18:49 ` carlos at redhat dot com
@ 2013-05-22 18:56 ` carlos at redhat dot com
2014-06-13 18:07 ` fweimer at redhat dot com
3 siblings, 0 replies; 5+ messages in thread
From: carlos at redhat dot com @ 2013-05-22 18:56 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=15441
Carlos O'Donell <carlos at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #3 from Carlos O'Donell <carlos at redhat dot com> 2013-05-22 18:56:47 UTC ---
Fixed by:
commit 7a44c18fb4b1a65ebb1fece0b0d04f2570ed4d82
Author: Carlos O'Donell <carlos@redhat.com>
Date: Wed May 22 14:50:26 2013 -0400
Fix _nl_find_msg malloc failure case, and callers.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/15441] _nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value.
2013-05-07 18:53 [Bug libc/15441] New: _nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value carlos at redhat dot com
` (2 preceding siblings ...)
2013-05-22 18:56 ` carlos at redhat dot com
@ 2014-06-13 18:07 ` fweimer at redhat dot com
3 siblings, 0 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2014-06-13 18:07 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=15441
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-06-13 18:07 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-05-07 18:53 [Bug libc/15441] New: _nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value carlos at redhat dot com
2013-05-07 18:53 ` [Bug libc/15441] " carlos at redhat dot com
2013-05-22 18:49 ` carlos at redhat dot com
2013-05-22 18:56 ` carlos at redhat dot com
2014-06-13 18:07 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).