* [Bug localedata/14594] New: Testing a mangled pointer results in initializer not being called
@ 2012-09-19 15:50 law at redhat dot com
2013-11-01 1:16 ` [Bug localedata/14594] " neleai at seznam dot cz
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: law at redhat dot com @ 2012-09-19 15:50 UTC (permalink / raw)
To: libc-locales
http://sourceware.org/bugzilla/show_bug.cgi?id=14594
Bug #: 14594
Summary: Testing a mangled pointer results in initializer not
being called
Product: glibc
Version: 2.17
Status: NEW
Severity: normal
Priority: P2
Component: localedata
AssignedTo: unassigned@sourceware.org
ReportedBy: law@redhat.com
CC: libc-locales@sources.redhat.com
Classification: Unclassified
If a gconv module's init function has an address that is the same as the
pointer guard value, then the gconv module's init function will not be called.
The problem is find_module tests the *mangled* pointer against NULL and if that
test is false, then the initializer is called.
Obviously with the mangling function being a simple xor, if the function's
address is the same as the pointer guard, the mangled value will be zero and
the initializer doesn't get called.
Inspection shows similar problems gconv_db.c. There's also an instance in
btowc.c, but in that case the test is just controlling an optimization and as
far as I can tell doesn't result in incorrect operation.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread* [Bug localedata/14594] Testing a mangled pointer results in initializer not being called 2012-09-19 15:50 [Bug localedata/14594] New: Testing a mangled pointer results in initializer not being called law at redhat dot com @ 2013-11-01 1:16 ` neleai at seznam dot cz 2013-11-01 1:16 ` carlos at redhat dot com ` (3 subsequent siblings) 4 siblings, 0 replies; 6+ messages in thread From: neleai at seznam dot cz @ 2013-11-01 1:16 UTC (permalink / raw) To: libc-locales https://sourceware.org/bugzilla/show_bug.cgi?id=14594 Ondrej Bilka <neleai at seznam dot cz> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |neleai at seznam dot cz --- Comment #1 from Ondrej Bilka <neleai at seznam dot cz> --- If function is xor then we could set last bit of guard to 1. As function pointers are aligned a result cannot be zero. -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug localedata/14594] Testing a mangled pointer results in initializer not being called 2012-09-19 15:50 [Bug localedata/14594] New: Testing a mangled pointer results in initializer not being called law at redhat dot com 2013-11-01 1:16 ` [Bug localedata/14594] " neleai at seznam dot cz @ 2013-11-01 1:16 ` carlos at redhat dot com 2013-11-01 1:17 ` carlos at redhat dot com ` (2 subsequent siblings) 4 siblings, 0 replies; 6+ messages in thread From: carlos at redhat dot com @ 2013-11-01 1:16 UTC (permalink / raw) To: libc-locales https://sourceware.org/bugzilla/show_bug.cgi?id=14594 Carlos O'Donell <carlos at redhat dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |carlos at redhat dot com --- Comment #2 from Carlos O'Donell <carlos at redhat dot com> --- Fedora has a fix for this already I think, which is just unconditionally demangle and *then* check for null. There is almost not performance benefit to checking the mangled value for null, demangling if it is, and then calling the function. -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug localedata/14594] Testing a mangled pointer results in initializer not being called 2012-09-19 15:50 [Bug localedata/14594] New: Testing a mangled pointer results in initializer not being called law at redhat dot com 2013-11-01 1:16 ` [Bug localedata/14594] " neleai at seznam dot cz 2013-11-01 1:16 ` carlos at redhat dot com @ 2013-11-01 1:17 ` carlos at redhat dot com 2014-06-17 4:31 ` fweimer at redhat dot com 2015-08-27 22:00 ` [Bug locale/14594] " jsm28 at gcc dot gnu.org 4 siblings, 0 replies; 6+ messages in thread From: carlos at redhat dot com @ 2013-11-01 1:17 UTC (permalink / raw) To: libc-locales https://sourceware.org/bugzilla/show_bug.cgi?id=14594 --- Comment #3 from Carlos O'Donell <carlos at redhat dot com> --- Created attachment 7263 --> https://sourceware.org/bugzilla/attachment.cgi?id=7263&action=edit Consistently demangle -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug localedata/14594] Testing a mangled pointer results in initializer not being called 2012-09-19 15:50 [Bug localedata/14594] New: Testing a mangled pointer results in initializer not being called law at redhat dot com ` (2 preceding siblings ...) 2013-11-01 1:17 ` carlos at redhat dot com @ 2014-06-17 4:31 ` fweimer at redhat dot com 2015-08-27 22:00 ` [Bug locale/14594] " jsm28 at gcc dot gnu.org 4 siblings, 0 replies; 6+ messages in thread From: fweimer at redhat dot com @ 2014-06-17 4:31 UTC (permalink / raw) To: libc-locales https://sourceware.org/bugzilla/show_bug.cgi?id=14594 Florian Weimer <fweimer at redhat dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fweimer at redhat dot com Flags| |security- --- Comment #4 from Florian Weimer <fweimer at redhat dot com> --- (In reply to Carlos O'Donell from comment #3) > Created attachment 7263 [details] > Consistently demangle Does this really work? Are these pointers never initialized to NULL? -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug locale/14594] Testing a mangled pointer results in initializer not being called 2012-09-19 15:50 [Bug localedata/14594] New: Testing a mangled pointer results in initializer not being called law at redhat dot com ` (3 preceding siblings ...) 2014-06-17 4:31 ` fweimer at redhat dot com @ 2015-08-27 22:00 ` jsm28 at gcc dot gnu.org 4 siblings, 0 replies; 6+ messages in thread From: jsm28 at gcc dot gnu.org @ 2015-08-27 22:00 UTC (permalink / raw) To: libc-locales https://sourceware.org/bugzilla/show_bug.cgi?id=14594 Joseph Myers <jsm28 at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|localedata |locale -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-08-27 22:00 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2012-09-19 15:50 [Bug localedata/14594] New: Testing a mangled pointer results in initializer not being called law at redhat dot com 2013-11-01 1:16 ` [Bug localedata/14594] " neleai at seznam dot cz 2013-11-01 1:16 ` carlos at redhat dot com 2013-11-01 1:17 ` carlos at redhat dot com 2014-06-17 4:31 ` fweimer at redhat dot com 2015-08-27 22:00 ` [Bug locale/14594] " jsm28 at gcc dot gnu.org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).