* [Bug localedata/14594] New: Testing a mangled pointer results in initializer not being called @ 2012-09-19 15:50 law at redhat dot com 2013-11-01 1:16 ` [Bug localedata/14594] " carlos at redhat dot com ` (4 more replies) 0 siblings, 5 replies; 6+ messages in thread From: law at redhat dot com @ 2012-09-19 15:50 UTC (permalink / raw) To: libc-locales http://sourceware.org/bugzilla/show_bug.cgi?id=14594 Bug #: 14594 Summary: Testing a mangled pointer results in initializer not being called Product: glibc Version: 2.17 Status: NEW Severity: normal Priority: P2 Component: localedata AssignedTo: unassigned@sourceware.org ReportedBy: law@redhat.com CC: libc-locales@sources.redhat.com Classification: Unclassified If a gconv module's init function has an address that is the same as the pointer guard value, then the gconv module's init function will not be called. The problem is find_module tests the *mangled* pointer against NULL and if that test is false, then the initializer is called. Obviously with the mangling function being a simple xor, if the function's address is the same as the pointer guard, the mangled value will be zero and the initializer doesn't get called. Inspection shows similar problems gconv_db.c. There's also an instance in btowc.c, but in that case the test is just controlling an optimization and as far as I can tell doesn't result in incorrect operation. -- Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug localedata/14594] Testing a mangled pointer results in initializer not being called 2012-09-19 15:50 [Bug localedata/14594] New: Testing a mangled pointer results in initializer not being called law at redhat dot com @ 2013-11-01 1:16 ` carlos at redhat dot com 2013-11-01 1:16 ` neleai at seznam dot cz ` (3 subsequent siblings) 4 siblings, 0 replies; 6+ messages in thread From: carlos at redhat dot com @ 2013-11-01 1:16 UTC (permalink / raw) To: libc-locales https://sourceware.org/bugzilla/show_bug.cgi?id=14594 Carlos O'Donell <carlos at redhat dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |carlos at redhat dot com --- Comment #2 from Carlos O'Donell <carlos at redhat dot com> --- Fedora has a fix for this already I think, which is just unconditionally demangle and *then* check for null. There is almost not performance benefit to checking the mangled value for null, demangling if it is, and then calling the function. -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug localedata/14594] Testing a mangled pointer results in initializer not being called 2012-09-19 15:50 [Bug localedata/14594] New: Testing a mangled pointer results in initializer not being called law at redhat dot com 2013-11-01 1:16 ` [Bug localedata/14594] " carlos at redhat dot com @ 2013-11-01 1:16 ` neleai at seznam dot cz 2013-11-01 1:17 ` carlos at redhat dot com ` (2 subsequent siblings) 4 siblings, 0 replies; 6+ messages in thread From: neleai at seznam dot cz @ 2013-11-01 1:16 UTC (permalink / raw) To: libc-locales https://sourceware.org/bugzilla/show_bug.cgi?id=14594 Ondrej Bilka <neleai at seznam dot cz> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |neleai at seznam dot cz --- Comment #1 from Ondrej Bilka <neleai at seznam dot cz> --- If function is xor then we could set last bit of guard to 1. As function pointers are aligned a result cannot be zero. -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug localedata/14594] Testing a mangled pointer results in initializer not being called 2012-09-19 15:50 [Bug localedata/14594] New: Testing a mangled pointer results in initializer not being called law at redhat dot com 2013-11-01 1:16 ` [Bug localedata/14594] " carlos at redhat dot com 2013-11-01 1:16 ` neleai at seznam dot cz @ 2013-11-01 1:17 ` carlos at redhat dot com 2014-06-17 4:31 ` fweimer at redhat dot com 2015-08-27 22:00 ` [Bug locale/14594] " jsm28 at gcc dot gnu.org 4 siblings, 0 replies; 6+ messages in thread From: carlos at redhat dot com @ 2013-11-01 1:17 UTC (permalink / raw) To: libc-locales https://sourceware.org/bugzilla/show_bug.cgi?id=14594 --- Comment #3 from Carlos O'Donell <carlos at redhat dot com> --- Created attachment 7263 --> https://sourceware.org/bugzilla/attachment.cgi?id=7263&action=edit Consistently demangle -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug localedata/14594] Testing a mangled pointer results in initializer not being called 2012-09-19 15:50 [Bug localedata/14594] New: Testing a mangled pointer results in initializer not being called law at redhat dot com ` (2 preceding siblings ...) 2013-11-01 1:17 ` carlos at redhat dot com @ 2014-06-17 4:31 ` fweimer at redhat dot com 2015-08-27 22:00 ` [Bug locale/14594] " jsm28 at gcc dot gnu.org 4 siblings, 0 replies; 6+ messages in thread From: fweimer at redhat dot com @ 2014-06-17 4:31 UTC (permalink / raw) To: libc-locales https://sourceware.org/bugzilla/show_bug.cgi?id=14594 Florian Weimer <fweimer at redhat dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fweimer at redhat dot com Flags| |security- --- Comment #4 from Florian Weimer <fweimer at redhat dot com> --- (In reply to Carlos O'Donell from comment #3) > Created attachment 7263 [details] > Consistently demangle Does this really work? Are these pointers never initialized to NULL? -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug locale/14594] Testing a mangled pointer results in initializer not being called 2012-09-19 15:50 [Bug localedata/14594] New: Testing a mangled pointer results in initializer not being called law at redhat dot com ` (3 preceding siblings ...) 2014-06-17 4:31 ` fweimer at redhat dot com @ 2015-08-27 22:00 ` jsm28 at gcc dot gnu.org 4 siblings, 0 replies; 6+ messages in thread From: jsm28 at gcc dot gnu.org @ 2015-08-27 22:00 UTC (permalink / raw) To: libc-locales https://sourceware.org/bugzilla/show_bug.cgi?id=14594 Joseph Myers <jsm28 at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|localedata |locale -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-08-27 22:00 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2012-09-19 15:50 [Bug localedata/14594] New: Testing a mangled pointer results in initializer not being called law at redhat dot com 2013-11-01 1:16 ` [Bug localedata/14594] " carlos at redhat dot com 2013-11-01 1:16 ` neleai at seznam dot cz 2013-11-01 1:17 ` carlos at redhat dot com 2014-06-17 4:31 ` fweimer at redhat dot com 2015-08-27 22:00 ` [Bug locale/14594] " jsm28 at gcc dot gnu.org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).