Sourceware Bugzilla – Bug 15441
_nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value.
Last modified: 2013-05-22 18:56:47 UTC
Author: Jeff Law <law at redhat.com>
Date: Thu Jun 21 17:15:38 2012 -0600
* intl/dcigettext.c (_nl_find_msg): Avoid use after potential
free. Simplify list management for _LIBC case.
Fails to check malloc's return in intl/dcigettext.c (_nl_find_msg):
freemem_size = INITIAL_BLOCK_SIZE;
newmem = (transmem_block_t *) malloc (freemem_size);
# ifdef _LIBC
/* Add the block to the list of blocks we have to free
at some point. */
newmem->next = transmem_list;
transmem_list = newmem;
If malloc fails then newmem is NULL then newmem->next results in a fault.
The fix is easy enough, check for newmem != NULL, and fall through to
the error condition below which returns (char *) -1 e.g. resource error.
The problem is that returning (char *) -1 will break all sorts of other
callers, so while what we did is correct, the real failure case fix is slightly
Upstream gnu gettext bug submitted:
Author: Carlos O'Donell <firstname.lastname@example.org>
Date: Wed May 22 14:50:26 2013 -0400
Fix _nl_find_msg malloc failure case, and callers.