This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug locale/20568] New: Segfault with wide characters and setlocale/fgetwc/UTF-8

            Bug ID: 20568
           Summary: Segfault with wide characters and
           Product: glibc
           Version: 2.24
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: locale
          Assignee: unassigned at sourceware dot org
          Reporter: tobias at stoeckmann dot org
  Target Milestone: ---

I have spotted a bug which looks rather obscure to me. Please see this C code
as a minimal way to reproduce this issue:

#include <locale.h>
#include <stdio.h>
#include <wchar.h>

        setlocale(LC_ALL, "");
        return 0;

$ gcc -o poc poc.c
$ python -c 'print 13*"\t"' | LC_CTYPE=en_US.UTF-8 ./poc
Segmentation fault
$ python -c 'print 13*"\t"' | LC_CTYPE=POSIX ./poc
$ _

It means that I have to enter around 13 tabulator characters to trigger the
issue, but it won't hurt to add a few more. I was able to reproduce this on
other distributions with glibc 2.24, so I don't think that it's specific to one
of them.

Also, this issue only happens with an LC_CTYPE of an UTF-8 locale. I have
tested en_US and de_DE, which both trigger this issue. With POSIX or C, the
segmentation fault is not triggered.

I hope this helps you to track down this bug, as I was unable to figure out the
flush mechanisms in glibc in a reasonable time. :)

The stack trace on my system with glibc 2.24 looks like this:

(gdb) bt
#0  __GI__IO_wfile_sync (fp=0xb77295a0 <_IO_2_1_stdin_>) at wfileops.c:534
#1  0xb75e2bc6 in _IO_default_setbuf (fp=0xb77295a0 <_IO_2_1_stdin_>, p=0x0,
len=0) at genops.c:523
#2  0xb75df2e2 in _IO_new_file_setbuf (fp=0xb77295a0 <_IO_2_1_stdin_>, p=0x0,
len=0) at fileops.c:459
#3  0xb75e3516 in _IO_unbuffer_all () at genops.c:921
#4  _IO_cleanup () at genops.c:966
#5  0xb75a5632 in __run_exit_handlers (status=0, listp=0xb77293dc
<__exit_funcs>, run_list_atexit=true, run_dtors=true) at exit.c:96
#6  0xb75a56f1 in __GI_exit (status=0) at exit.c:105
#7  0xb758f1b2 in __libc_start_main (main=0x804846b <main>, argc=1,
argv=0xbfef4004, init=0x80484b0 <__libc_csu_init>, fini=0x8048510
    rtld_fini=0xb774d7a0 <_dl_fini>, stack_end=0xbfef3ffc) at
#8  0x08048391 in _start () at ../sysdeps/i386/start.S:115

You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]