This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v2] locale: don't crash if locale-archive contains all zeros
- From: "Carlos O'Donell" <carlos at redhat dot com>
- To: Mike Frysinger <vapier at gentoo dot org>, libc-alpha at sourceware dot org
- Cc: Aurelien Jarno <aurelien at aurel32 dot net>, OndÅej BÃlka <neleai at seznam dot cz>, Andreas Schwab <schwab at linux-m68k dot org>
- Date: Tue, 03 Dec 2013 17:30:33 -0500
- Subject: Re: [PATCH v2] locale: don't crash if locale-archive contains all zeros
- Authentication-results: sourceware.org; auth=none
- References: <1385897760-24820-1-git-send-email-aurelien at aurel32 dot net> <20131203114054 dot GA11190 at domone dot podge> <20131203132316 dot GS4601 at hall dot aurel32 dot net> <201312031308 dot 56717 dot vapier at gentoo dot org>
On 12/03/2013 01:08 PM, Mike Frysinger wrote:
> On Tuesday 03 December 2013 08:23:16 Aurelien Jarno wrote:
>> On Tue, Dec 03, 2013 at 12:40:54PM +0100, OndÅej BÃlka wrote:
>>> On Tue, Dec 03, 2013 at 12:21:33PM +0100, Andreas Schwab wrote:
>>>> Aurelien Jarno <aurelien@aurel32.net> writes:
>>>>> + /* Avoid division by 0 if the file is corrupted. */
>>>>> + if (__glibc_unlikely (head->namehash_size == 0))
>>>>> + goto close_and_out;
>>>>
>>>> That won't help for head->namehash_size == 2, or any other corruptions.
>>
>> Indeed it will still crash for head->namehash_size == 2, it's something
>> I missed. For other corruptions, they are handled later in the code.
>>
>>> Which is less common zeroed file. Proper solution would be starting
>>> files with magic constant which is too late to add.
>>
>> Isn't it possible to break the format between releases, iow people are
>> not supposed to rebuild the locales when installing a new libc?
>
> adding a magic constant would be good. do we feel like that'd catch most
> cases of corruption ? would some overall small crc check be useful too ? the
> point of the archive file is to be fast, so we don't want to bog it down in the
> general case ...
I like the idea of a small crc, but that's a lot more complicated than
a quick magic header check and invalid hash values... and would cost
more in performance.
I'm happy to see a magic header value go in with the invalid hash
check, but anything beyond that is going to need some performance
measurements.
Cheers,
Carlos.