Consider this test program: #include <stdio.h> #include <locale.h> #include <fnmatch.h> int main(int argc, char *argv[]) { setlocale(LC_ALL, ""); if (argc != 3) { fprintf(stderr, "usage: fnmatch <pattern> <string>\n"); return 2; } return !!fnmatch(argv[1], argv[2], 0); } When called as export LC_ALL=en_US.UTF-8 ./fnmatch $'[[.L\u00B7.]]' . # [[.LĀ·.]] This results in a segmentation fault in internal_fnwmatch. Seen on glibc 2.32 built with GCC 10.2.0, also reproducible with the libc6-2.31-0ubuntu9 provided by Ubuntu 20.04 for amd64. (I think there are a few more bugs in there that do not result in a crash, but do result in a wrong return value. Should I include the details in here or report that separately?)
Fixed in 2.33. For further bugs please open separate reports.
Marking as security- because this needs a crafted pattern.