This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/15441] New: _nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value.
- From: "carlos at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 07 May 2013 18:52:58 +0000
- Subject: [Bug libc/15441] New: _nl_find_msg: Failure to check for NULL, and callers failing to handle -1 return value.
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=15441
Bug #: 15441
Summary: _nl_find_msg: Failure to check for NULL, and callers
failing to handle -1 return value.
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: unassigned@sourceware.org
ReportedBy: carlos@redhat.com
CC: drepper.fsp@gmail.com
Classification: Unclassified
This commit:
commit 006dd86111c44572dbd3b26e9c63dd0f834d7762
Author: Jeff Law <law at redhat.com>
Date: Thu Jun 21 17:15:38 2012 -0600
[BZ #14277]
* intl/dcigettext.c (_nl_find_msg): Avoid use after potential
free. Simplify list management for _LIBC case.
Fails to check malloc's return in intl/dcigettext.c (_nl_find_msg):
~~~~
freemem_size = INITIAL_BLOCK_SIZE;
newmem = (transmem_block_t *) malloc (freemem_size);
# ifdef _LIBC
/* Add the block to the list of blocks we have to free
at some point. */
newmem->next = transmem_list;
transmem_list = newmem;
~~~
If malloc fails then newmem is NULL then newmem->next results in a fault.
The fix is easy enough, check for newmem != NULL, and fall through to
the error condition below which returns (char *) -1 e.g. resource error.
The problem is that returning (char *) -1 will break all sorts of other
callers, so while what we did is correct, the real failure case fix is slightly
broader.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.