This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] iconv_open: Fix heap corruption on gconv_init failure [BZ #22026]


On Aug 29 2017, fweimer@redhat.com (Florian Weimer) wrote:

> diff --git a/iconv/gconv_db.c b/iconv/gconv_db.c
> index b748467de5..de3e5d92fe 100644
> --- a/iconv/gconv_db.c
> +++ b/iconv/gconv_db.c
> @@ -318,9 +318,12 @@ gen_steps (struct derivation_step *best, const char *toset,
>  		  if (__builtin_expect (status, __GCONV_OK) != __GCONV_OK)
>  		    {
>  		      failed = 1;
> -		      /* Make sure we unload this modules.  */
> -		      --step_cnt;
> +		      /* Do not call the end function because the init
> +			 function has failed.  */
>  		      result[step_cnt].__end_fct = NULL;
> +# ifdef PTR_MANGLE
> +		      PTR_MANGLE (result[step_cnt].__end_fct);
> +# endif

You still need to decrement step_cnt, otherwise you have a resource
leak.

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]