+2019-05-21 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #24584]
+ * wcsmbs/wcsmbsload.c (__wcsmbs_clone_conv): Acquire __gconv_lock
+ before updating __counter field and release it afterwards. Add
+ overflow check.
+ * iconv/gconv.h (struct __gconv_step): Mention synchronization
+ requirement for __counter member.
+
2019-05-21 Florian Weimer <fweimer@redhat.com>
[BZ #24583]
struct __gconv_loaded_object *__shlib_handle;
const char *__modname;
+ /* For internal use by glibc. (Accesses to this member must occur
+ when the internal __gconv_lock mutex is acquired). */
int __counter;
char *__from_name;
#include <langinfo.h>
#include <limits.h>
#include <stdlib.h>
+#include <stdio.h>
#include <string.h>
#include <locale/localeinfo.h>
/* Copy the data. */
*copy = *orig;
- /* Now increment the usage counters.
- Note: This assumes copy->*_nsteps == 1. */
+ /* Now increment the usage counters. Note: This assumes
+ copy->*_nsteps == 1. The current locale holds a reference, so it
+ is still there after acquiring the lock. */
+
+ __libc_lock_lock (__gconv_lock);
+
+ bool overflow = false;
if (copy->towc->__shlib_handle != NULL)
- ++copy->towc->__counter;
+ overflow |= __builtin_add_overflow (copy->towc->__counter, 1,
+ ©->towc->__counter);
if (copy->tomb->__shlib_handle != NULL)
- ++copy->tomb->__counter;
+ overflow |= __builtin_add_overflow (copy->tomb->__counter, 1,
+ ©->tomb->__counter);
+
+ __libc_lock_unlock (__gconv_lock);
+
+ if (overflow)
+ __libc_fatal ("\
+Fatal glibc error: gconv module reference counter overflow\n");
}
projects / thirdparty / glibc.git / commitdiff
