From 6954290401d2d25631840c73f20a612db8ea3b57 Mon Sep 17 00:00:00 2001 From: Bruno Haible Date: Wed, 29 Jan 2025 12:30:02 +0100 Subject: [PATCH] intl: Fix undefined behaviour. Found using clang's undefined-behaviour sanitizer: CC="clang -fsanitize=undefined -fno-sanitize-recover=undefined". It reported errors dcigettext.c:1219:25: runtime error: applying non-zero offset 8 to null pointer because the code was computing outbuf = freemem + sizeof (size_t); where freemem == NULL. * gettext-runtime/intl/dcigettext.c (_nl_find_msg): Initialize outbuf only after having verified that freemem_size >= sizeof (size_t). --- gettext-runtime/intl/dcigettext.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/gettext-runtime/intl/dcigettext.c b/gettext-runtime/intl/dcigettext.c index 3a6329473..899a487b5 100644 --- a/gettext-runtime/intl/dcigettext.c +++ b/gettext-runtime/intl/dcigettext.c @@ -1,5 +1,5 @@ /* Implementation of the internal dcigettext function. - Copyright (C) 1995-2024 Free Software Foundation, Inc. + Copyright (C) 1995-2025 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by @@ -1216,7 +1216,6 @@ _nl_find_msg (struct loaded_l10nfile *domain_file, not_translated_yet: inbuf = (const unsigned char *) result; - outbuf = freemem + sizeof (size_t); # ifndef _LIBC transmem_list = NULL; # endif @@ -1225,13 +1224,16 @@ _nl_find_msg (struct loaded_l10nfile *domain_file, while (1) { transmem_block_t *newmem; -# ifdef _LIBC - size_t non_reversible; - int res; if (freemem_size < sizeof (size_t)) goto resize_freemem; + outbuf = freemem + sizeof (size_t); + +# ifdef _LIBC + size_t non_reversible; + int res; + res = __gconv (convd->conv, &inbuf, inbuf + resultlen, &outbuf, @@ -1257,9 +1259,6 @@ _nl_find_msg (struct loaded_l10nfile *domain_file, char *outptr = (char *) outbuf; size_t outleft; - if (freemem_size < sizeof (size_t)) - goto resize_freemem; - outleft = freemem_size - sizeof (size_t); if (iconv (convd->conv, (ICONV_CONST char **) &inptr, &inleft, @@ -1328,8 +1327,6 @@ _nl_find_msg (struct loaded_l10nfile *domain_file, transmem_list = newmem; freemem = newmem; # endif - - outbuf = freemem + sizeof (size_t); } /* We have now in our buffer a converted string. Put this -- 2.47.3