From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Thu, 17 Apr 2025 21:08:01 +0000 (-0300)
Subject: localte: Fix UB on collate_finish
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4c7cf51f8336a3bdd1374d15223972fbb286d627;p=thirdparty%2Fglibc.git

localte: Fix UB on collate_finish

The ubsan triggers:

UBSAN: Undefined behaviour in programs/ld-collate.c:1557:7 variable length array bound evaluates to non-positive value 0

nrules is guaranteed to be at most sizeof (((struct element_t *)
0)->used_in_level) * 8, so use it instead.
---

diff --git a/locale/programs/ld-collate.c b/locale/programs/ld-collate.c
index 4fa08bd273..6ac132f21e 100644
--- a/locale/programs/ld-collate.c
+++ b/locale/programs/ld-collate.c
@@ -1554,7 +1554,7 @@ collate_finish (struct localedef_t *locale, const struct charmap_t *charmap)
      The multibyte case is easy.  We simply sort into an array with
      256 elements.  */
   struct locale_collate_t *collate = locale->categories[LC_COLLATE].collate;
-  int mbact[nrules];
+  int mbact[sizeof (((struct element_t *)0)->used_in_level) * 8];
   int wcact;
   int mbseqact;
   int wcseqact;