In _nl_find_msg (dcigettext.c), outbuf was computed as
freemem + sizeof(size_t) before checking whether freemem_size is
large enough. When freemem is NULL (initial state), this is
undefined behaviour i.e arithmetic on a null pointer. Move the
outbuf assignment after the size check where freemem is guaranteed
to be a valid allocation.
In read_alias_file (localealias.c), after realloc the old
string_space pointer is dangling. The expression
new_pool - string_space subtracts a valid pointer from a dangling
one, which is undefined behaviour per ISO C 23.
Rewrite as new_pool + (map[i].alias - string_space) so both
operands of the subtraction point into the same (old) object
before string_space is reassigned.
Based on GNU gettext commits
695429040 and
2ebbdd0e2.
Original author: Bruno Haible <bruno@clisp.org>
Signed-off-by: Avinal Kumar <avinal.xlvii@gmail.com>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
not_translated_yet:
inbuf = (const unsigned char *) result;
- outbuf = freemem + sizeof (size_t);
# ifndef _LIBC
transmem_list = NULL;
# endif
while (1)
{
transmem_block_t *newmem;
-# ifdef _LIBC
- size_t non_reversible;
- int res;
if (freemem_size < sizeof (size_t))
goto resize_freemem;
+ outbuf = freemem + sizeof (size_t);
+
+# ifdef _LIBC
+ size_t non_reversible;
+ int res;
+
res = __gconv (convd->conv,
&inbuf, inbuf + resultlen,
&outbuf,
char *outptr = (char *) outbuf;
size_t outleft;
- if (freemem_size < sizeof (size_t))
- goto resize_freemem;
-
outleft = freemem_size - sizeof (size_t);
if (iconv (convd->conv,
(ICONV_CONST char **) &inptr, &inleft,
transmem_list = newmem;
freemem = newmem;
# endif
-
- outbuf = freemem + sizeof (size_t);
}
/* We have now in our buffer a converted string. Put this
for (i = 0; i < nmap; i++)
{
- map[i].alias += new_pool - string_space;
- map[i].value += new_pool - string_space;
+ map[i].alias =
+ new_pool + (map[i].alias - string_space);
+ map[i].value =
+ new_pool + (map[i].value - string_space);
}
}
projects / thirdparty / glibc.git / commitdiff
