From owner-cvs-all@FreeBSD.ORG Wed Dec 24 02:46:38 2003 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E857116A4CE; Wed, 24 Dec 2003 02:46:38 -0800 (PST) Received: from phantom.cris.net (phantom.cris.net [212.110.130.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 22C1943D1D; Wed, 24 Dec 2003 02:46:36 -0800 (PST) (envelope-from ru@FreeBSD.org.ua) Received: from phantom.cris.net (ru@localhost [127.0.0.1]) by phantom.cris.net (8.12.10/8.12.10) with ESMTP id hBOAkVl7015703; Wed, 24 Dec 2003 12:46:31 +0200 (EET) (envelope-from ru@FreeBSD.org.ua) Received: (from ru@localhost) by phantom.cris.net (8.12.10/8.12.10/Submit) id hBOAkVeu015702; Wed, 24 Dec 2003 12:46:31 +0200 (EET) (envelope-from ru) Date: Wed, 24 Dec 2003 12:46:30 +0200 From: Ruslan Ermilov To: "Andrey A. Chernov" Message-ID: <20031224104630.GA15131@FreeBSD.org.ua> References: <200312241016.hBOAGkGo000116@repoman.freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="envbJBWh7q8WU6mo" Content-Disposition: inline In-Reply-To: <200312241016.hBOAGkGo000116@repoman.freebsd.org> User-Agent: Mutt/1.5.5.1i cc: cvs-src@FreeBSD.org cc: src-committers@FreeBSD.org cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libc/locale setlocale.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Dec 2003 10:46:39 -0000 --envbJBWh7q8WU6mo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 24, 2003 at 02:16:46AM -0800, Andrey A. Chernov wrote: > ache 2003/12/24 02:16:46 PST >=20 > FreeBSD src repository >=20 > Modified files: > lib/libc/locale setlocale.c=20 > Log: > Properly advance "x/y/z" form slash-pointers in some rare cases > =20 > PR: 60539 > =20 > Revision Changes Path > 1.49 +4 -4 src/lib/libc/locale/setlocale.c >=20 I like your fix much better, but I disagree with your "rare". Just a simple argument of "C/C" exhibits this bug (#1 in the PR), which is not rare. If the locale argument to setlocle() is malloc()'ed, chances are better this ends up with SIGSEGV: locale =3D malloc(4); strcpy(locale, "C/C"); setlocale(LC_ALL, locale); Sure the "C/C//C" case where length becomes negative is rare. The bug is more dangerous in the "C/C///C" case (more than two slashes), because length becomes -2, and the size argument to strlcpy() becomes (size_t)(-1), quite large unsigned integer. Hopefully, the target (new_categories[]) is not on stack. Cheers, --=20 Ruslan Ermilov FreeBSD committer ru@FreeBSD.org --envbJBWh7q8WU6mo Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/6W6GUkv4P6juNwoRAoe/AJsGe0av8zhENWRhhbVk2EkZ5RMCQACcC993 PymJCTN4SXK5M4E9wWOz0Dk= =JSg3 -----END PGP SIGNATURE----- --envbJBWh7q8WU6mo--