Date: Sun, 8 May 2005 11:31:31 GMT From: YONETANI Tomokazu <qhwt+fbsd@les.ath.cx> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/80755: uim segmentation fault Message-ID: <200505081131.j48BVV36031411@www.freebsd.org> Resent-Message-ID: <200505081140.j48Be2aM090292@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 80755 >Category: ports >Synopsis: uim segmentation fault >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun May 08 11:40:02 GMT 2005 >Closed-Date: >Last-Modified: >Originator: YONETANI Tomokazu >Release: FreeBSD 4.11-RELEASE >Organization: >Environment: >Description: uim-0.4.6 (japanese/uim port) has incorrect use of bind_textdomain_codeset() in its macro definition in uim/context.h . The macros in question are as follows: UIM_SWITCH_TEXTDOMAIN_CODESET UIM_RESTORE_TEXTDOMAIN_CODESET The former calls bind_textdomain_codeset() to get the current codeset and set it to a local pointer orig_encoding (defined by another macro), then call bind_textdomain_codeset() to set the new codeset for the specified textdomain. The latter restores the previous codeset for the textdomain by calling bind_textdomain_codeset() with orig_encoding as its argument. According to the man page of bind_textdomain_codeset() function, the return value is valid until the next call to the same function. That is, the original codeset pointed to by orig_encoding is no longer valid by the time UIM_RESTORE_TEXTDOMAIN_CODESET is used. This sometimes results in referencing a free'ed memory location and segmentation fault, because the private function set_binding_values() frees the previously handed out string before registering the new codeset string. >How-To-Repeat: Install mlterm with WITH_UIM=yes, and turn on uim from the configuration panel, and type in a few keystrokes. >Fix: Drop in the following patch into files/ directory. (also available at http://les.ath.cx/patches/patch-uim-context.h) --- uim/context.h.orig 2005-02-05 11:50:05.000000000 +0900 +++ uim/context.h 2005-05-08 20:07:28.000000000 +0900 @@ -156,13 +156,18 @@ #ifdef ENABLE_NLS #define UIM_PREPARE_SAVING_TEXTDOMAIN_CODESET() \ - const char *orig_encoding, *client_encoding; + char *orig_encoding; \ + const char *client_encoding; #define UIM_SWITCH_TEXTDOMAIN_CODESET(uc) \ orig_encoding = bind_textdomain_codeset(GETTEXT_PACKAGE, NULL); \ + if (orig_encoding != NULL) \ + orig_encoding = strdup(orig_encoding); \ client_encoding = (uc) ? ((struct uim_context_ *)uc)->encoding : uim_last_client_encoding; \ bind_textdomain_codeset(GETTEXT_PACKAGE, client_encoding); #define UIM_RESTORE_TEXTDOMAIN_CODESET() \ - bind_textdomain_codeset(GETTEXT_PACKAGE, orig_encoding); + bind_textdomain_codeset(GETTEXT_PACKAGE, orig_encoding); \ + if (orig_encoding != NULL) \ + free(orig_encoding); #else /* ENABLE_NLS */ #define UIM_PREPARE_SAVING_TEXTDOMAIN_CODESET() #define UIM_SWITCH_TEXTDOMAIN_CODESET(uc) >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200505081131.j48BVV36031411>