From owner-freebsd-ports-bugs@FreeBSD.ORG Sun May 8 11:40:02 2005 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD08E16A4E2 for ; Sun, 8 May 2005 11:40:02 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7771643D8E for ; Sun, 8 May 2005 11:40:02 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j48Be2fW090293 for ; Sun, 8 May 2005 11:40:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j48Be2aM090292; Sun, 8 May 2005 11:40:02 GMT (envelope-from gnats) Resent-Date: Sun, 8 May 2005 11:40:02 GMT Resent-Message-Id: <200505081140.j48Be2aM090292@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, YONETANI Tomokazu Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D4DC616A4E1 for ; Sun, 8 May 2005 11:31:31 +0000 (GMT) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id A6D2443D90 for ; Sun, 8 May 2005 11:31:31 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j48BVV1v031412 for ; Sun, 8 May 2005 11:31:31 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id j48BVV36031411; Sun, 8 May 2005 11:31:31 GMT (envelope-from nobody) Message-Id: <200505081131.j48BVV36031411@www.freebsd.org> Date: Sun, 8 May 2005 11:31:31 GMT From: YONETANI Tomokazu To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Subject: ports/80755: uim segmentation fault X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 May 2005 11:40:02 -0000 >Number: 80755 >Category: ports >Synopsis: uim segmentation fault >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun May 08 11:40:02 GMT 2005 >Closed-Date: >Last-Modified: >Originator: YONETANI Tomokazu >Release: FreeBSD 4.11-RELEASE >Organization: >Environment: >Description: uim-0.4.6 (japanese/uim port) has incorrect use of bind_textdomain_codeset() in its macro definition in uim/context.h . The macros in question are as follows: UIM_SWITCH_TEXTDOMAIN_CODESET UIM_RESTORE_TEXTDOMAIN_CODESET The former calls bind_textdomain_codeset() to get the current codeset and set it to a local pointer orig_encoding (defined by another macro), then call bind_textdomain_codeset() to set the new codeset for the specified textdomain. The latter restores the previous codeset for the textdomain by calling bind_textdomain_codeset() with orig_encoding as its argument. According to the man page of bind_textdomain_codeset() function, the return value is valid until the next call to the same function. That is, the original codeset pointed to by orig_encoding is no longer valid by the time UIM_RESTORE_TEXTDOMAIN_CODESET is used. This sometimes results in referencing a free'ed memory location and segmentation fault, because the private function set_binding_values() frees the previously handed out string before registering the new codeset string. >How-To-Repeat: Install mlterm with WITH_UIM=yes, and turn on uim from the configuration panel, and type in a few keystrokes. >Fix: Drop in the following patch into files/ directory. (also available at http://les.ath.cx/patches/patch-uim-context.h) --- uim/context.h.orig 2005-02-05 11:50:05.000000000 +0900 +++ uim/context.h 2005-05-08 20:07:28.000000000 +0900 @@ -156,13 +156,18 @@ #ifdef ENABLE_NLS #define UIM_PREPARE_SAVING_TEXTDOMAIN_CODESET() \ - const char *orig_encoding, *client_encoding; + char *orig_encoding; \ + const char *client_encoding; #define UIM_SWITCH_TEXTDOMAIN_CODESET(uc) \ orig_encoding = bind_textdomain_codeset(GETTEXT_PACKAGE, NULL); \ + if (orig_encoding != NULL) \ + orig_encoding = strdup(orig_encoding); \ client_encoding = (uc) ? ((struct uim_context_ *)uc)->encoding : uim_last_client_encoding; \ bind_textdomain_codeset(GETTEXT_PACKAGE, client_encoding); #define UIM_RESTORE_TEXTDOMAIN_CODESET() \ - bind_textdomain_codeset(GETTEXT_PACKAGE, orig_encoding); + bind_textdomain_codeset(GETTEXT_PACKAGE, orig_encoding); \ + if (orig_encoding != NULL) \ + free(orig_encoding); #else /* ENABLE_NLS */ #define UIM_PREPARE_SAVING_TEXTDOMAIN_CODESET() #define UIM_SWITCH_TEXTDOMAIN_CODESET(uc) >Release-Note: >Audit-Trail: >Unformatted: