[Bug locale/25115] New: Guard against divide by zero with corrupted locale archives

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug locale/25115] New: Guard against divide by zero with corrupted locale archives

glaubitz at physik dot fu-berlin.de
https://sourceware.org/bugzilla/show_bug.cgi?id=25115

            Bug ID: 25115
           Summary: Guard against divide by zero with corrupted locale
                    archives
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: locale
          Assignee: unassigned at sourceware dot org
          Reporter: dj at redhat dot com
  Target Milestone: ---

_nl_load_locale_from_archive() checks for a zero size, but
divides by both (size) and (size-2).  The check should be extended to guard
against a size of two or less.

Originally seen in Fedora:
https://bugzilla.redhat.com/show_bug.cgi?id=1470124

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug locale/25115] Guard against divide by zero with corrupted locale archives

glaubitz at physik dot fu-berlin.de
https://sourceware.org/bugzilla/show_bug.cgi?id=25115

dj at redhat dot com <dj at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|unassigned at sourceware dot org   |dj at redhat dot com

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug locale/25115] Guard against divide by zero with corrupted locale archives

glaubitz at physik dot fu-berlin.de
In reply to this post by glaubitz at physik dot fu-berlin.de
https://sourceware.org/bugzilla/show_bug.cgi?id=25115

--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by DJ Delorie <[hidden email]>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ef21bd2d8c6805c0c186a01f7c5039189f51b8c4

commit ef21bd2d8c6805c0c186a01f7c5039189f51b8c4
Author: DJ Delorie <[hidden email]>
Date:   Fri Oct 18 17:15:52 2019 -0400

    loadarchive: guard against locale-archive corruption (Bug #25115)

    _nl_load_locale_from_archive() checks for a zero size, but
    divides by both (size) and (size-2).  Extend the check to
    guard against a size of two or less.

    Tested by manually corrupting locale-archive and running a program
    that calls setlocale() with LOCPATH unset (size is typically very
    large).

    Reviewed-by: Carlos O'Donell <[hidden email]>

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug locale/25115] Guard against divide by zero with corrupted locale archives

glaubitz at physik dot fu-berlin.de
In reply to this post by glaubitz at physik dot fu-berlin.de
https://sourceware.org/bugzilla/show_bug.cgi?id=25115

dj at redhat dot com <dj at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #2 from dj at redhat dot com <dj at redhat dot com> ---
Fix committed.

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug locale/25115] Guard against divide by zero with corrupted locale archives

glaubitz at physik dot fu-berlin.de
In reply to this post by glaubitz at physik dot fu-berlin.de
https://sourceware.org/bugzilla/show_bug.cgi?id=25115

Carlos O'Donell <carlos at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |carlos at redhat dot com
           See Also|                            |https://bugzilla.redhat.com
                   |                            |/show_bug.cgi?id=1470124

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug locale/25115] Guard against divide by zero with corrupted locale archives

Sourceware - glibc-bugs mailing list
In reply to this post by glaubitz at physik dot fu-berlin.de
https://sourceware.org/bugzilla/show_bug.cgi?id=25115

Joseph Myers <jsm28 at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |2.31

--
You are receiving this mail because:
You are on the CC list for the bug.