https://bugzilla.redhat.com/show_bug.cgi?id=1533121
Bug ID: 1533121 Summary: libunistring is not thread safe and contains invalid memory accesses Product: Fedora Version: rawhide Component: libunistring Assignee: p@draigbrady.com Reporter: fweimer@redhat.com QA Contact: extras-qa@fedoraproject.org CC: dueno@redhat.com, i18n-bugs@lists.fedoraproject.org, jim@meyering.net, p@draigbrady.com, redhat-bugzilla@linuxnetz.de
It uses malloca, which uses global data without synchronization. This can result in crashes or information leaks in multi-threaded programs:
http://lists.gnu.org/archive/html/bug-gnulib/2018-01/msg00046.html
Furthermore, the following example program results in a valgrind warning:
#include <err.h> #include <locale.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <uniconv.h>
int main (void) { if (setlocale (LC_ALL, "en_US.ISO-8859-1") == NULL) err (1, "setlocale"); /* Try to provide better valgrind results. */ char *str = strdup ("non-idn.example"); if (str == NULL) err (1, "strdup"); unsigned char *result = u8_strconv_from_locale (str); if (result == NULL) errx (1, "u8_strconv_from_locale"); printf ("[[%s]]\n", result); free (str); return 0; }
==29579== Conditional jump or move depends on uninitialised value(s) ==29579== at 0x4E4C61C: libunistring_freea (in /usr/lib64/libunistring.so.2.0.0) ==29579== by 0x4E4EDA4: libunistring_mem_iconveha (in /usr/lib64/libunistring.so.2.0.0) ==29579== by 0x4E55CFC: u8_conv_from_encoding (in /usr/lib64/libunistring.so.2.0.0) ==29579== by 0x4E55FB7: u8_strconv_from_encoding (in /usr/lib64/libunistring.so.2.0.0) ==29579== by 0x4006D9: main (unistring-uninit.c:17) ==29579== Uninitialised value was created by a stack allocation ==29579== at 0x4E4ED0C: libunistring_mem_iconveha (in /usr/lib64/libunistring.so.2.0.0)
https://bugzilla.redhat.com/show_bug.cgi?id=1533121
Florian Weimer fweimer@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1452750
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1452750 [Bug 1452750] glibc: switch to libidn2
https://bugzilla.redhat.com/show_bug.cgi?id=1533121
Nikos Mavrogiannopoulos nmavrogi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |nmavrogi@redhat.com
--- Comment #1 from Nikos Mavrogiannopoulos nmavrogi@redhat.com --- Adding these for reference: http://lists.gnu.org/archive/html/bug-gnulib/2018-01/msg00046.html
https://bugzilla.redhat.com/show_bug.cgi?id=1533121
Nikos Mavrogiannopoulos nmavrogi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fweimer@redhat.com Flags| |needinfo?(fweimer@redhat.co | |m)
--- Comment #2 from Nikos Mavrogiannopoulos nmavrogi@redhat.com --- Florian if there is an upstream release with the fix and the fedora package includes would glibc be still blocked for F28?
https://bugzilla.redhat.com/show_bug.cgi?id=1533121
Florian Weimer fweimer@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(fweimer@redhat.co | |m) |
--- Comment #3 from Florian Weimer fweimer@redhat.com --- I'm not aware of any libunistring upstream fix. The code was copied from gnulib, and it was fixed in:
commit 8a4aa2ec86c0e94c6ed548519b1660c6b1bac0c1 Author: Bruno Haible bruno@clisp.org Date: Fri Feb 2 19:32:02 2018 +0100
malloca, xmalloca: Make multithread-safe.
Plus some subsequent cleanups.
I think this issue arises only on non-UTF-8 locales. Since UTF-8 is the default in Fedora, I don't think it qualifies as a blocker.
https://bugzilla.redhat.com/show_bug.cgi?id=1533121
Florian Weimer fweimer@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Version|28 |rawhide
--- Comment #5 from Florian Weimer fweimer@redhat.com --- libunistring 0.9.9 was released today, copying the fixes from gnulib.
https://bugzilla.redhat.com/show_bug.cgi?id=1533121
Daiki Ueno dueno@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |RAWHIDE Last Closed| |2018-03-01 05:19:44
--- Comment #6 from Daiki Ueno dueno@redhat.com --- Built it in all active branches and submitted the updates for F27 and F26.
i18n-bugs@lists.fedoraproject.org