https://bugzilla.redhat.com/show_bug.cgi?id=1533121
Bug ID: 1533121
Summary: libunistring is not thread safe and contains invalid
memory accesses
Product: Fedora
Version: rawhide
Component: libunistring
Assignee: p(a)draigbrady.com
Reporter: fweimer(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dueno(a)redhat.com, i18n-bugs(a)lists.fedoraproject.org,
jim(a)meyering.net, p(a)draigbrady.com,
redhat-bugzilla(a)linuxnetz.de
It uses malloca, which uses global data without synchronization. This can
result in crashes or information leaks in multi-threaded programs:
http://lists.gnu.org/archive/html/bug-gnulib/2018-01/msg00046.html
Furthermore, the following example program results in a valgrind warning:
#include <err.h>
#include <locale.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <uniconv.h>
int
main (void)
{
if (setlocale (LC_ALL, "en_US.ISO-8859-1") == NULL)
err (1, "setlocale");
/* Try to provide better valgrind results. */
char *str = strdup ("non-idn.example");
if (str == NULL)
err (1, "strdup");
unsigned char *result = u8_strconv_from_locale (str);
if (result == NULL)
errx (1, "u8_strconv_from_locale");
printf ("[[%s]]\n", result);
free (str);
return 0;
}
==29579== Conditional jump or move depends on uninitialised value(s)
==29579== at 0x4E4C61C: libunistring_freea (in
/usr/lib64/libunistring.so.2.0.0)
==29579== by 0x4E4EDA4: libunistring_mem_iconveha (in
/usr/lib64/libunistring.so.2.0.0)
==29579== by 0x4E55CFC: u8_conv_from_encoding (in
/usr/lib64/libunistring.so.2.0.0)
==29579== by 0x4E55FB7: u8_strconv_from_encoding (in
/usr/lib64/libunistring.so.2.0.0)
==29579== by 0x4006D9: main (unistring-uninit.c:17)
==29579== Uninitialised value was created by a stack allocation
==29579== at 0x4E4ED0C: libunistring_mem_iconveha (in
/usr/lib64/libunistring.so.2.0.0)
--
You are receiving this mail because:
You are on the CC list for the bug.