cvs commit: src/lib/libc/locale setlocale.c
Ruslan Ermilov
ru at FreeBSD.org
Wed Dec 24 02:46:39 PST 2003
On Wed, Dec 24, 2003 at 02:16:46AM -0800, Andrey A. Chernov wrote:
> ache 2003/12/24 02:16:46 PST
>
> FreeBSD src repository
>
> Modified files:
> lib/libc/locale setlocale.c
> Log:
> Properly advance "x/y/z" form slash-pointers in some rare cases
>
> PR: 60539
>
> Revision Changes Path
> 1.49 +4 -4 src/lib/libc/locale/setlocale.c
>
I like your fix much better, but I disagree with your "rare".
Just a simple argument of "C/C" exhibits this bug (#1 in the
PR), which is not rare. If the locale argument to setlocle()
is malloc()'ed, chances are better this ends up with SIGSEGV:
locale = malloc(4);
strcpy(locale, "C/C");
setlocale(LC_ALL, locale);
Sure the "C/C//C" case where length becomes negative is rare.
The bug is more dangerous in the "C/C///C" case (more than two
slashes), because length becomes -2, and the size argument to
strlcpy() becomes (size_t)(-1), quite large unsigned integer.
Hopefully, the target (new_categories[]) is not on stack.
Cheers,
--
Ruslan Ermilov
FreeBSD committer
ru at FreeBSD.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-src/attachments/20031224/e3b9a37e/attachment.bin
More information about the cvs-src
mailing list