[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-gettext] Bug#876498: gettext: msgunfmt: heap corruption
From: |
Jakub Wilk |
Subject: |
Re: [bug-gettext] Bug#876498: gettext: msgunfmt: heap corruption |
Date: |
Sat, 23 Sep 2017 19:43:16 +0200 |
User-agent: |
NeoMutt/20170609 (1.8.3) |
* Daiki Ueno <address@hidden>, 2017-09-23, 18:22:
Running msgunfmt under valgrind might give you more hints.
Curiously, it no longer crashes under valgrind, but a bunch of
out-of-bounds reads are reported:
Invalid read of size 1
at 0x4831097: index (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
by 0x10AD42: read_mo_file (read-mo.c:374)
by 0x109B59: read_one_file (msgunfmt.c:555)
by 0x109B59: main (msgunfmt.c:401)
Address 0x6fa2722 is 0 bytes after a block of size 2 alloc'd
at 0x482E2BC: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
by 0x48CD289: xmalloc (xmalloc.c:65)
by 0x10A713: get_sysdep_string.isra.1 (read-mo.c:197)
by 0x10AD36: read_mo_file (read-mo.c:372)
by 0x109B59: read_one_file (msgunfmt.c:555)
by 0x109B59: main (msgunfmt.c:401)
Invalid read of size 1
at 0x48313E3: strlen (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
by 0x10AD9D: read_mo_file (read-mo.c:392)
by 0x109B59: read_one_file (msgunfmt.c:555)
by 0x109B59: main (msgunfmt.c:401)
Address 0x6fa2722 is 0 bytes after a block of size 2 ...
Invalid read of size 1
at 0x487388E: format_parse_entrails (format-c-parse.h:199)
by 0x487388E: format_parse (format-c.c:68)
by 0x10AE3F: read_mo_file (read-mo.c:414)
by 0x109B59: read_one_file (msgunfmt.c:555)
by 0x109B59: main (msgunfmt.c:401)
Address 0x6fa2722 is 0 bytes after a block of size 2 ...
Invalid read of size 1
at 0x48313E3: strlen (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
by 0x10AE1E: read_mo_file (read-mo.c:411)
by 0x109B59: read_one_file (msgunfmt.c:555)
by 0x109B59: main (msgunfmt.c:401)
Address 0x6fa2722 is 0 bytes after a block of size 2 ...
Invalid read of size 1
at 0x487388E: format_parse_entrails (format-c-parse.h:199)
by 0x487388E: format_parse (format-c.c:68)
by 0x10AF03: read_mo_file (read-mo.c:432)
by 0x109B59: read_one_file (msgunfmt.c:555)
by 0x109B59: main (msgunfmt.c:401)
Address 0x6fa2f88 is 0 bytes after a block of size 2,096 alloc'd
at 0x482E2BC: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
by 0x48CD289: xmalloc (xmalloc.c:65)
by 0x10A713: get_sysdep_string.isra.1 (read-mo.c:197)
by 0x10AD89: read_mo_file (read-mo.c:388)
by 0x109B59: read_one_file (msgunfmt.c:555)
by 0x109B59: main (msgunfmt.c:401)
Invalid read of size 1
at 0x48313E3: strlen (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
by 0x10AEE6: read_mo_file (read-mo.c:429)
by 0x109B59: read_one_file (msgunfmt.c:555)
by 0x109B59: main (msgunfmt.c:401)
Address 0x6fa2f88 is 0 bytes after a block of size 2,096 alloc'd ...
I am suspecting this is caused by a missing NUL termination in
get_sysdep_string in read-mo.c, which should be fixed by the attached
patch.
Thanks. The patch fixes the crash and all valgrind warnings.
--
Jakub Wilk