bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

mbrtowc: fix invalid use of mbtowc() on MSVC


From: Bruno Haible
Subject: mbrtowc: fix invalid use of mbtowc() on MSVC
Date: Wed, 03 Jul 2019 19:35:02 +0200
User-agent: KMail/5.1.3 (Linux/4.4.0-151-generic; KDE/5.18.0; x86_64; ; )

On MSVC, I am seeing test failures:

FAIL: test-mbrtowc2.sh
======================

C:\testdir-posix-msvc\gltests\test-mbrtowc.c:205: assertion 'ret == 1' failed
FAIL test-mbrtowc2.sh (exit status: 127)

FAIL: test-mbsnrtowcs2.sh
=========================

C:\testdir-posix-msvc\gltests\test-mbsnrtowcs.c:162: assertion 'ret == 4' failed
FAIL test-mbsnrtowcs2.sh (exit status: 127)

FAIL: test-mbsrtowcs2.sh
========================

C:\testdir-posix-msvc\gltests\test-mbsrtowcs.c:162: assertion 'ret == 4' failed
FAIL test-mbsrtowcs2.sh (exit status: 127)


The cause is that the mbrtowc substitute makes wrong assumptions about the
internal state of the mbtowc() function. This patch fixes it (and keeps
mbrtowc multithread-safe, despite said internal state).


2019-07-03  Bruno Haible  <address@hidden>

        mbrtowc: Fix invalid use of mbtowc() on MSVC.
        * lib/mbrtowc.c: Include glthread/lock.h.
        (mbtowc_lock): New variable.
        (mbrtowc): Treat UTF-8 encoding without locking. For the other
        encodings, explicitly reset the internal state of mbtowc, and protect
        this through a lock.
        * modules/mbrtowc (Depends-on): Add lock.

diff --git a/lib/mbrtowc.c b/lib/mbrtowc.c
index bbe3f7a..1aad22c 100644
--- a/lib/mbrtowc.c
+++ b/lib/mbrtowc.c
@@ -34,6 +34,7 @@
 # include "localcharset.h"
 # include "streq.h"
 # include "verify.h"
+# include "glthread/lock.h"
 
 # ifndef FALLTHROUGH
 #  if __GNUC__ < 7
@@ -75,7 +76,7 @@ locale_enc (void)
   return enc_other;
 }
 
-#if GNULIB_WCHAR_SINGLE
+# if GNULIB_WCHAR_SINGLE
 /* When we know that the locale does not change, provide a speedup by
    caching the value of locale_enc.  */
 static int cached_locale_enc = -1;
@@ -86,10 +87,14 @@ locale_enc_cached (void)
     cached_locale_enc = locale_enc ();
   return cached_locale_enc;
 }
-#else
+# else
 /* By default, don't make assumptions, hence no caching.  */
-# define locale_enc_cached locale_enc
-#endif
+#  define locale_enc_cached locale_enc
+# endif
+
+/* This lock protects the internal state of mbtowc against multiple 
simultaneous
+   calls of mbrtowc.  */
+gl_lock_define_initialized(static, mbtowc_lock)
 
 verify (sizeof (mbstate_t) >= 4);
 
@@ -120,6 +125,8 @@ mbrtowc (wchar_t *pwc, const char *s, size_t n, mbstate_t 
*ps)
     char buf[4];
     const char *p;
     size_t m;
+    enc_t enc;
+    int res;
 
     switch (nstate)
       {
@@ -152,227 +159,296 @@ mbrtowc (wchar_t *pwc, const char *s, size_t n, 
mbstate_t *ps)
 
     /* Here m > 0.  */
 
-# if __GLIBC__ || defined __UCLIBC__
-    /* Work around bug <https://sourceware.org/bugzilla/show_bug.cgi?id=9674> 
*/
-    mbtowc (NULL, NULL, 0);
-# endif
-    {
-      int res = mbtowc (pwc, p, m);
+    enc = locale_enc_cached ();
 
-      if (res >= 0)
-        {
-          if (pwc != NULL && ((*pwc == 0) != (res == 0)))
-            abort ();
-          if (nstate >= (res > 0 ? res : 1))
-            abort ();
-          res -= nstate;
-          pstate[0] = 0;
-          return res;
-        }
+    if (enc == enc_utf8) /* UTF-8 */
+      {
+        /* Achieve multi-thread safety by not calling mbtowc() at all.  */
+        /* Cf. unistr/u8-mbtouc.c.  */
+        unsigned char c = (unsigned char) p[0];
 
-      /* mbtowc does not distinguish between invalid and incomplete multibyte
-         sequences.  But mbrtowc needs to make this distinction.
-         There are two possible approaches:
-           - Use iconv() and its return value.
-           - Use built-in knowledge about the possible encodings.
-         Given the low quality of implementation of iconv() on the systems that
-         lack mbrtowc(), we use the second approach.
-         The possible encodings are:
-           - 8-bit encodings,
-           - EUC-JP, EUC-KR, GB2312, EUC-TW, BIG5, GB18030, SJIS,
-           - UTF-8.
-         Use specialized code for each.  */
-      if (m >= 4 || m >= MB_CUR_MAX)
-        goto invalid;
-      /* Here MB_CUR_MAX > 1 and 0 < m < 4.  */
-      switch (locale_enc_cached ())
-        {
-        case enc_utf8: /* UTF-8 */
+        if (c < 0x80)
           {
-            /* Cf. unistr/u8-mblen.c.  */
-            unsigned char c = (unsigned char) p[0];
-
-            if (c >= 0xc2)
-              {
-                if (c < 0xe0)
-                  {
-                    if (m == 1)
-                      goto incomplete;
-                  }
-                else if (c < 0xf0)
-                  {
-                    if (m == 1)
-                      goto incomplete;
-                    if (m == 2)
-                      {
-                        unsigned char c2 = (unsigned char) p[1];
-
-                        if ((c2 ^ 0x80) < 0x40
-                            && (c >= 0xe1 || c2 >= 0xa0)
-                            && (c != 0xed || c2 < 0xa0))
-                          goto incomplete;
-                      }
-                  }
-                else if (c <= 0xf4)
-                  {
-                    if (m == 1)
-                      goto incomplete;
-                    else /* m == 2 || m == 3 */
-                      {
-                        unsigned char c2 = (unsigned char) p[1];
-
-                        if ((c2 ^ 0x80) < 0x40
-                            && (c >= 0xf1 || c2 >= 0x90)
-                            && (c < 0xf4 || (c == 0xf4 && c2 < 0x90)))
-                          {
-                            if (m == 2)
-                              goto incomplete;
-                            else /* m == 3 */
-                              {
-                                unsigned char c3 = (unsigned char) p[2];
-
-                                if ((c3 ^ 0x80) < 0x40)
-                                  goto incomplete;
-                              }
-                          }
-                      }
-                  }
-              }
-            goto invalid;
+            if (pwc != NULL)
+              *pwc = c;
+            res = (c == 0 ? 0 : 1);
+            goto success;
           }
-
-        /* As a reference for this code, you can use the GNU libiconv
-           implementation.  Look for uses of the RET_TOOFEW macro.  */
-
-        case enc_eucjp: /* EUC-JP */
+        if (c >= 0xc2)
           {
-            if (m == 1)
+            if (c < 0xe0)
               {
-                unsigned char c = (unsigned char) p[0];
-
-                if ((c >= 0xa1 && c < 0xff) || c == 0x8e || c == 0x8f)
+                if (m == 1)
                   goto incomplete;
-              }
-            if (m == 2)
-              {
-                unsigned char c = (unsigned char) p[0];
-
-                if (c == 0x8f)
+                else /* m >= 2 */
                   {
                     unsigned char c2 = (unsigned char) p[1];
 
-                    if (c2 >= 0xa1 && c2 < 0xff)
-                      goto incomplete;
+                    if ((c2 ^ 0x80) < 0x40)
+                      {
+                        if (pwc != NULL)
+                          *pwc = ((unsigned int) (c & 0x1f) << 6)
+                                 | (unsigned int) (c2 ^ 0x80);
+                        res = 2;
+                        goto success;
+                      }
                   }
               }
-            goto invalid;
-          }
-
-        case enc_94: /* EUC-KR, GB2312, BIG5 */
-          {
-            if (m == 1)
+            else if (c < 0xf0)
               {
-                unsigned char c = (unsigned char) p[0];
-
-                if (c >= 0xa1 && c < 0xff)
+                if (m == 1)
                   goto incomplete;
-              }
-            goto invalid;
-          }
-
-        case enc_euctw: /* EUC-TW */
-          {
-            if (m == 1)
-              {
-                unsigned char c = (unsigned char) p[0];
+                else
+                  {
+                    unsigned char c2 = (unsigned char) p[1];
 
-                if ((c >= 0xa1 && c < 0xff) || c == 0x8e)
-                  goto incomplete;
-              }
-            else /* m == 2 || m == 3 */
-              {
-                unsigned char c = (unsigned char) p[0];
+                    if ((c2 ^ 0x80) < 0x40
+                        && (c >= 0xe1 || c2 >= 0xa0)
+                        && (c != 0xed || c2 < 0xa0))
+                      {
+                        if (m == 2)
+                          goto incomplete;
+                        else /* m >= 3 */
+                          {
+                            unsigned char c3 = (unsigned char) p[2];
 
-                if (c == 0x8e)
-                  goto incomplete;
+                            if ((c3 ^ 0x80) < 0x40)
+                              {
+                                if (pwc != NULL)
+                                  *pwc = ((unsigned int) (c & 0x0f) << 12)
+                                         | ((unsigned int) (c2 ^ 0x80) << 6)
+                                         | (unsigned int) (c3 ^ 0x80);
+                                res = 3;
+                                goto success;
+                              }
+                          }
+                      }
+                  }
               }
-            goto invalid;
-          }
-
-        case enc_gb18030: /* GB18030 */
-          {
-            if (m == 1)
+            else if (c <= 0xf4)
               {
-                unsigned char c = (unsigned char) p[0];
-
-                if ((c >= 0x90 && c <= 0xe3) || (c >= 0xf8 && c <= 0xfe))
+                if (m == 1)
                   goto incomplete;
-              }
-            else /* m == 2 || m == 3 */
-              {
-                unsigned char c = (unsigned char) p[0];
-
-                if (c >= 0x90 && c <= 0xe3)
+                else
                   {
                     unsigned char c2 = (unsigned char) p[1];
 
-                    if (c2 >= 0x30 && c2 <= 0x39)
+                    if ((c2 ^ 0x80) < 0x40
+                        && (c >= 0xf1 || c2 >= 0x90)
+                        && (c < 0xf4 || (c == 0xf4 && c2 < 0x90)))
                       {
                         if (m == 2)
                           goto incomplete;
-                        else /* m == 3 */
+                        else
                           {
                             unsigned char c3 = (unsigned char) p[2];
 
-                            if (c3 >= 0x81 && c3 <= 0xfe)
-                              goto incomplete;
+                            if ((c3 ^ 0x80) < 0x40)
+                              {
+                                if (m == 3)
+                                  goto incomplete;
+                                else /* m >= 4 */
+                                  {
+                                    unsigned char c4 = (unsigned char) p[3];
+
+                                    if ((c4 ^ 0x80) < 0x40)
+                                      {
+                                        if (pwc != NULL)
+                                          *pwc = ((unsigned int) (c & 0x07) << 
18)
+                                                 | ((unsigned int) (c2 ^ 0x80) 
<< 12)
+                                                 | ((unsigned int) (c3 ^ 0x80) 
<< 6)
+                                                 | (unsigned int) (c4 ^ 0x80);
+                                        res = 4;
+                                        goto success;
+                                      }
+                                  }
+                              }
                           }
                       }
                   }
               }
-            goto invalid;
           }
+        goto invalid;
+      }
+    else
+      {
+        /* The hidden internal state of mbtowc would make this function not
+           multi-thread safe.  Achieve multi-thread safety through a lock.  */
+        gl_lock_lock (mbtowc_lock);
 
-        case enc_sjis: /* SJIS */
-          {
-            if (m == 1)
-              {
-                unsigned char c = (unsigned char) p[0];
+        /* Put the hidden internal state of mbtowc into its initial state.
+           This is needed at least with glibc, uClibc, and MSVC CRT.
+           See <https://sourceware.org/bugzilla/show_bug.cgi?id=9674>.  */
+        mbtowc (NULL, NULL, 0);
 
-                if ((c >= 0x81 && c <= 0x9f) || (c >= 0xe0 && c <= 0xea)
-                    || (c >= 0xf0 && c <= 0xf9))
-                  goto incomplete;
-              }
-            goto invalid;
-          }
+        res = mbtowc (pwc, p, m);
 
-        default:
-          /* An unknown multibyte encoding.  */
-          goto incomplete;
-        }
+        gl_lock_unlock (mbtowc_lock);
 
-     incomplete:
-      {
-        size_t k = nstate;
-        /* Here 0 <= k < m < 4.  */
-        pstate[++k] = s[0];
-        if (k < m)
+        if (res >= 0)
+          {
+            if (pwc != NULL && ((*pwc == 0) != (res == 0)))
+              abort ();
+            goto success;
+          }
+
+        /* mbtowc does not distinguish between invalid and incomplete multibyte
+           sequences.  But mbrtowc needs to make this distinction.
+           There are two possible approaches:
+             - Use iconv() and its return value.
+             - Use built-in knowledge about the possible encodings.
+           Given the low quality of implementation of iconv() on the systems
+           that lack mbrtowc(), we use the second approach.
+           The possible encodings are:
+             - 8-bit encodings,
+             - EUC-JP, EUC-KR, GB2312, EUC-TW, BIG5, GB18030, SJIS,
+             - UTF-8 (already handled above).
+           Use specialized code for each.  */
+        if (m >= 4 || m >= MB_CUR_MAX)
+          goto invalid;
+        /* Here MB_CUR_MAX > 1 and 0 < m < 4.  */
+        switch (enc)
           {
-            pstate[++k] = s[1];
-            if (k < m)
-              pstate[++k] = s[2];
+          /* As a reference for this code, you can use the GNU libiconv
+             implementation.  Look for uses of the RET_TOOFEW macro.  */
+
+          case enc_eucjp: /* EUC-JP */
+            {
+              if (m == 1)
+                {
+                  unsigned char c = (unsigned char) p[0];
+
+                  if ((c >= 0xa1 && c < 0xff) || c == 0x8e || c == 0x8f)
+                    goto incomplete;
+                }
+              if (m == 2)
+                {
+                  unsigned char c = (unsigned char) p[0];
+
+                  if (c == 0x8f)
+                    {
+                      unsigned char c2 = (unsigned char) p[1];
+
+                      if (c2 >= 0xa1 && c2 < 0xff)
+                        goto incomplete;
+                    }
+                }
+              goto invalid;
+            }
+
+          case enc_94: /* EUC-KR, GB2312, BIG5 */
+            {
+              if (m == 1)
+                {
+                  unsigned char c = (unsigned char) p[0];
+
+                  if (c >= 0xa1 && c < 0xff)
+                    goto incomplete;
+                }
+              goto invalid;
+            }
+
+          case enc_euctw: /* EUC-TW */
+            {
+              if (m == 1)
+                {
+                  unsigned char c = (unsigned char) p[0];
+
+                  if ((c >= 0xa1 && c < 0xff) || c == 0x8e)
+                    goto incomplete;
+                }
+              else /* m == 2 || m == 3 */
+                {
+                  unsigned char c = (unsigned char) p[0];
+
+                  if (c == 0x8e)
+                    goto incomplete;
+                }
+              goto invalid;
+            }
+
+          case enc_gb18030: /* GB18030 */
+            {
+              if (m == 1)
+                {
+                  unsigned char c = (unsigned char) p[0];
+
+                  if ((c >= 0x90 && c <= 0xe3) || (c >= 0xf8 && c <= 0xfe))
+                    goto incomplete;
+                }
+              else /* m == 2 || m == 3 */
+                {
+                  unsigned char c = (unsigned char) p[0];
+
+                  if (c >= 0x90 && c <= 0xe3)
+                    {
+                      unsigned char c2 = (unsigned char) p[1];
+
+                      if (c2 >= 0x30 && c2 <= 0x39)
+                        {
+                          if (m == 2)
+                            goto incomplete;
+                          else /* m == 3 */
+                            {
+                              unsigned char c3 = (unsigned char) p[2];
+
+                              if (c3 >= 0x81 && c3 <= 0xfe)
+                                goto incomplete;
+                            }
+                        }
+                    }
+                }
+              goto invalid;
+            }
+
+          case enc_sjis: /* SJIS */
+            {
+              if (m == 1)
+                {
+                  unsigned char c = (unsigned char) p[0];
+
+                  if ((c >= 0x81 && c <= 0x9f) || (c >= 0xe0 && c <= 0xea)
+                      || (c >= 0xf0 && c <= 0xf9))
+                    goto incomplete;
+                }
+              goto invalid;
+            }
+
+          default:
+            /* An unknown multibyte encoding.  */
+            goto incomplete;
           }
-        if (k != m)
-          abort ();
       }
-      pstate[0] = m;
-      return (size_t)(-2);
 
-     invalid:
-      errno = EILSEQ;
-      /* The conversion state is undefined, says POSIX.  */
-      return (size_t)(-1);
+   success:
+    /* res >= 0 is the corrected return value of mbtowc (pwc, p, m).  */
+    if (nstate >= (res > 0 ? res : 1))
+      abort ();
+    res -= nstate;
+    pstate[0] = 0;
+    return res;
+
+   incomplete:
+    {
+      size_t k = nstate;
+      /* Here 0 <= k < m < 4.  */
+      pstate[++k] = s[0];
+      if (k < m)
+        {
+          pstate[++k] = s[1];
+          if (k < m)
+            pstate[++k] = s[2];
+        }
+      if (k != m)
+        abort ();
     }
+    pstate[0] = m;
+    return (size_t)(-2);
+
+   invalid:
+    errno = EILSEQ;
+    /* The conversion state is undefined, says POSIX.  */
+    return (size_t)(-1);
   }
 }
 
diff --git a/modules/mbrtowc b/modules/mbrtowc
index bd951ae..83f3428 100644
--- a/modules/mbrtowc
+++ b/modules/mbrtowc
@@ -18,6 +18,7 @@ mbsinit         [test $HAVE_MBRTOWC = 0 || test 
$REPLACE_MBRTOWC = 1]
 localcharset    [test $HAVE_MBRTOWC = 0 || test $REPLACE_MBRTOWC = 1]
 streq           [test $HAVE_MBRTOWC = 0 || test $REPLACE_MBRTOWC = 1]
 verify          [test $HAVE_MBRTOWC = 0 || test $REPLACE_MBRTOWC = 1]
+lock            [test $HAVE_MBRTOWC = 0 || { test $REPLACE_MBRTOWC = 1 && { 
test $HAVE_MBSINIT = 0 || test $REPLACE_MBSTATE_T = 1; }; }]
 
 configure.ac:
 gl_FUNC_MBRTOWC




reply via email to

[Prev in Thread] Current Thread [Next in Thread]