[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Question regarding incomplete UTF-8 arguments.
From: |
Tetsuo Handa |
Subject: |
Question regarding incomplete UTF-8 arguments. |
Date: |
Sat, 23 Feb 2013 23:38:49 +0900 |
Hello.
idna_to_unicode_8z8z from "info libidn" says:
idna_to_unicode_8z8z
--------------------
-- Function: int idna_to_unicode_8z8z (const char * INPUT, char **
OUTPUT, int FLAGS)
INPUT: zero-terminated UTF-8 string.
OUTPUT: pointer to newly allocated output UTF-8 string.
FLAGS: an `Idna_flags' value, e.g., `IDNA_ALLOW_UNASSIGNED' or
`IDNA_USE_STD3_ASCII_RULES'.
Convert possibly ACE encoded domain name in UTF-8 format into a
UTF-8 string. The domain name may contain several labels,
separated by dots. The output buffer must be deallocated by the
caller.
*Return value:* Returns `IDNA_SUCCESS' on success, or error code.
Accroding to http://sourceforge.net/mailarchive/message.php?msg_id=30509057 ,
it is a bug of GNU libidn library that the incomplete "zero-terminated UTF-8
string." argument leading to read overrun.
Regards.
Below is result with libidn-1.18-2.el6.i686 .
address@hidden ~]$ cat idn.c
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <idna.h>
int main(int ragc, char *argv[])
{
char *ptr = NULL;
char *src = strdup("address@hidden");
if (idna_to_unicode_8z8z(src, &ptr, 0) == IDNA_SUCCESS)
free(ptr);
free(src);
return 0;
}
address@hidden ~]$ gcc -Wall -g idn.c -lidn
address@hidden ~]$ valgrind ./a.out
==1515== Memcheck, a memory error detector
==1515== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==1515== Using Valgrind-3.6.0 and LibVEX; rerun with -h for copyright info
==1515== Command: ./a.out
==1515==
==1515== Invalid read of size 1
==1515== at 0x4035701: stringprep_utf8_to_ucs4 (in /lib/libidn.so.11.6.1)
==1515== by 0x4037BD9: idna_to_unicode_8z4z (in /lib/libidn.so.11.6.1)
==1515== by 0x4037C46: idna_to_unicode_8z8z (in /lib/libidn.so.11.6.1)
==1515== by 0x80484C0: main (idn.c:10)
==1515== Address 0x41fc03b is 1 bytes after a block of size 18 alloc'd
==1515== at 0x402682F: malloc (vg_replace_malloc.c:236)
==1515== by 0x40DE41F: strdup (in /lib/libc-2.12.so)
==1515== by 0x80484A0: main (idn.c:9)
==1515==
==1515== Invalid read of size 1
==1515== at 0x4035620: stringprep_utf8_to_ucs4 (in /lib/libidn.so.11.6.1)
==1515== by 0x4037BD9: idna_to_unicode_8z4z (in /lib/libidn.so.11.6.1)
==1515== by 0x4037C46: idna_to_unicode_8z8z (in /lib/libidn.so.11.6.1)
==1515== by 0x80484C0: main (idn.c:10)
==1515== Address 0x41fc03a is 0 bytes after a block of size 18 alloc'd
==1515== at 0x402682F: malloc (vg_replace_malloc.c:236)
==1515== by 0x40DE41F: strdup (in /lib/libc-2.12.so)
==1515== by 0x80484A0: main (idn.c:9)
==1515==
==1515==
==1515== HEAP SUMMARY:
==1515== in use at exit: 0 bytes in 0 blocks
==1515== total heap usage: 14 allocs, 14 frees, 549 bytes allocated
==1515==
==1515== All heap blocks were freed -- no leaks are possible
==1515==
==1515== For counts of detected and suppressed errors, rerun with: -v
==1515== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 15 from 8)
address@hidden ~]$
Same result for libidn-1.24 built with default configure options.
address@hidden ~]$ valgrind ./a.out
==11642== Memcheck, a memory error detector
==11642== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==11642== Using Valgrind-3.6.0 and LibVEX; rerun with -h for copyright info
==11642== Command: ./a.out
==11642==
==11642== Invalid read of size 1
==11642== at 0x4035598: stringprep_utf8_to_ucs4 (nfkc.c:399)
==11642== by 0x40379F8: idna_to_unicode_8z4z (idna.c:715)
==11642== by 0x4037A65: idna_to_unicode_8z8z (idna.c:745)
==11642== by 0x80484C0: main (idn.c:10)
==11642== Address 0x41fb03b is 1 bytes after a block of size 18 alloc'd
==11642== at 0x402682F: malloc (vg_replace_malloc.c:236)
==11642== by 0x40DD41F: strdup (in /lib/libc-2.12.so)
==11642== by 0x80484A0: main (idn.c:9)
==11642==
==11642== Invalid read of size 1
==11642== at 0x4035563: stringprep_utf8_to_ucs4 (nfkc.c:447)
==11642== by 0x40379F8: idna_to_unicode_8z4z (idna.c:715)
==11642== by 0x4037A65: idna_to_unicode_8z8z (idna.c:745)
==11642== by 0x80484C0: main (idn.c:10)
==11642== Address 0x41fb03a is 0 bytes after a block of size 18 alloc'd
==11642== at 0x402682F: malloc (vg_replace_malloc.c:236)
==11642== by 0x40DD41F: strdup (in /lib/libc-2.12.so)
==11642== by 0x80484A0: main (idn.c:9)
==11642==
==11642==
==11642== HEAP SUMMARY:
==11642== in use at exit: 0 bytes in 0 blocks
==11642== total heap usage: 14 allocs, 14 frees, 549 bytes allocated
==11642==
==11642== All heap blocks were freed -- no leaks are possible
==11642==
==11642== For counts of detected and suppressed errors, rerun with: -v
==11642== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 15 from 8)
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Question regarding incomplete UTF-8 arguments.,
Tetsuo Handa <=