[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: invalid memory access in idna_to_ascii_8z
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
Re: invalid memory access in idna_to_ascii_8z |
|
Date: |
Thu, 2 Jul 2015 12:46:07 +0200 |
On Thu, Jul 2, 2015 at 11:42 AM, Simon Josefsson <address@hidden> wrote:
>>>>> The attached patches handle the reported issue. However, all functions
>>>>> which use g_utf8_next_char() including g_utf8_strlen() are affected.
>>>> is there anything holding this patch?
>>> I'll add it to the next release... it is cosmetic workaround for a
>>> glibc/gcc/valgrind issue, there is no bug in libidn there.
>> Hello,
>> This issue is not cosmetic. It will cause a crash on any user of
>> libidn.
> Can you give an example?
It is demonstrated by the test I originally attached (check for
invalid encodings).
>> valgrind is only used to demonstrate the out-of-bounds access.
> My understanding was that valgrind hits down on glibc's optimized strlen
> optimization that reads chunks of 4 bytes instead of character by
> character. Libidn allocates only the exact length needed. So strlen
> reads out of bounds.
There is no strlen involved in that issue (the one I reported). The
issue is in the usage of g_utf8_next_char() which will walk past the
string boundaries for specially crafted strings.
regards,
Nikos