Resolves: #959034

- Fix _nl_find_msg malloc failure case, and callers. (#959034).
2013-05-05 20:19:47 -04:00 · 2013-05-05 20:19:47 -04:00 · e1a168f8a9
commit e1a168f8a9
parent 3432a46817
2 changed files with 86 additions and 1 deletions
--- a/glibc-rh959034.patch
+++ b/glibc-rh959034.patch
@ -0,0 +1,80 @@
+2013-05-03  Carlos O'Donell  <carlos at redhat.com>
+
+	* intl/dcigettext.c (DCIGETTEXT): Skip translating if _nl_find_msg returns -1.
+	(_nl_find_msg): Return -1 if recursive call returned -1. If newmem is null
+	return -1.
+	* intl/loadmsgcat.c (_nl_load_domain): If _nl_find_msg returns -1 abort
+	loading the domain.
+
+diff --git a/intl/dcigettext.c b/intl/dcigettext.c
+index 110307b..f4aa215 100644
+--- a/intl/dcigettext.c
+++ b/intl/dcigettext.c
+@@ -638,6 +638,11 @@ DCIGETTEXT (domainname, msgid1, msgid2, plural, n, category)
+ 		  retval = _nl_find_msg (domain->successor[cnt], binding,
+ 					 msgid1, 1, &retlen);
+ 
+		  /* Resource problems are not fatal, instead we return no
+		     translation.  */
+		  if (__builtin_expect (retval == (char *) -1, 0))
+		    goto no_translation;
+
+ 		  if (retval != NULL)
+ 		    {
+ 		      domain = domain->successor[cnt];
+@@ -941,6 +946,11 @@ _nl_find_msg (domain_file, domainbinding, msgid, convert, lengthp)
+ 	    nullentry =
+ 	      _nl_find_msg (domain_file, domainbinding, "", 0, &nullentrylen);
+ 
+	    /* Resource problems are fatal.  If we continue onwards we will
+	       only attempt to calloc a new conv_tab and fail later.  */
+	    if (__builtin_expect (nullentry == (char *) -1, 0))
+	      return (char *) -1;
+
+ 	    if (nullentry != NULL)
+ 	      {
+ 		const char *charsetstr;
+@@ -1170,10 +1180,14 @@ _nl_find_msg (domain_file, domainbinding, msgid, convert, lengthp)
+ 		      freemem_size = INITIAL_BLOCK_SIZE;
+ 		      newmem = (transmem_block_t *) malloc (freemem_size);
+ # ifdef _LIBC
+-		      /* Add the block to the list of blocks we have to free
+-			 at some point.  */
+-		      newmem->next = transmem_list;
+-		      transmem_list = newmem;
+		      if (newmem != NULL)
+			{
+			  /* Add the block to the list of blocks we have to free
+			     at some point.  */
+			  newmem->next = transmem_list;
+			  transmem_list = newmem;
+			}
+		      /* Fall through and return -1.  */
+ # endif
+ 		    }
+ 		  if (__builtin_expect (newmem == NULL, 0))
+diff --git a/intl/loadmsgcat.c b/intl/loadmsgcat.c
+index e4b7b38..ac90ed1 100644
+--- a/intl/loadmsgcat.c
+++ b/intl/loadmsgcat.c
+@@ -1237,7 +1237,7 @@ _nl_load_domain (domain_file, domainbinding)
+     default:
+       /* This is an invalid revision.  */
+     invalid:
+-      /* This is an invalid .mo file.  */
+      /* This is an invalid .mo file or we ran out of resources.  */
+       free (domain->malloced);
+ #ifdef HAVE_MMAP
+       if (use_mmap)
+@@ -1257,6 +1257,11 @@ _nl_load_domain (domain_file, domainbinding)
+ 
+   /* Get the header entry and look for a plural specification.  */
+   nullentry = _nl_find_msg (domain_file, domainbinding, "", 0, &nullentrylen);
+  if (__builtin_expect (nullentry == (char *) -1, 0))
+    {
+      __libc_rwlock_fini (domain->conversions_lock);
+      goto invalid;
+    }
+   EXTRACT_PLURAL_EXPRESSION (nullentry, &domain->plural, &domain->nplurals);
+ 
+  out:
--- a/glibc.spec
+++ b/glibc.spec
@ -27,7 +27,7 @@
 Summary: The GNU libc libraries
 Name: glibc
 Version: %{glibcversion}
-Release: 7%{?dist}
+Release: 8%{?dist}
 # GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
 # Things that are linked directly into dynamically linked programs
 # and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional
@ -110,6 +110,7 @@ Patch0034: %{name}-fedora-elf-init-hidden_undef.patch
 Patch0035: %{name}-rh911307.patch
 Patch0036: %{name}-rh892777.patch
 Patch0037: %{name}-rh952799.patch
+Patch0038: %{name}-rh959034.patch

 #
 # Patches from upstream
@ -412,6 +413,7 @@ package or when debugging this package.
 %patch0037 -p1
 %patch2029 -p1
 %patch1030 -p1
+%patch0038 -p1

 # On powerpc32, hp timing is only available in power4/power6
 # libs, not in base, so pre-power4 dynamic linker is incompatible
@ -1211,6 +1213,9 @@ rm -f *.filelist*
 %endif

 %changelog
+* Sun May  5 2013 Patsy Franklin <pfrankli@redhat.com> - 2.17-8
+  - Fix _nl_find_msg malloc failure case, and callers. (#959034).
+
 * Tue Apr 23 2013 Patsy Franklin <pfrankli@redhat.com> - 2.17-7
  - Test init_fct for NULL, not result->__init_fct, after demangling (#952799).