diff --git a/ChangeLog b/ChangeLog index 3d61c09bb4..371d384d43 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ 2004-09-25 Ulrich Drepper + * locale/loadlocale.c (_nl_intern_locale_data): Recognize LC_CTYPE + data where _nl_value_type_LC_CTYPE does not contain the type + information. Add range checks. + Reported by John Lumby [BZ #356]. + * libio/vasprintf.c (_IO_vasprintf): Fix condition to decide whether to realloc or not. Reported by Pavel Kankovsky [BZ #346]. diff --git a/locale/loadlocale.c b/locale/loadlocale.c index b2d944794f..11ece50a22 100644 --- a/locale/loadlocale.c +++ b/locale/loadlocale.c @@ -1,5 +1,5 @@ /* Functions to read locale data files. - Copyright (C) 1996-2001, 2002, 2003 Free Software Foundation, Inc. + Copyright (C) 1996-2001, 2002, 2003, 2004 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper , 1996. @@ -115,15 +115,45 @@ _nl_intern_locale_data (int category, const void *data, size_t datasize) __set_errno (EINVAL); return NULL; } - if (__builtin_expect (_nl_value_types[category][cnt] == word, 0)) + + /* Determine the type. There is one special case: the LC_CTYPE + category can have more elements than there are in the + _nl_value_type_LC_XYZ array. There are all pointers. */ + switch (category) + { +#define CATTEST(cat) \ + case LC_##cat: \ + assert (cnt < (sizeof (_nl_value_type_LC_##cat) \ + / sizeof (_nl_value_type_LC_##cat[0]))); \ + break + CATTEST (NUMERIC); + CATTEST (TIME); + CATTEST (COLLATE); + CATTEST (MONETARY); + CATTEST (MESSAGES); + CATTEST (PAPER); + CATTEST (NAME); + CATTEST (ADDRESS); + CATTEST (TELEPHONE); + CATTEST (MEASUREMENT); + CATTEST (IDENTIFICATION); + default: + assert (category == LC_CTYPE); + break; + } + + if ((category == LC_CTYPE + && cnt >= (sizeof (_nl_value_type_LC_CTYPE) + / sizeof (_nl_value_type_LC_CTYPE[0]))) + || __builtin_expect (_nl_value_types[category][cnt] != word, 1)) + newdata->values[cnt].string = newdata->filedata + idx; + else { if (idx % __alignof__ (u_int32_t) != 0) goto puntdata; newdata->values[cnt].word = *((const u_int32_t *) (newdata->filedata + idx)); } - else - newdata->values[cnt].string = newdata->filedata + idx; } return newdata;