This patch fixes two issues, and perhaps should be two distinct commits,
but I present it here as one for the sake of completeness.
Commit 006dd86111 fails to check malloc's
return in intl/dcigettext.c (_nl_find_msg):
~~~
freemem_size = INITIAL_BLOCK_SIZE;
newmem = (transmem_block_t *) malloc (freemem_size);
...
newmem->next = transmem_list;
transmem_list = newmem;
~~~
If malloc fails then newmem is NULL then newmem->next results in a
fault.
The fix is easy enough, check for newmem != NULL, and fall through to
the error condition below which returns (char *) -1 e.g. resource error.
The problem is that returning (char *) -1 will break all sorts of other
code, so while what we did is correct, the real failure case fix is
slightly broader.
There are 4 other places where _nl_find_msg is called, one is OK, the
other three are fixed to handle -1 error return value.
No regressions on x86-64 or x86.
However, no regressions isn't really a useful metric for this code.
The change was tested as documented here:
http://sourceware.org/glibc/wiki/Testing/WhiteBox
using SystemTap for fault injection to simulate malloc failure.
---
2013-05-03 Carlos O'Donell <carlos at redhat.com>
[BZ #15441]
* intl/dcigettext.c (DCIGETTEXT): Skip translating if _nl_find_msg
returns -1.
(_nl_find_msg): Return -1 if recursive call returned -1. If newmem is
null return -1.
* intl/loadmsgcat.c (_nl_load_domain): If _nl_find_msg returns -1 abort
loading the domain.
2008-03-30 Ulrich Drepper <drepper@redhat.com>
[BZ #5443]
* intl/dcigettext.c (__dcigettext): Get reader lock for locale data
before looking for translation.
* locale/duplocale.c: Transform __libc_setlocale_lock into rwlock.
* locale/freelocale.c: Likewise.
* locale/newlocale.c: Likewise.
* locale/setlocale.c: Likewise.
Based partially on a patch by ryo@np.css.fujitsu.com.
acquiring wrlock. Do conv_tab allocation while holding lock.
* intl/Makefile: Add rules to build and run tst-gettext6.
* intl/tst-gettext6.c: New test.
* intl/tst-gettext6.sh: New file.
2007-10-28 Ulrich Drepper <drepper@redhat.com>
[BZ #5222]
* elf/dl-load.c (_dl_rtld_di_serinfo): Correct handling of short
path elements in counting mode.
failed.
* intl/finddomain.c (_nl_find_domain): Free normalized_codeset
on failure.
* elf/dl-load.c (decompose_rpath): Free copy if result couldn't be
allocated.
2007-08-03 Jakub Jelinek <jakub@redhat.com>
void **.
* nss/nsswitch.h (service_user): Use void * type for KNOWN field.
* nss/nss_files/files-hosts.c (LINE_PARSER): Cast host_addr to
char * to avoid warning.
* nis/nss_nis/nis-hosts.c (LINE_PARSER): Likewise.
* timezone/Makefile (CFLAGS-zdump.c): Add -fwrapv.
* locale/programs/ld-ctype.c (ctype_finish, set_class_defaults,
allocate_arrays): Cast second argument to charmap_find_symbol
to char * to avoid warnings.
* locale/programs/repertoire.c (repertoire_new_char): Change
from_nr, to_nr and cnt to unsigned long, adjust printf format
string.
* locale/programs/ld-collate.c (insert_value, handle_ellipsis):
Cast second argument to new_element to char * to avoid warnings.
* locale/weightwc.h (findidx): Cast &extra[-i] to const int32_t *.
* intl/gettextP.h (struct loaded_domain): Change plural to const
struct expression *.
* intl/plural-eval.c (plural_eval): Change first argument to
const struct expression *.
* intl/plural-exp.c (EXTRACT_PLURAL_EXPRESSION): Change first
argument to const struct expression **.
* intl/plural-exp.h (EXTRACT_PLURAL_EXPRESSION, plural_eval): Adjust
prototypes.
* intl/loadmsgcat (_nl_unload_domain): Cast away const
in call to __gettext_free_exp.
* posix/fnmatch.c (fnmatch): Rearrange code to avoid maybe
unitialized wstring/wpattern var warnings.
* posix/runtests.c (struct a_test): Make data field const char *.
* stdio-common/tst-sprintf2.c (main): Don't declere u, v and buf
vars if not LDBL_MANT_DIG >= 106.
* stdio-common/Makefile (CFLAGS-vfwprintf.c): Add -Wno-unitialized.
* stdio-common/vfprintf.c (vfprintf): Cast first arugment to
__find_specmb to avoid warning.
* rt/tst-mqueue1.c (do_one_test): Add casts to avoid warnings.
* debug/test-strcpy_chk.c (do_tests, do_random_tests): Add casts
to avoid warnings.
* sysdeps/ieee754/ldbl-96/s_roundl.c (huge): Add L suffix to
initializer.
* sysdeps/unix/clock_gettime.c (clock_gettime): Only define
tv var when it will be actually used.
* sunrpc/rpc_cmsg.c (xdr_callmsg): Cast IXDR_PUT_* to void
to avoid warnings.
* iconv/gconv_cache.c (__gconv_lookup_cache): Return __GCONV_NULCONV
if from and to charsets are the same.
* iconv/gconv_db.c (__gconv_find_transform): Likewise.
* intl/dcigettext.c (_nl_find_msg): Return NULL even if __gconv_open
returns __GCONV_NOCONV, but not for __GCONV_NULCONV.
2007-07-17 Jakub Jelinek <jakub@redhat.com>
* wcsmbs/wchar.h: Only define wint_t if __need_wint_t.
Don't define wint_t when __need_mbstate_t unless it
is necessary.
(__mbstate_t): Use __WINT_TYPE__ rather than wint_t
in the typedef if possible.
* wctype/wctype.h (wint_t): Define by including
wchar.h with __need_wint_t instead of including stddef.h
with __need_wint_t and as fallback definining it ourselves.
* iconv/gconv.h (__need_wint_t): Define before including
wchar.h.
* sysdeps/gnu/_G_config.h: Don't include gconv.h if not _LIBC
or _GLIBCPP_USE_WCHAR_T.
(__need_wchar_t): Don't define
if not _LIBC or _GLIBCPP_USE_WCHAR_T.
(__need_wint_t): Don't define before including stddef.h,
define before including wchar.h only if _LIBC or
_GLIBCPP_USE_WCHAR_T.
(_G_iconv_t): Don't define if not _LIBC or _GLIBCPP_USE_WCHAR_T.
* sysdeps/mach/hurd/_G_config.h: Likewise.
* sysdeps/generic/_G_config.h: Likewise.
* libio/libio.h (__wunderflow, __wuflow, __woverflow): Only
prototype if _LIBC or _GLIBCPP_USE_WCHAR_T.
(_IO_getwc_unlocked, _IO_putwc_unlocked): Only define
if _LIBC or _GLIBCPP_USE_WCHAR_T.
look further, return original strings.
(_nl_find_msg): Do not return found translation if the conversion
failed. Either signal the string is unusable or that something went
wrong and the original should be used.
2006-06-21 Ulrich Drepper <drepper@redhat.com>
* string/_strerror.c (__strerror_r): Add __builtin_expect.
