From 363a98991884a744e78b9bfc7df89768901c0816 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Ond=C5=99ej=20B=C3=ADlka?= Date: Tue, 16 Dec 2014 00:09:32 +0100 Subject: [PATCH] Return allocated array instead of unallocated. In locale/programs/ld-ctype.c we returned array that was on stack. Fixed by returning static array instead. --- ChangeLog | 6 ++++++ NEWS | 2 +- locale/programs/ld-ctype.c | 16 ++++++++-------- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 85d0123..ebfaa0a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2014-12-15 Ondřej Bílka + + [BZ #17657] + * locale/programs/ld-ctype.c (find_translit2, read_widestring): Return + static array. + 2014-12-15 Bernard Ogden * nptl/lowlevellock.c (__lll_lock_wait_private): Add comments. diff --git a/NEWS b/NEWS index a324c10..3556ecd 100644 --- a/NEWS +++ b/NEWS @@ -14,7 +14,7 @@ Version 2.21 17363, 17370, 17371, 17411, 17460, 17475, 17485, 17501, 17506, 17508, 17522, 17555, 17570, 17571, 17572, 17573, 17574, 17581, 17582, 17583, 17584, 17585, 17589, 17594, 17601, 17608, 17616, 17625, 17633, 17634, - 17647, 17653, 17664, 17665, 17668, 17682. + 17647, 17653, 17657, 17664, 17665, 17668, 17682. * CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag under certain input conditions resulting in the execution of a shell for diff --git a/locale/programs/ld-ctype.c b/locale/programs/ld-ctype.c index 67846b3..b2e8c82 100644 --- a/locale/programs/ld-ctype.c +++ b/locale/programs/ld-ctype.c @@ -114,6 +114,9 @@ struct translit_include_t struct translit_include_t *next; }; +/* Provide some dummy pointer for empty string. */ +static uint32_t no_str[] = { 0 }; + /* Sparse table of uint32_t. */ #define TABLE idx_table @@ -1777,7 +1780,7 @@ find_translit2 (struct locale_ctype_t *ctype, const struct charmap_t *charmap, for (wi = tirunp->from; wi <= wch; wi += tirunp->step) if (wi == wch) - return (uint32_t []) { 0 }; + return no_str; } } @@ -1831,7 +1834,7 @@ read_widestring (struct linereader *ldfile, struct token *now, if (now->tok == tok_default_missing) /* The special name "" will denote this case. */ - wstr = ((uint32_t *) { 0 }); + wstr = no_str; else if (now->tok == tok_bsymbol) { /* Get the value from the repertoire. */ @@ -4090,12 +4093,9 @@ allocate_arrays (struct locale_ctype_t *ctype, const struct charmap_t *charmap, } else { - /* Provide some dummy pointers since we have nothing to write out. */ - static uint32_t no_str = { 0 }; - - ctype->translit_from_idx = &no_str; - ctype->translit_from_tbl = &no_str; - ctype->translit_to_tbl = &no_str; + ctype->translit_from_idx = no_str; + ctype->translit_from_tbl = no_str; + ctype->translit_to_tbl = no_str; ctype->translit_idx_size = 0; ctype->translit_from_tbl_size = 0; ctype->translit_to_tbl_size = 0; -- 2.7.4