GET

Cover Letter Detail

Show a cover letter.

GET /api/1.2/covers/2234023/?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2234023,
    "url": "http://patchwork.ozlabs.org/api/1.2/covers/2234023/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/glibc/cover/20260507081123.482784-1-fberat@redhat.com/",
    "project": {
        "id": 41,
        "url": "http://patchwork.ozlabs.org/api/1.2/projects/41/?format=api",
        "name": "GNU C Library",
        "link_name": "glibc",
        "list_id": "libc-alpha.sourceware.org",
        "list_email": "libc-alpha@sourceware.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20260507081123.482784-1-fberat@redhat.com>",
    "list_archive_url": null,
    "date": "2026-05-07T08:11:21",
    "name": "[v1,0/2] Fix gconv reference count overflow in swscanf",
    "submitter": {
        "id": 84672,
        "url": "http://patchwork.ozlabs.org/api/1.2/people/84672/?format=api",
        "name": "Frédéric Bérat",
        "email": "fberat@redhat.com"
    },
    "mbox": "http://patchwork.ozlabs.org/project/glibc/cover/20260507081123.482784-1-fberat@redhat.com/mbox/",
    "series": [
        {
            "id": 503124,
            "url": "http://patchwork.ozlabs.org/api/1.2/series/503124/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/glibc/list/?series=503124",
            "date": "2026-05-07T08:11:21",
            "name": "Fix gconv reference count overflow in swscanf",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/503124/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/covers/2234023/comments/",
    "headers": {
        "Return-Path": "<libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "libc-alpha@sourceware.org"
        ],
        "Delivered-To": [
            "patchwork-incoming@legolas.ozlabs.org",
            "libc-alpha@sourceware.org"
        ],
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=KaenfoKJ;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org\n (client-ip=2620:52:6:3111::32; helo=vm01.sourceware.org;\n envelope-from=libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org;\n receiver=patchwork.ozlabs.org)",
            "sourceware.org;\n\tdkim=pass (1024-bit key,\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=KaenfoKJ",
            "sourceware.org; dmarc=pass (p=quarantine dis=none)\n header.from=redhat.com",
            "sourceware.org; spf=pass smtp.mailfrom=redhat.com",
            "sourceware.org; arc=none smtp.remote-ip=170.10.133.124"
        ],
        "Received": [
            "from vm01.sourceware.org (vm01.sourceware.org\n [IPv6:2620:52:6:3111::32])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4gB4jZ6dqXz1yKd\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 07 May 2026 18:12:18 +1000 (AEST)",
            "from vm01.sourceware.org (localhost [IPv6:::1])\n\tby sourceware.org (Postfix) with ESMTP id 9155B4BA2E09\n\tfor <incoming@patchwork.ozlabs.org>; Thu,  7 May 2026 08:12:16 +0000 (GMT)",
            "from us-smtp-delivery-124.mimecast.com\n (us-smtp-delivery-124.mimecast.com [170.10.133.124])\n by sourceware.org (Postfix) with ESMTP id 8AFC94BA2E07\n for <libc-alpha@sourceware.org>; Thu,  7 May 2026 08:11:34 +0000 (GMT)",
            "from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com\n (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by\n relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,\n cipher=TLS_AES_256_GCM_SHA384) id us-mta-536-XU7nRbl9PgmydIkEQ8N8lA-1; Thu,\n 07 May 2026 04:11:33 -0400",
            "from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com\n (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS\n id AFD7F18002CF; Thu,  7 May 2026 08:11:31 +0000 (UTC)",
            "from Nymeria-redhat.redhat.com (unknown [10.44.32.35])\n by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with\n ESMTPS\n id 2FC01300019F; Thu,  7 May 2026 08:11:29 +0000 (UTC)"
        ],
        "DKIM-Filter": [
            "OpenDKIM Filter v2.11.0 sourceware.org 9155B4BA2E09",
            "OpenDKIM Filter v2.11.0 sourceware.org 8AFC94BA2E07"
        ],
        "DMARC-Filter": "OpenDMARC Filter v1.4.2 sourceware.org 8AFC94BA2E07",
        "ARC-Filter": "OpenARC Filter v1.0.0 sourceware.org 8AFC94BA2E07",
        "ARC-Seal": "i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1778141494; cv=none;\n b=P8sOgilIwDCX6q9wv8Y2xBMCzOaSQWZVl97gJ3Ui5f/xyzLZCaSDGHDarfY/oprLCQe6GhFqwFld4uWmT9BgaXV7JkUuJ6w4WwYVilYDZkAwVskrvWv4j6wsSHW4KQIyVr8joWFrMeu/Mpk/8hH73/vjsDC9MbN658yVDVbxbs8=",
        "ARC-Message-Signature": "i=1; a=rsa-sha256; d=sourceware.org; s=key;\n t=1778141494; c=relaxed/simple;\n bh=5dq0Az1aSZT8KiXh8Sbvpt60k+V6vnuINUwsL/r1mPQ=;\n h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;\n b=vyJIXW27g/Eq3F24gAj+6bxmqcEM3SxLEgeKHh/Ud69++auunBBcE7DXwCVMrkbXz7/vU7LFFJr7WzgRC/ZwTdfwdOfNGnPdkkRf0CIX7+f5rAdIKdn47IgKanXLJ8eGNqPzJKj3UZipT7aR4mpJdVlA8sm/biLzQNUKa+L0kro=",
        "ARC-Authentication-Results": "i=1; sourceware.org;\n dkim=pass (1024-bit key, unprotected)\n header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=KaenfoKJ",
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n s=mimecast20190719; t=1778141494;\n h=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n to:to:cc:mime-version:mime-version:content-type:content-type:\n content-transfer-encoding:content-transfer-encoding;\n bh=JtU/Lx2BimhUd4281oITc6NtBT4VSKwQArh57EDlhyE=;\n b=KaenfoKJqhiL3P48jdefqGHByb/WCA9jggGuoVIXT/1rZoev+zrw8lLCyx8AQqDyN8IIF8\n LrOY4hGbSPq9VZp+nU8x+3TZUTSFj5fqgzyJ+vKiO+hqreQw0Qb1kELo9CI7cN5TSlm4Ne\n N00FehzH3UCptPCY1T2Bj990jvWRp6E=",
        "X-MC-Unique": "XU7nRbl9PgmydIkEQ8N8lA-1",
        "X-Mimecast-MFC-AGG-ID": "XU7nRbl9PgmydIkEQ8N8lA_1778141492",
        "From": "=?utf-8?b?RnLDqWTDqXJpYyBCw6lyYXQ=?= <fberat@redhat.com>",
        "To": "libc-alpha@sourceware.org, dj@redhat.com, fweimer@redhat.com,\n adhemerval.zanella@linaro.org",
        "Subject": "[PATCH v1 0/2] Fix gconv reference count overflow in swscanf",
        "Date": "Thu,  7 May 2026 10:11:21 +0200",
        "Message-ID": "<20260507081123.482784-1-fberat@redhat.com>",
        "MIME-Version": "1.0",
        "X-Scanned-By": "MIMEDefang 3.4.1 on 10.30.177.4",
        "X-Mimecast-Spam-Score": "0",
        "X-Mimecast-MFC-PROC-ID": "Y92wB7Q9OuPA8mwXFX4yhOCdcXU3-FV9V5iFcO2hZek_1778141492",
        "X-Mimecast-Originator": "redhat.com",
        "Content-Type": "text/plain; charset=UTF-8",
        "Content-Transfer-Encoding": "8bit",
        "X-BeenThere": "libc-alpha@sourceware.org",
        "X-Mailman-Version": "2.1.30",
        "Precedence": "list",
        "List-Id": "Libc-alpha mailing list <libc-alpha.sourceware.org>",
        "List-Unsubscribe": "<https://sourceware.org/mailman/options/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>",
        "List-Archive": "<https://sourceware.org/pipermail/libc-alpha/>",
        "List-Post": "<mailto:libc-alpha@sourceware.org>",
        "List-Help": "<mailto:libc-alpha-request@sourceware.org?subject=help>",
        "List-Subscribe": "<https://sourceware.org/mailman/listinfo/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=subscribe>",
        "Errors-To": "libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org"
    },
    "content": "This series addresses a gconv module reference counter overflow\ntriggered by the `swscanf` family of functions.\n\nThe issue, originally reported by DJ Delorie, occurs because `swscanf`\nutilizes a wide-oriented `FILE` stream allocated on the stack via\n`_IO_strfile_readw`. When initialized, `_IO_fwide` implicitly clones the\nglobal locale's gconv configuration and increments the gconv module's\nreference counter (`__counter`). Because the stream is on the stack, it\ncannot be cleaned up via `fclose()` (which would attempt to `free` the\nstack pointer). Consequently, `__gconv_release_step` is never called,\nleaking the reference counts. Over enough iterations, the 32-bit counter\noverflows, resulting in a fatal abort.\n\nFlorian Weimer correctly pointed out that if we open the gconv modules\nwith `RTLD_NODELETE`, we wouldn't need to track references for\n`dlclose`. However, upon further investigation of the codebase, removing\nthe `__counter` tracking entirely is not viable without introducing\ncatastrophic memory bugs.\n\nThe `__counter` member dictates the execution of `gconv_end()`. Several\ncomplex encodings (such as `UTF-16`) dynamically allocate memory during\n`gconv_init()` and attach it to `step->__data`. If we remove\n`__counter`, we face an unsolvable dilemma during stream teardown: 1. If\nwe never call `gconv_end()`, we permanently leak `step->__data` memory\nevery time a dynamic step array is freed (e.g., from the mmap cache). 2.\nIf we unconditionally call `gconv_end()`, the stack stream destroys the\n`step->__data` state that the global locale (and other concurrent\nthreads) still rely on, leading to immediate use-after-free conditions.\n\nTherefore, reference counting must be maintained to safely manage the\n`step->__data` lifecycle.\n\nThis patch series follows Adhemerval Zanella Netto's suggestion to\nintroduce a targeted internal `fclose` equivalent. We introduce\n`_IO_wstrfile_fclose_stack()`, which safely releases the gconv reference\ncounters and finishes the stream without attempting to deallocate the\n`FILE` struct. This new function is then hooked into all 13\nimplementations of `swscanf` across the tree.\n\nFred.\n\nChanges since v0:\n - Added reviewed by on Patch 1\n - Reworked the test (Patch 2) so that it is an internal test that\n   directly checks the counter value.\n\n--\n\nFrédéric Bérat (2):\n  libio: Fix gconv module reference counter overflow in swscanf\n  test: Add gconv refcount leak test for swscanf\n\n libio/iofwide.c                               | 15 +++++\n libio/iovswscanf.c                            |  4 +-\n libio/libioP.h                                |  1 +\n libio/swscanf.c                               |  2 +-\n .../ieee128-isoc23_swscanf.c                  |  2 +-\n .../ieee128-isoc23_vswscanf.c                 |  4 +-\n .../ieee128-isoc99_swscanf.c                  |  2 +-\n .../ieee128-isoc99_vswscanf.c                 |  4 +-\n .../ldbl-128ibm-compat/ieee128-swscanf.c      |  2 +-\n .../ldbl-128ibm-compat/ieee128-vswscanf.c     |  4 +-\n sysdeps/ieee754/ldbl-opt/nldbl-compat.c       | 12 +++-\n wcsmbs/Makefile                               |  7 ++\n wcsmbs/isoc23_swscanf.c                       |  2 +-\n wcsmbs/isoc23_vswscanf.c                      |  4 +-\n wcsmbs/isoc99_swscanf.c                       |  2 +-\n wcsmbs/isoc99_vswscanf.c                      |  4 +-\n wcsmbs/tst-wcsmbs-clone-overflow.c            | 66 +++++++++++++++++++\n 17 files changed, 122 insertions(+), 15 deletions(-)\n create mode 100644 wcsmbs/tst-wcsmbs-clone-overflow.c\n\n\nbase-commit: 79dbb41f159a4defe75f59a8f491d136236d1f7a"
}