[{"id":1759356,"web_url":"http://patchwork.ozlabs.org/comment/1759356/","msgid":"","list_archive_url":null,"date":"2017-08-29T13:50:26","subject":"Re: [PATCH] Mangle NULL pointers in iconv/gconv [BZ #22025]","submitter":{"id":22438,"url":"http://patchwork.ozlabs.org/api/people/22438/","name":"Carlos O'Donell","email":"carlos@redhat.com"},"content":"On 08/29/2017 09:28 AM, Florian Weimer wrote:\n> We have been carrying the attached patch for a while.\n> \n> There is no test because triggering this failure is very hard even on 32\n> bit.\n> \n> Based on my review, it fixes all NULL pointer inconsistencies except the\n> mangling of __end_fct after a gconv_init failure. While writing a test\n> for this omission I found a heap corruption, so I filed a separate bug\n> for these remaining issues:\n> \n> \n\nThis looks good to me.\n\nIt deletes the silly NULL checking code, and makes us consistently\nmanagle and demangle which is conceptualy easier to understand.\n\n> gconv: Consistently mangle NULL function pointers [BZ #22025]\n> \n> Not mangling NULL pointers is not safe because with very low\n> probability, a non-NULL function pointer can turn into a NULL pointer\n> after mangling.\n> \n> 2017-08-29 Patsy Franklin \n> \t Jeff Law \n> \n> \t[BZ #22025]\n> \tMangle NULL pointers in iconv/gconv.\n> \t* iconv/gconv_cache.c (find_module): Demangle init_fct before\n> \tchecking for NULL. Mangle __btowc_fct if init_fct is non-NULL.\n> \t* iconv/gconv_db.c (free_derivation): Check that __shlib_handle\n> \tis non-NULL before demangling the end_fct. Check for NULL\n> \tend_fct after demangling.\n> \t(__gconv_release_step): Demangle the end_fct before checking\n> \tit for NULL. Remove assert on __shlibc_handle != NULL.\n> \t(gen_steps): Don't check btowc_fct for NULL before mangling.\n> \tDemangle init_fct before checking for NULL.\n> \t(increment_counter): Likewise.\n> \t* gconv_dl.c (__gconv_find_shlib): Don't check init_fct or\n> \tend_fct for NULL before mangling.\n> \t* wcsmbs/btowc.c (__btowc): Demangle btowc_fct before checking\n> \tfor NULL.\n> \n> diff --git a/iconv/gconv_cache.c b/iconv/gconv_cache.c\n> index d6a47de838..7d2751a506 100644\n> --- a/iconv/gconv_cache.c\n> +++ b/iconv/gconv_cache.c\n> @@ -207,17 +207,16 @@ find_module (const char *directory, const char *filename,\n> result->__data = NULL;\n> \n> /* Call the init function. */\n> - if (result->__init_fct != NULL)\n> -\t{\n> -\t __gconv_init_fct init_fct = result->__init_fct;\n> + __gconv_init_fct init_fct = result->__init_fct;\n> #ifdef PTR_DEMANGLE\n> -\t PTR_DEMANGLE (init_fct);\n> + PTR_DEMANGLE (init_fct);\n\nOK.\n\n> #endif\n> + if (init_fct != NULL)\n> +\t{\n> \t status = DL_CALL_FCT (init_fct, (result));\n> \n> #ifdef PTR_MANGLE\n> -\t if (result->__btowc_fct != NULL)\n> -\t PTR_MANGLE (result->__btowc_fct);\n> +\t PTR_MANGLE (result->__btowc_fct);\n\nOK.\n\n> #endif\n> \t}\n> }\n> diff --git a/iconv/gconv_db.c b/iconv/gconv_db.c\n> index 7893fadba1..b748467de5 100644\n> --- a/iconv/gconv_db.c\n> +++ b/iconv/gconv_db.c\n> @@ -179,16 +179,15 @@ free_derivation (void *p)\n> size_t cnt;\n> \n> for (cnt = 0; cnt < deriv->nsteps; ++cnt)\n> - if (deriv->steps[cnt].__counter > 0\n> -\t&& deriv->steps[cnt].__end_fct != NULL)\n> + if ((deriv->steps[cnt].__counter > 0)\n> +\t&& (deriv->steps[cnt].__shlib_handle != NULL))\n\nOK.\n\n> {\n> -\tassert (deriv->steps[cnt].__shlib_handle != NULL);\n\nOK.\n\n> -\n> \t__gconv_end_fct end_fct = deriv->steps[cnt].__end_fct;\n> #ifdef PTR_DEMANGLE\n> \tPTR_DEMANGLE (end_fct);\n> #endif\n> -\tDL_CALL_FCT (end_fct, (&deriv->steps[cnt]));\n> +\tif (end_fct != NULL)\n> +\t DL_CALL_FCT (end_fct, (&deriv->steps[cnt]));\n\nOK.\n\n> }\n> \n> /* Free the name strings. */\n> @@ -212,16 +211,12 @@ __gconv_release_step (struct __gconv_step *step)\n> if (step->__shlib_handle != NULL && --step->__counter == 0)\n> {\n> /* Call the destructor. */\n> - if (step->__end_fct != NULL)\n> -\t{\n> -\t assert (step->__shlib_handle != NULL);\n> -\n> -\t __gconv_end_fct end_fct = step->__end_fct;\n> +\t__gconv_end_fct end_fct = step->__end_fct;\n\nOK.\n\n> #ifdef PTR_DEMANGLE\n> -\t PTR_DEMANGLE (end_fct);\n> +\tPTR_DEMANGLE (end_fct);\n\nOK.\n\n> #endif\n> -\t DL_CALL_FCT (end_fct, (step));\n> -\t}\n> + if (end_fct != NULL)\n> +\tDL_CALL_FCT (end_fct, (step));\n\nOK.\n\n> \n> #ifndef STATIC_GCONV\n> /* Release the loaded module. */\n> @@ -313,13 +308,11 @@ gen_steps (struct derivation_step *best, const char *toset,\n> \n> \t /* Call the init function. */\n> \t __gconv_init_fct init_fct = result[step_cnt].__init_fct;\n> -\t if (init_fct != NULL)\n> -\t\t{\n> -\t\t assert (result[step_cnt].__shlib_handle != NULL);\n> -\n> # ifdef PTR_DEMANGLE\n> -\t\t PTR_DEMANGLE (init_fct);\n> +\t PTR_DEMANGLE (init_fct);\n> # endif\n\nOK.\n\n> +\t if (init_fct != NULL)\n> +\t\t{\n> \t\t status = DL_CALL_FCT (init_fct, (&result[step_cnt]));\n> \n> \t\t if (__builtin_expect (status, __GCONV_OK) != __GCONV_OK)\n> @@ -332,8 +325,7 @@ gen_steps (struct derivation_step *best, const char *toset,\n> \t\t }\n> \n> # ifdef PTR_MANGLE\n> -\t\t if (result[step_cnt].__btowc_fct != NULL)\n> -\t\t PTR_MANGLE (result[step_cnt].__btowc_fct);\n> +\t\t PTR_MANGLE (result[step_cnt].__btowc_fct);\n\nOK.\n\n> # endif\n> \t\t}\n> \t }\n> @@ -415,16 +407,15 @@ increment_counter (struct __gconv_step *steps, size_t nsteps)\n> \n> \t /* Call the init function. */\n> \t __gconv_init_fct init_fct = step->__init_fct;\n> +#ifdef PTR_DEMANGLE\n> +\t PTR_DEMANGLE (init_fct);\n> +#endif\n> \t if (init_fct != NULL)\n> \t {\n> -#ifdef PTR_DEMANGLE\n> -\t PTR_DEMANGLE (init_fct);\n> -#endif\n\n\nOK.\n\n> \t DL_CALL_FCT (init_fct, (step));\n> \n> #ifdef PTR_MANGLE\n> -\t if (step->__btowc_fct != NULL)\n> -\t\tPTR_MANGLE (step->__btowc_fct);\n> +\t PTR_MANGLE (step->__btowc_fct);\n\nOK.\n\n> #endif\n> \t }\n> \t}\n> diff --git a/iconv/gconv_dl.c b/iconv/gconv_dl.c\n> index 241836204d..d7dbba90a2 100644\n> --- a/iconv/gconv_dl.c\n> +++ b/iconv/gconv_dl.c\n> @@ -131,10 +131,8 @@ __gconv_find_shlib (const char *name)\n> \n> #ifdef PTR_MANGLE\n> \t\t PTR_MANGLE (found->fct);\n> -\t\t if (found->init_fct != NULL)\n> -\t\t PTR_MANGLE (found->init_fct);\n> -\t\t if (found->end_fct != NULL)\n> -\t\t PTR_MANGLE (found->end_fct);\n> +\t\t PTR_MANGLE (found->init_fct);\n> +\t\t PTR_MANGLE (found->end_fct);\n\nOK.\n\n> #endif\n> \n> \t\t /* We have succeeded in loading the shared object. */\n> diff --git a/wcsmbs/btowc.c b/wcsmbs/btowc.c\n> index 22464dc5e2..97fb7170f3 100644\n> --- a/wcsmbs/btowc.c\n> +++ b/wcsmbs/btowc.c\n> @@ -46,15 +46,15 @@ __btowc (int c)\n> /* Get the conversion functions. */\n> fcts = get_gconv_fcts (_NL_CURRENT_DATA (LC_CTYPE));\n> __gconv_btowc_fct btowc_fct = fcts->towc->__btowc_fct;\n> +#ifdef PTR_DEMANGLE\n> + if (fcts->towc->__shlib_handle != NULL)\n> + PTR_DEMANGLE (btowc_fct);\n> +#endif\n\nOK.\n\n> \n> if (__builtin_expect (fcts->towc_nsteps == 1, 1)\n> && __builtin_expect (btowc_fct != NULL, 1))\n> {\n> /* Use the shortcut function. */\n> -#ifdef PTR_DEMANGLE\n> - if (fcts->towc->__shlib_handle != NULL)\n> -\tPTR_DEMANGLE (btowc_fct);\n> -#endif\n\nOK.\n\n> return DL_CALL_FCT (btowc_fct, (fcts->towc, (unsigned char) c));\n> }\n> else","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","mailing list libc-alpha@sourceware.org"],"Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=sourceware.org\n\t(client-ip=209.132.180.131; helo=sourceware.org;\n\tenvelope-from=libc-alpha-return-83818-incoming=patchwork.ozlabs.org@sourceware.org;\n\treceiver=)","ozlabs.org; dkim=pass (1024-bit key;\n\tsecure) header.d=sourceware.org header.i=@sourceware.org\n\theader.b=\"o3WPaWep\"; dkim-atps=neutral","sourceware.org; auth=none"],"Received":["from sourceware.org (server1.sourceware.org [209.132.180.131])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xhVR56B0zz9t33\n\tfor ;\n\tTue, 29 Aug 2017 23:51:13 +1000 (AEST)","(qmail 5145 invoked by alias); 29 Aug 2017 13:51:07 -0000","(qmail 4429 invoked by uid 89); 29 Aug 2017 13:51:05 -0000"],"DomainKey-Signature":"a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id\n\t:list-unsubscribe:list-subscribe:list-archive:list-post\n\t:list-help:sender:subject:to:references:from:message-id:date\n\t:mime-version:in-reply-to:content-type\n\t:content-transfer-encoding; q=dns; s=default; b=v6/6GShNOQXZQ8by\n\tOxDQPLb7zL6oekAE/16o6/2kW/IM1CYZDPeWIdCRMd0tHOYDXR+kfDGz9GI54giA\n\thaoBcmongCWqF7xzm20wpbQdDCn4SWgKapw8iNE9xkw3O+kRfO1l0gG9avCIu+6y\n\tXclWpwTquqN5JjmcraIDwmWuXK0=","DKIM-Signature":"v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id\n\t:list-unsubscribe:list-subscribe:list-archive:list-post\n\t:list-help:sender:subject:to:references:from:message-id:date\n\t:mime-version:in-reply-to:content-type\n\t:content-transfer-encoding; s=default; bh=Y3GUJMh1g+8rdvH5Pz48mF\n\teWsTM=; b=o3WPaWepN0JlUnrRjs/O/1kVTC7Ttd7uz0szcGt6+ChatioYYRwZd0\n\t+Lo1DM8XgxJBW0DLRvay9wqYoNsaiXzNv/RoVwkR/GbGaxUQstvAWyXaL13H2i2Y\n\tx4mN9/QQRXMZXBwIwqd4kAkIOZSArjJysrW9e7XgkVm6WXgSPPoSM=","Mailing-List":"contact libc-alpha-help@sourceware.org; run by ezmlm","Precedence":"bulk","List-Id":"","List-Unsubscribe":"","List-Subscribe":"","List-Archive":"","List-Post":"","List-Help":",\n\t","Sender":"libc-alpha-owner@sourceware.org","X-Virus-Found":"No","X-Spam-SWARE-Status":"No, score=-26.5 required=5.0 tests=AWL, BAYES_00,\n\tGIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3,\n\tRCVD_IN_DNSWL_NONE,\n\tRCVD_IN_SORBS_SPAM autolearn=ham version=3.3.2\n\tspammy=Hx-languages-length:6535","X-HELO":"mail-qt0-f169.google.com","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:subject:to:references:from:message-id:date\n\t:user-agent:mime-version:in-reply-to:content-language\n\t:content-transfer-encoding;\n\tbh=AzWnTuD8esU7gNcwVXZFtyPwJPzxyYhocudLdVnEqUs=;\n\tb=er/iADmhvd2yNf2QY0sVhW4LKJcO9mleLV5q9BVae+naGwqPtZcxbTPeg3o2WVt2RZ\n\tV+Xy9DLk2sJvtiMCJUOcwWm4TsSfeaegwVHnZuLw4gIiAR39UXx6NHJvqRxieaFBTkoB\n\tNxzVJmMAw/l+uKaZrMRbIvz6LjFPR5D9l4/cj2GkXRWG4Ayl36I1tWCxOTEbVkfAOf5E\n\tPkauzVlqUzYyWwFXVXDVh+BbD6AmWV1Yj3lmR9MuMo2WH3RuOg0CpArhb3O0/Kco7Xno\n\teKJhR9T+i57ZIcikqPNU564h/WBkQZBcujdEZa9NXD9O/roxeZWW2ASaNwIyv1c7y/WT\n\tZ8UA==","X-Gm-Message-State":"AHYfb5gyE2hkoTao+WIEat17hL0Zl04iceSxyZ8Ye/UGRiGFyRGXsBhm\n\tVf8oGGrYvDNXuxzr4n7D9A==","X-Google-Smtp-Source":"ADKCNb6gyd3xpHS480UVw2asxWEWRL5Oef8CGqArajsfFn/V11sJ7qCqf01C0hX/kRyivpR/lBcmhA==","X-Received":"by 10.237.63.247 with SMTP id w52mr6116107qth.34.1504014653901; \n\tTue, 29 Aug 2017 06:50:53 -0700 (PDT)","Subject":"Re: [PATCH] Mangle NULL pointers in iconv/gconv [BZ #22025]","To":"Florian Weimer ,\n\tGNU C Library ,\n\tPatsy Franklin , Jeff Law ","References":"<50ea6b93-b58a-fdad-c178-a188ff6b6728@redhat.com>","From":"Carlos O'Donell ","Message-ID":"","Date":"Tue, 29 Aug 2017 09:50:26 -0400","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101\n\tThunderbird/52.2.1","MIME-Version":"1.0","In-Reply-To":"<50ea6b93-b58a-fdad-c178-a188ff6b6728@redhat.com>","Content-Type":"text/plain; charset=utf-8","Content-Transfer-Encoding":"7bit"}},{"id":1759357,"web_url":"http://patchwork.ozlabs.org/comment/1759357/","msgid":"","list_archive_url":null,"date":"2017-08-29T13:52:02","subject":"Re: [PATCH] Mangle NULL pointers in iconv/gconv [BZ #22025]","submitter":{"id":37,"url":"http://patchwork.ozlabs.org/api/people/37/","name":"Andreas Schwab","email":"schwab@suse.de"},"content":"On Aug 29 2017, Florian Weimer wrote:\n\n> diff --git a/iconv/gconv_db.c b/iconv/gconv_db.c\n> index 7893fadba1..b748467de5 100644\n> --- a/iconv/gconv_db.c\n> +++ b/iconv/gconv_db.c\n> @@ -179,16 +179,15 @@ free_derivation (void *p)\n> size_t cnt;\n> \n> for (cnt = 0; cnt < deriv->nsteps; ++cnt)\n> - if (deriv->steps[cnt].__counter > 0\n> -\t&& deriv->steps[cnt].__end_fct != NULL)\n> + if ((deriv->steps[cnt].__counter > 0)\n> +\t&& (deriv->steps[cnt].__shlib_handle != NULL))\n\nPlease remove the redundant parens.\n\n> @@ -332,8 +325,7 @@ gen_steps (struct derivation_step *best, const char *toset,\n> \t\t }\n> \n> # ifdef PTR_MANGLE\n> -\t\t if (result[step_cnt].__btowc_fct != NULL)\n> -\t\t PTR_MANGLE (result[step_cnt].__btowc_fct);\n> +\t\t PTR_MANGLE (result[step_cnt].__btowc_fct);\n> # endif\n\nThat needs to be mangled even if there is no init_fct.\n\n> @@ -415,16 +407,15 @@ increment_counter (struct __gconv_step *steps, size_t nsteps)\n> \n> \t /* Call the init function. */\n> \t __gconv_init_fct init_fct = step->__init_fct;\n> +#ifdef PTR_DEMANGLE\n> +\t PTR_DEMANGLE (init_fct);\n> +#endif\n> \t if (init_fct != NULL)\n> \t {\n> -#ifdef PTR_DEMANGLE\n> -\t PTR_DEMANGLE (init_fct);\n> -#endif\n> \t DL_CALL_FCT (init_fct, (step));\n> \n> #ifdef PTR_MANGLE\n> -\t if (step->__btowc_fct != NULL)\n> -\t\tPTR_MANGLE (step->__btowc_fct);\n> +\t PTR_MANGLE (step->__btowc_fct);\n> #endif\n\nLikewise.\n\nAndreas.","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","mailing list libc-alpha@sourceware.org"],"Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=sourceware.org\n\t(client-ip=209.132.180.131; helo=sourceware.org;\n\tenvelope-from=libc-alpha-return-83819-incoming=patchwork.ozlabs.org@sourceware.org;\n\treceiver=)","ozlabs.org; dkim=pass (1024-bit key;\n\tsecure) header.d=sourceware.org header.i=@sourceware.org\n\theader.b=\"G6SFxkD2\"; dkim-atps=neutral","sourceware.org; auth=none"],"Received":["from sourceware.org (server1.sourceware.org [209.132.180.131])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xhVSQ2JRDz9sRV\n\tfor ;\n\tTue, 29 Aug 2017 23:52:22 +1000 (AEST)","(qmail 38871 invoked by alias); 29 Aug 2017 13:52:16 -0000","(qmail 38516 invoked by uid 89); 29 Aug 2017 13:52:15 -0000"],"DomainKey-Signature":"a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id\n\t:list-unsubscribe:list-subscribe:list-archive:list-post\n\t:list-help:sender:from:to:cc:subject:references:date:in-reply-to\n\t:message-id:mime-version:content-type; q=dns; s=default; b=BSlgQ\n\tBNjW+mKxxZsHdL7ClA9jtXo852psWAaXIXhf8zGwQISHrHHZ9ZjaPxvxHJKHlLdo\n\tfXwCeV0sv6F/4Yca/NAMJoHMscS3ZMJE04MWd2WLe6OCaJP+VIxJC3pTFMc3n3+N\n\tJqNovkA3PaH+KEF+woZiGW9FGSs91Rpk0dTXqA=","DKIM-Signature":"v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id\n\t:list-unsubscribe:list-subscribe:list-archive:list-post\n\t:list-help:sender:from:to:cc:subject:references:date:in-reply-to\n\t:message-id:mime-version:content-type; s=default; bh=a45c3/VkDBO\n\tffhi3uKxBvFh8dP4=; b=G6SFxkD2GrwaILEfYpnssZmxAPrBComBJR79llmlr25\n\t4lYL+d0WUD1v8tUt8O4QZSrUYqFQdbcTiSUAGGpxygijotd2upKARIcKFtW0uMU4\n\tbjxrkQtkudF3w0YonfL1LK3M48z10FCcOGMceFTyI/XC69GHpDFWmKabtX/ojbEE\n\t=","Mailing-List":"contact libc-alpha-help@sourceware.org; run by ezmlm","Precedence":"bulk","List-Id":"","List-Unsubscribe":"","List-Subscribe":"","List-Archive":"","List-Post":"","List-Help":",\n\t","Sender":"libc-alpha-owner@sourceware.org","X-Virus-Found":"No","X-Spam-SWARE-Status":"No, score=-26.9 required=5.0 tests=BAYES_00, GIT_PATCH_0,\n\tGIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RP_MATCHES_RCVD,\n\tSPF_PASS autolearn=ham version=3.3.2 spammy=","X-HELO":"mx1.suse.de","From":"Andreas Schwab ","To":"Florian Weimer ","Cc":"GNU C Library ,\n\tPatsy Franklin , Jeff Law ","Subject":"Re: [PATCH] Mangle NULL pointers in iconv/gconv [BZ #22025]","References":"<50ea6b93-b58a-fdad-c178-a188ff6b6728@redhat.com>","X-Yow":"Wait.. is this a FUN THING or the END of LIFE in Petticoat Junction??","Date":"Tue, 29 Aug 2017 15:52:02 +0200","In-Reply-To":"<50ea6b93-b58a-fdad-c178-a188ff6b6728@redhat.com> (Florian\n\tWeimer's message of \"Tue, 29 Aug 2017 15:28:43 +0200\")","Message-ID":"","User-Agent":"Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)","MIME-Version":"1.0","Content-Type":"text/plain"}},{"id":1759375,"web_url":"http://patchwork.ozlabs.org/comment/1759375/","msgid":"","list_archive_url":null,"date":"2017-08-29T14:13:18","subject":"Re: [PATCH] Mangle NULL pointers in iconv/gconv [BZ #22025]","submitter":{"id":14312,"url":"http://patchwork.ozlabs.org/api/people/14312/","name":"Florian Weimer","email":"fweimer@redhat.com"},"content":"*sigh*\n\nRight after pushing I realized that the entire premise of this patch is\nbogus.\n\nCode like this:\n\n /* Get the conversion functions. */\n fcts = get_gconv_fcts (_NL_CURRENT_DATA (LC_CTYPE));\n __gconv_btowc_fct btowc_fct = fcts->towc->__btowc_fct;\n#ifdef PTR_DEMANGLE\n if (fcts->towc->__shlib_handle != NULL)\n PTR_DEMANGLE (btowc_fct);\n#endif\n\n if (__builtin_expect (fcts->towc_nsteps == 1, 1)\n && __builtin_expect (btowc_fct != NULL, 1))\n {\n /* Use the shortcut function. */\n return DL_CALL_FCT (btowc_fct, (fcts->towc, (unsigned char) c));\n\nprovides a reasonably straightforward way for bypassing pointer\nmangling, simply by setting __shlib_handle to NULL.\n\nI'll try to come up with a different fix.\n\nFlorian","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","mailing list libc-alpha@sourceware.org"],"Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=sourceware.org\n\t(client-ip=209.132.180.131; helo=sourceware.org;\n\tenvelope-from=libc-alpha-return-83822-incoming=patchwork.ozlabs.org@sourceware.org;\n\treceiver=)","ozlabs.org; dkim=pass (1024-bit key;\n\tsecure) header.d=sourceware.org header.i=@sourceware.org\n\theader.b=\"KpMr+mVy\"; dkim-atps=neutral","sourceware.org; auth=none","ext-mx06.extmail.prod.ext.phx2.redhat.com;\n\tdmarc=none (p=none dis=none) header.from=redhat.com","ext-mx06.extmail.prod.ext.phx2.redhat.com;\n\tspf=fail smtp.mailfrom=fweimer@redhat.com"],"Received":["from sourceware.org (server1.sourceware.org [209.132.180.131])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xhVxB5MRVz9t38\n\tfor ;\n\tWed, 30 Aug 2017 00:13:50 +1000 (AEST)","(qmail 79991 invoked by alias); 29 Aug 2017 14:13:32 -0000","(qmail 79882 invoked by uid 89); 29 Aug 2017 14:13:31 -0000"],"DomainKey-Signature":"a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id\n\t:list-unsubscribe:list-subscribe:list-archive:list-post\n\t:list-help:sender:subject:to:references:from:message-id:date\n\t:mime-version:in-reply-to:content-type\n\t:content-transfer-encoding; q=dns; s=default; b=rn97C9D4ft68oIRU\n\tJ3YS6ydVm248uRjCoOJgXtZB6rsK4nbakldi2tCorAjzdAtkWDi+n4mkpSiD3Lzq\n\tpCmp353AmEOKZNXevgx2BlANRF+G8CyGZT+/H4xzxgj4Bw7+KQimIw7N8Ty2C3iG\n\tR8Ra+u1NUKAlRbLDAGJz3O/lvnk=","DKIM-Signature":"v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id\n\t:list-unsubscribe:list-subscribe:list-archive:list-post\n\t:list-help:sender:subject:to:references:from:message-id:date\n\t:mime-version:in-reply-to:content-type\n\t:content-transfer-encoding; s=default; bh=0q0LbZgczVnwS/uRs+A1cy\n\txMWxU=; b=KpMr+mVywDOBzypf8Ac8uzXMvXMgoEOkBWz9A8xg29vigLiKhMDS1q\n\temIhY9Bx7yfY6g4YcKQ4vHjaXfk13kqTR2OpbmIoImmW7rZJ9W60Hj9r+nEfkeFf\n\t+fzvI5Caye8RTMaUhaeLOm29v/5RKPu+Nv1kCVMEhJ57ZqjTAquSE=","Mailing-List":"contact libc-alpha-help@sourceware.org; run by ezmlm","Precedence":"bulk","List-Id":"","List-Unsubscribe":"","List-Subscribe":"","List-Archive":"","List-Post":"","List-Help":",\n\t","Sender":"libc-alpha-owner@sourceware.org","X-Virus-Found":"No","X-Spam-SWARE-Status":"No, score=-0.9 required=5.0 tests=BAYES_00,\n\tKAM_LAZY_DOMAIN_SECURITY, RP_MATCHES_RCVD,\n\tSPF_HELO_PASS autolearn=no version=3.3.2 spammy=bypassing,\n\tHx-languages-length:768, premise,\n\tHContent-Transfer-Encoding:8bit","X-HELO":"mx1.redhat.com","DMARC-Filter":"OpenDMARC Filter v1.3.2 mx1.redhat.com 1F6DD356EA","Subject":"Re: [PATCH] Mangle NULL pointers in iconv/gconv [BZ #22025]","To":"libc-alpha@sourceware.org","References":"<50ea6b93-b58a-fdad-c178-a188ff6b6728@redhat.com>","From":"Florian Weimer ","Message-ID":"","Date":"Tue, 29 Aug 2017 16:13:18 +0200","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101\n\tThunderbird/52.2.1","MIME-Version":"1.0","In-Reply-To":"<50ea6b93-b58a-fdad-c178-a188ff6b6728@redhat.com>","Content-Type":"text/plain; charset=utf-8","Content-Transfer-Encoding":"8bit"}},{"id":1759379,"web_url":"http://patchwork.ozlabs.org/comment/1759379/","msgid":"<9cbc4ce7-4660-8c56-3db9-ca5c4cf2ab41@redhat.com>","list_archive_url":null,"date":"2017-08-29T14:18:47","subject":"Re: [PATCH] Mangle NULL pointers in iconv/gconv [BZ #22025]","submitter":{"id":22438,"url":"http://patchwork.ozlabs.org/api/people/22438/","name":"Carlos O'Donell","email":"carlos@redhat.com"},"content":"On 08/29/2017 10:13 AM, Florian Weimer wrote:\n> *sigh*\n> \n> Right after pushing I realized that the entire premise of this patch is\n> bogus.\n\nThe premise is not wrong.\n\nThe idea is to simplify the existing code to always mangle/demangle\nfunction pointers without exception.\n\nWhat you have found is a way to manipulate the mangling, which was\nnot considered in the original patch.\n \n> Code like this:\n> \n> /* Get the conversion functions. */\n> fcts = get_gconv_fcts (_NL_CURRENT_DATA (LC_CTYPE));\n> __gconv_btowc_fct btowc_fct = fcts->towc->__btowc_fct;\n> #ifdef PTR_DEMANGLE\n> if (fcts->towc->__shlib_handle != NULL)\n> PTR_DEMANGLE (btowc_fct);\n> #endif\n> \n> if (__builtin_expect (fcts->towc_nsteps == 1, 1)\n> && __builtin_expect (btowc_fct != NULL, 1))\n> {\n> /* Use the shortcut function. */\n> return DL_CALL_FCT (btowc_fct, (fcts->towc, (unsigned char) c));\n> \n> provides a reasonably straightforward way for bypassing pointer\n> mangling, simply by setting __shlib_handle to NULL.\n\nSure, but that also has other consequences. There are several loops\nwhich look for __shlib_handle != NULL and those loops would do nothing\nif you set __shlib_handle to NULL?\n\n> I'll try to come up with a different fix.\n\nYou do not need to come up with a different fix.\n\nI suggest you review Andreas' comments, fixup the existing implementation,\nand file a bug about the way in which the __shlib_handle might be abusable.\n\nDon't go down the rabbit hole ;-)\n\nCheers,\nCarlos.","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","mailing list libc-alpha@sourceware.org"],"Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=sourceware.org\n\t(client-ip=209.132.180.131; helo=sourceware.org;\n\tenvelope-from=libc-alpha-return-83824-incoming=patchwork.ozlabs.org@sourceware.org;\n\treceiver=)","ozlabs.org; dkim=pass (1024-bit key;\n\tsecure) header.d=sourceware.org header.i=@sourceware.org\n\theader.b=\"ogK16pzB\"; dkim-atps=neutral","sourceware.org; auth=none"],"Received":["from sourceware.org (server1.sourceware.org [209.132.180.131])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xhW3R20Fhz9t38\n\tfor ;\n\tWed, 30 Aug 2017 00:19:15 +1000 (AEST)","(qmail 83789 invoked by alias); 29 Aug 2017 14:19:05 -0000","(qmail 82952 invoked by uid 89); 29 Aug 2017 14:19:05 -0000"],"DomainKey-Signature":"a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id\n\t:list-unsubscribe:list-subscribe:list-archive:list-post\n\t:list-help:sender:subject:to:references:from:message-id:date\n\t:mime-version:in-reply-to:content-type\n\t:content-transfer-encoding; q=dns; s=default; b=glC5bTXw2/+wLWMY\n\tTYUJ0ttC8fNKDF7fZWn6CgwQxWgMZwo7kw3SDmmY5QmVQcsFU/wSG8rhT8Ci3uTW\n\tWzRwqkQA3ATRu/ZhDN3wXoWT7h5/ucJTeV39INXC7JodnQ8mmiptrchEfIKNA3Wi\n\tudUrJdS14RrPiue/iQ2UGtYP/uk=","DKIM-Signature":"v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id\n\t:list-unsubscribe:list-subscribe:list-archive:list-post\n\t:list-help:sender:subject:to:references:from:message-id:date\n\t:mime-version:in-reply-to:content-type\n\t:content-transfer-encoding; s=default; bh=vvzKn1Y0Oj3X4tsuzv2co1\n\tOy8KU=; b=ogK16pzBZznwVoUB4Wy2veEuKVoRU/SE6b2pG/LzQP1VGuceFEczdR\n\ts1qKAJWtB/EErGAu+h1SHsBuZFA34jkiHeXYFuXai/2K23KLtG5ibNkt8zwC7KJm\n\tBQWkARdPuSS5h4gTZ0l/Ripk1YK8Hz+R8KM8Rpp0p45Q3u/kYQrLw=","Mailing-List":"contact libc-alpha-help@sourceware.org; run by ezmlm","Precedence":"bulk","List-Id":"","List-Unsubscribe":"","List-Subscribe":"","List-Archive":"","List-Post":"","List-Help":",\n\t","Sender":"libc-alpha-owner@sourceware.org","X-Virus-Found":"No","X-Spam-SWARE-Status":"No, score=-3.0 required=5.0 tests=AWL, BAYES_00,\n\tKAM_LAZY_DOMAIN_SECURITY, RCVD_IN_DNSWL_NONE,\n\tRCVD_IN_SORBS_SPAM autolearn=no version=3.3.2 spammy=bypassing,\n\tpremise","X-HELO":"mail-qt0-f170.google.com","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:subject:to:references:from:message-id:date\n\t:user-agent:mime-version:in-reply-to:content-language\n\t:content-transfer-encoding;\n\tbh=xIcEfi5UkpAcAANVQ7cJdQmKRE0EGbz5ounm+ofFdVU=;\n\tb=B3TPRx1adB3A+iJP8dqG1I3HNWP229NxI1S1wNntag+UsM2oHHsTx1yT9RTeVTfiYK\n\tS1G5zHXolbbO5iF3HHlgUYHKpr23BmKwF9ma3NAmjlZd7TPCz/3ZPFBHuVtGfY1HO1hR\n\tqaEKwiQJvqcVtorgcPzw4UBskZHcI2JMje/TWlOGp773Db+kuwO1OFNVaKST6d+ASrmq\n\t56PtcXFRTbQo9/ATdmiafRj4d/braPWJGxGAYLXhnnd8OH/YKgqnc0UJCl7jjcBn/aHK\n\tZ/CuZqh5B9ANLATfOjBcXOdTml/fhhgG3LJuFPBJH1f5sSOR5kqFB2LePTYSmK/dt1BI\n\tgSgA==","X-Gm-Message-State":"AHYfb5gunzAWdUJMu8uAUw4NFy0/SOn610NY9IK1/3VNy3x9yIrFr+nB\n\tRdatue1VOWVmzNkkuyxwAA==","X-Google-Smtp-Source":"ADKCNb4wYRGk+neS08E++m50W6ft9hgxltFaSiYsQyiZZKn2RS4K3tIEr444acB0t5tBY5PyNF8DUA==","X-Received":"by 10.237.37.73 with SMTP id w9mr6456455qtc.50.1504016332878;\n\tTue, 29 Aug 2017 07:18:52 -0700 (PDT)","Subject":"Re: [PATCH] Mangle NULL pointers in iconv/gconv [BZ #22025]","To":"Florian Weimer , libc-alpha@sourceware.org","References":"<50ea6b93-b58a-fdad-c178-a188ff6b6728@redhat.com>\n\t","From":"Carlos O'Donell ","Message-ID":"<9cbc4ce7-4660-8c56-3db9-ca5c4cf2ab41@redhat.com>","Date":"Tue, 29 Aug 2017 10:18:47 -0400","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101\n\tThunderbird/52.2.1","MIME-Version":"1.0","In-Reply-To":"","Content-Type":"text/plain; charset=utf-8","Content-Transfer-Encoding":"7bit"}},{"id":1759389,"web_url":"http://patchwork.ozlabs.org/comment/1759389/","msgid":"<4a93dbf8-e4db-5ab1-43d6-1c52e3bb38a8@redhat.com>","list_archive_url":null,"date":"2017-08-29T14:24:28","subject":"Re: [PATCH] Mangle NULL pointers in iconv/gconv [BZ #22025]","submitter":{"id":14312,"url":"http://patchwork.ozlabs.org/api/people/14312/","name":"Florian Weimer","email":"fweimer@redhat.com"},"content":"On 08/29/2017 04:18 PM, Carlos O'Donell wrote:\n\n> I suggest you review Andreas' comments, fixup the existing implementation,\n> and file a bug about the way in which the __shlib_handle might be abusable.\n\nRight, it's a pre-existing problem. I filed:\n\n https://sourceware.org/bugzilla/show_bug.cgi?id=22029\n\nThanks,\nFlorian","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","mailing list libc-alpha@sourceware.org"],"Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=sourceware.org\n\t(client-ip=209.132.180.131; helo=sourceware.org;\n\tenvelope-from=libc-alpha-return-83825-incoming=patchwork.ozlabs.org@sourceware.org;\n\treceiver=)","ozlabs.org; dkim=pass (1024-bit key;\n\tsecure) header.d=sourceware.org header.i=@sourceware.org\n\theader.b=\"hr4+OL22\"; dkim-atps=neutral","sourceware.org; auth=none","ext-mx05.extmail.prod.ext.phx2.redhat.com;\n\tdmarc=none (p=none dis=none) header.from=redhat.com","ext-mx05.extmail.prod.ext.phx2.redhat.com;\n\tspf=fail smtp.mailfrom=fweimer@redhat.com"],"Received":["from sourceware.org (server1.sourceware.org [209.132.180.131])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xhWBQ1hgsz9t16\n\tfor ;\n\tWed, 30 Aug 2017 00:25:18 +1000 (AEST)","(qmail 60942 invoked by alias); 29 Aug 2017 14:25:10 -0000","(qmail 60801 invoked by uid 89); 29 Aug 2017 14:24:55 -0000"],"DomainKey-Signature":"a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id\n\t:list-unsubscribe:list-subscribe:list-archive:list-post\n\t:list-help:sender:subject:to:references:from:message-id:date\n\t:mime-version:in-reply-to:content-type\n\t:content-transfer-encoding; q=dns; s=default; b=Wnb5lbgXDOb2oebC\n\t+js10nBYeOuk3fU6vXP/GrnuiVrjadO8qOc6xM07EejNKsPiJemeY/IGNKpr3FAA\n\tVfVAohUCV2VJbF4YoyHCPXFW95fNvG7ktpdoBCCluBg4bpxtUrMuB+wYDljIT9ez\n\timVjqSmFnNlPMJeeCw3wtzY80W4=","DKIM-Signature":"v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id\n\t:list-unsubscribe:list-subscribe:list-archive:list-post\n\t:list-help:sender:subject:to:references:from:message-id:date\n\t:mime-version:in-reply-to:content-type\n\t:content-transfer-encoding; s=default; bh=q2YHo0RAZGCxuchX6N/8hj\n\tHpVSk=; b=hr4+OL22EHBzAJiGBjVyBs8zVxcsgkAsm2/1txsncUVRvWRF80/rzQ\n\tg3/B+8K/XiIoxN38G1HeocvqafFkyMJTOqdwB3TTASyxtVMOLL3I4TeHk+q1pLV4\n\tC0EIqYIl4S3+mAjpFBASL6SnP2xejFHoiDuYwwIdQ1aPTOMOM5O5E=","Mailing-List":"contact libc-alpha-help@sourceware.org; run by ezmlm","Precedence":"bulk","List-Id":"","List-Unsubscribe":"","List-Subscribe":"","List-Archive":"","List-Post":"","List-Help":",\n\t","Sender":"libc-alpha-owner@sourceware.org","X-Virus-Found":"No","X-Spam-SWARE-Status":"No, score=-1.9 required=5.0 tests=BAYES_00,\n\tRP_MATCHES_RCVD,\n\tSPF_HELO_PASS autolearn=ham version=3.3.2 spammy=","X-HELO":"mx1.redhat.com","DMARC-Filter":"OpenDMARC Filter v1.3.2 mx1.redhat.com 54081498","Subject":"Re: [PATCH] Mangle NULL pointers in iconv/gconv [BZ #22025]","To":"Carlos O'Donell , libc-alpha@sourceware.org","References":"<50ea6b93-b58a-fdad-c178-a188ff6b6728@redhat.com>\n\t\n\t<9cbc4ce7-4660-8c56-3db9-ca5c4cf2ab41@redhat.com>","From":"Florian Weimer ","Message-ID":"<4a93dbf8-e4db-5ab1-43d6-1c52e3bb38a8@redhat.com>","Date":"Tue, 29 Aug 2017 16:24:28 +0200","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101\n\tThunderbird/52.2.1","MIME-Version":"1.0","In-Reply-To":"<9cbc4ce7-4660-8c56-3db9-ca5c4cf2ab41@redhat.com>","Content-Type":"text/plain; charset=utf-8","Content-Transfer-Encoding":"7bit"}},{"id":1759390,"web_url":"http://patchwork.ozlabs.org/comment/1759390/","msgid":"<0d2e7f12-c5e2-32f6-2192-d8682b805646@redhat.com>","list_archive_url":null,"date":"2017-08-29T14:27:22","subject":"Re: [PATCH] Mangle NULL pointers in iconv/gconv [BZ #22025]","submitter":{"id":22438,"url":"http://patchwork.ozlabs.org/api/people/22438/","name":"Carlos O'Donell","email":"carlos@redhat.com"},"content":"On 08/29/2017 10:24 AM, Florian Weimer wrote:\n> On 08/29/2017 04:18 PM, Carlos O'Donell wrote:\n> \n>> I suggest you review Andreas' comments, fixup the existing implementation,\n>> and file a bug about the way in which the __shlib_handle might be abusable.\n> \n> Right, it's a pre-existing problem. I filed:\n> \n> https://sourceware.org/bugzilla/show_bug.cgi?id=22029\n\nExactly. Thanks for filling that bug.\n\nc.","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","mailing list libc-alpha@sourceware.org"],"Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=sourceware.org\n\t(client-ip=209.132.180.131; helo=sourceware.org;\n\tenvelope-from=libc-alpha-return-83826-incoming=patchwork.ozlabs.org@sourceware.org;\n\treceiver=)","ozlabs.org; dkim=pass (1024-bit key;\n\tsecure) header.d=sourceware.org header.i=@sourceware.org\n\theader.b=\"oUPnE2T8\"; dkim-atps=neutral","sourceware.org; auth=none"],"Received":["from sourceware.org (server1.sourceware.org [209.132.180.131])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xhWFH10J0z9t16\n\tfor ;\n\tWed, 30 Aug 2017 00:27:46 +1000 (AEST)","(qmail 68716 invoked by alias); 29 Aug 2017 14:27:41 -0000","(qmail 68697 invoked by uid 89); 29 Aug 2017 14:27:37 -0000"],"DomainKey-Signature":"a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id\n\t:list-unsubscribe:list-subscribe:list-archive:list-post\n\t:list-help:sender:subject:to:references:from:message-id:date\n\t:mime-version:in-reply-to:content-type\n\t:content-transfer-encoding; q=dns; s=default; b=MzVdCudHUDGls22u\n\tr1dXFVnKfRuuXSpXx2CkZOhOda2rf8uHc7QHJLiAUvg9nVke6c2QoueOu6c9hacu\n\tgtP25s8ktD6qf1n4+QROzlC84KfH4BH0NLHkIrWEO6MJML8u0EQlid5xGZ/+qzDl\n\tutlbkqYANdU5QE2Ls7PIg/EOFxw=","DKIM-Signature":"v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id\n\t:list-unsubscribe:list-subscribe:list-archive:list-post\n\t:list-help:sender:subject:to:references:from:message-id:date\n\t:mime-version:in-reply-to:content-type\n\t:content-transfer-encoding; s=default; bh=t/VZAOG8uKKouC5ZwF9nfB\n\tNOoIo=; b=oUPnE2T8qeaQoTo8/ESpRFuGVCAbtAztlK1ZiXQNusKeY//X/y9pHr\n\t1MALZeeMdUzS5BtpwGtYgyDl7rKJSPn55kcB6tE4l+kYG6TwspZrcnuAWukyEhje\n\txYvKpsiin2G3EBxMaRGVSA4dLd1pSGdGp2yFR1OSegwk85d9DfQw0=","Mailing-List":"contact libc-alpha-help@sourceware.org; run by ezmlm","Precedence":"bulk","List-Id":"","List-Unsubscribe":"","List-Subscribe":"","List-Archive":"","List-Post":"","List-Help":",\n\t","Sender":"libc-alpha-owner@sourceware.org","X-Virus-Found":"No","X-Spam-SWARE-Status":"No, score=-3.1 required=5.0 tests=AWL, BAYES_00,\n\tRCVD_IN_DNSWL_NONE,\n\tRCVD_IN_SORBS_SPAM autolearn=no version=3.3.2 spammy=","X-HELO":"mail-qk0-f181.google.com","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:subject:to:references:from:message-id:date\n\t:user-agent:mime-version:in-reply-to:content-language\n\t:content-transfer-encoding;\n\tbh=Ws7EjcelBazjT6cmn42C+9KBd96mOhbwmiABXqDXGPc=;\n\tb=eu4HHzUJYgNI8wDWRyqNPg8QDZxdg85KAdMGnyiMfdJ+UZbjxA8Ol6CWrNUYiKtKYS\n\tFpiTC5xNQy4vkIKWmyLIBeFA9Gdf140GXlrQLq5iGvIJUk6HQEQ4RDh3Tvc+ZES12ftL\n\t6bVv/oj6eUz5mxnY3bn8W7NPnSSGfEg4bZjE7N63/7RjCOgfWSGf5FhhYpqH+rzlcPu5\n\tq0cqbvfS6MLLKMuDAHDhWs5avAgJSmzwzStFpGpu9yPUavznbSh70L4Ayt1aByuv9a4c\n\tn1Nb5o/zEtxTQagE2R1hRrGupO5gkdztAO50iMoREev6Sc3lerwRroILst8vzRJJntwi\n\tcpAg==","X-Gm-Message-State":"AHYfb5gpnxvXFJUpz2NnicCJXgJ1X0FnInH00XJaS6QXXlN+IlU7HaX/\n\tIcyyVe3GDqHmtxbrJCJeMg==","X-Google-Smtp-Source":"ADKCNb74JdgAofaWmaD9sCM0MQw7BVFrAUkAFxHAxH+AMPlCvwPBL1D9+nQ9suG7sZhDz30RfDpPdQ==","X-Received":"by 10.55.74.22 with SMTP id x22mr5604548qka.341.1504016845364;\n\tTue, 29 Aug 2017 07:27:25 -0700 (PDT)","Subject":"Re: [PATCH] Mangle NULL pointers in iconv/gconv [BZ #22025]","To":"Florian Weimer , libc-alpha@sourceware.org","References":"<50ea6b93-b58a-fdad-c178-a188ff6b6728@redhat.com>\n\t\n\t<9cbc4ce7-4660-8c56-3db9-ca5c4cf2ab41@redhat.com>\n\t<4a93dbf8-e4db-5ab1-43d6-1c52e3bb38a8@redhat.com>","From":"Carlos O'Donell ","Message-ID":"<0d2e7f12-c5e2-32f6-2192-d8682b805646@redhat.com>","Date":"Tue, 29 Aug 2017 10:27:22 -0400","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101\n\tThunderbird/52.2.1","MIME-Version":"1.0","In-Reply-To":"<4a93dbf8-e4db-5ab1-43d6-1c52e3bb38a8@redhat.com>","Content-Type":"text/plain; charset=utf-8","Content-Transfer-Encoding":"7bit"}},{"id":1759416,"web_url":"http://patchwork.ozlabs.org/comment/1759416/","msgid":"<92b4bf3d-5965-568c-ffd3-e014bafb2d12@redhat.com>","list_archive_url":null,"date":"2017-08-29T14:55:02","subject":"Re: [PATCH] Mangle NULL pointers in iconv/gconv [BZ #22025]","submitter":{"id":14312,"url":"http://patchwork.ozlabs.org/api/people/14312/","name":"Florian Weimer","email":"fweimer@redhat.com"},"content":"On 08/29/2017 03:52 PM, Andreas Schwab wrote:\n> On Aug 29 2017, Florian Weimer wrote:\n> \n>> diff --git a/iconv/gconv_db.c b/iconv/gconv_db.c\n>> index 7893fadba1..b748467de5 100644\n>> --- a/iconv/gconv_db.c\n>> +++ b/iconv/gconv_db.c\n>> @@ -179,16 +179,15 @@ free_derivation (void *p)\n>> size_t cnt;\n>> \n>> for (cnt = 0; cnt < deriv->nsteps; ++cnt)\n>> - if (deriv->steps[cnt].__counter > 0\n>> -\t&& deriv->steps[cnt].__end_fct != NULL)\n>> + if ((deriv->steps[cnt].__counter > 0)\n>> +\t&& (deriv->steps[cnt].__shlib_handle != NULL))\n> \n> Please remove the redundant parens.\n> \n>> @@ -332,8 +325,7 @@ gen_steps (struct derivation_step *best, const char *toset,\n>> \t\t }\n>> \n>> # ifdef PTR_MANGLE\n>> -\t\t if (result[step_cnt].__btowc_fct != NULL)\n>> -\t\t PTR_MANGLE (result[step_cnt].__btowc_fct);\n>> +\t\t PTR_MANGLE (result[step_cnt].__btowc_fct);\n>> # endif\n> \n> That needs to be mangled even if there is no init_fct.\n\nThanks. I'm attaching a patch to fix this. Okay?\n\nFlorian\niconv: Mangle __btowc_fct even without __init_fct [BZ #22025]\n\n2017-08-29 Florian Weimer \n\n\t[BZ #22025]\n\t* iconv/gconv_db.c (free_derivation): Remove redundant\n\tparentheses.\n\t(gen_steps): Unconditionally mangle __btowc_fct after\n\tinitialization.\n\t(increment_counter): Likewise. Do not call init_fct for internal\n\tmodules.\n\ndiff --git a/iconv/gconv_db.c b/iconv/gconv_db.c\nindex b748467de5..7a95aeaeac 100644\n--- a/iconv/gconv_db.c\n+++ b/iconv/gconv_db.c\n@@ -179,8 +179,8 @@ free_derivation (void *p)\n size_t cnt;\n \n for (cnt = 0; cnt < deriv->nsteps; ++cnt)\n- if ((deriv->steps[cnt].__counter > 0)\n-\t&& (deriv->steps[cnt].__shlib_handle != NULL))\n+ if (deriv->steps[cnt].__counter > 0\n+\t&& deriv->steps[cnt].__shlib_handle != NULL)\n {\n \t__gconv_end_fct end_fct = deriv->steps[cnt].__end_fct;\n #ifdef PTR_DEMANGLE\n@@ -323,11 +323,10 @@ gen_steps (struct derivation_step *best, const char *toset,\n \t\t result[step_cnt].__end_fct = NULL;\n \t\t break;\n \t\t }\n-\n+\t\t}\n # ifdef PTR_MANGLE\n-\t\t PTR_MANGLE (result[step_cnt].__btowc_fct);\n+\t PTR_MANGLE (result[step_cnt].__btowc_fct);\n # endif\n-\t\t}\n \t }\n \t else\n #endif\n@@ -403,16 +402,14 @@ increment_counter (struct __gconv_step *steps, size_t nsteps)\n \n \t /* These settings can be overridden by the init function. */\n \t step->__btowc_fct = NULL;\n-\t }\n \n-\t /* Call the init function. */\n-\t __gconv_init_fct init_fct = step->__init_fct;\n+\t /* Call the init function. */\n+\t __gconv_init_fct init_fct = step->__init_fct;\n #ifdef PTR_DEMANGLE\n-\t PTR_DEMANGLE (init_fct);\n+\t PTR_DEMANGLE (init_fct);\n #endif\n-\t if (init_fct != NULL)\n-\t {\n-\t DL_CALL_FCT (init_fct, (step));\n+\t if (init_fct != NULL)\n+\t\tDL_CALL_FCT (init_fct, (step));\n \n #ifdef PTR_MANGLE\n \t PTR_MANGLE (step->__btowc_fct);","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","mailing list libc-alpha@sourceware.org"],"Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=sourceware.org\n\t(client-ip=209.132.180.131; helo=sourceware.org;\n\tenvelope-from=libc-alpha-return-83829-incoming=patchwork.ozlabs.org@sourceware.org;\n\treceiver=)","ozlabs.org; dkim=pass (1024-bit key;\n\tsecure) header.d=sourceware.org header.i=@sourceware.org\n\theader.b=\"Qif88kpl\"; dkim-atps=neutral","sourceware.org; auth=none","ext-mx01.extmail.prod.ext.phx2.redhat.com;\n\tdmarc=none (p=none dis=none) header.from=redhat.com","ext-mx01.extmail.prod.ext.phx2.redhat.com;\n\tspf=fail smtp.mailfrom=fweimer@redhat.com"],"Received":["from sourceware.org (server1.sourceware.org [209.132.180.131])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xhWs96MS2z9t38\n\tfor ;\n\tWed, 30 Aug 2017 00:55:25 +1000 (AEST)","(qmail 13236 invoked by alias); 29 Aug 2017 14:55:19 -0000","(qmail 13225 invoked by uid 89); 29 Aug 2017 14:55:18 -0000"],"DomainKey-Signature":"a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id\n\t:list-unsubscribe:list-subscribe:list-archive:list-post\n\t:list-help:sender:subject:to:cc:references:from:message-id:date\n\t:mime-version:in-reply-to:content-type; q=dns; s=default; b=m52B\n\t9QNGtv0rQUlOikTfNcX7Ar+vvZty7weGnz4XG6bUqrYA0u+BOMLmVHgdgTkgbFZI\n\tlV8y6l4Try8GPSZhUCKevycmupwEWVNFvuW0G09144kXQSnAtQE1QgI3/FDqSUmg\n\tLh1bEtgvjeZSQlIwibk2vqb9roRl+g6ZRpZJark=","DKIM-Signature":"v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id\n\t:list-unsubscribe:list-subscribe:list-archive:list-post\n\t:list-help:sender:subject:to:cc:references:from:message-id:date\n\t:mime-version:in-reply-to:content-type; s=default; bh=FGKN8k26Gy\n\tDljxPEs1O/P17RVXo=; b=Qif88kplUecUQ1vBM5k2aqIgv2vWlusDO73ZNSS/wm\n\tGVql/uRJ85DJg/YXIr9JS3c3FIo1GucAn10mKc9gq5rQdgQIaRzXDUKsDPxuqYPw\n\taaJEcF2l8873DNMdb7/rKp2bt7lnAGIywgUkVdUSFA1WbsxgrYRWbMf/HKQiCQSQ\n\to=","Mailing-List":"contact libc-alpha-help@sourceware.org; run by ezmlm","Precedence":"bulk","List-Id":"","List-Unsubscribe":"","List-Subscribe":"","List-Archive":"","List-Post":"","List-Help":",\n\t","Sender":"libc-alpha-owner@sourceware.org","X-Virus-Found":"No","X-Spam-SWARE-Status":"No, score=-26.9 required=5.0 tests=BAYES_00, GIT_PATCH_0,\n\tGIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RP_MATCHES_RCVD,\n\tSPF_HELO_PASS autolearn=ham version=3.3.2 spammy=","X-HELO":"mx1.redhat.com","DMARC-Filter":"OpenDMARC Filter v1.3.2 mx1.redhat.com 41AFA81E0B","Subject":"Re: [PATCH] Mangle NULL pointers in iconv/gconv [BZ #22025]","To":"Andreas Schwab ","Cc":"GNU C Library ,\n\tPatsy Franklin , Jeff Law ","References":"<50ea6b93-b58a-fdad-c178-a188ff6b6728@redhat.com>\n\t","From":"Florian Weimer ","Message-ID":"<92b4bf3d-5965-568c-ffd3-e014bafb2d12@redhat.com>","Date":"Tue, 29 Aug 2017 16:55:02 +0200","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101\n\tThunderbird/52.2.1","MIME-Version":"1.0","In-Reply-To":"","Content-Type":"multipart/mixed;\n\tboundary=\"------------2F6A22988DB9B81BBFC759B2\""}},{"id":1759425,"web_url":"http://patchwork.ozlabs.org/comment/1759425/","msgid":"","list_archive_url":null,"date":"2017-08-29T15:02:48","subject":"Re: [PATCH] Mangle NULL pointers in iconv/gconv [BZ #22025]","submitter":{"id":37,"url":"http://patchwork.ozlabs.org/api/people/37/","name":"Andreas Schwab","email":"schwab@suse.de"},"content":"Ok.\n\nAndreas.","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","mailing list libc-alpha@sourceware.org"],"Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=sourceware.org\n\t(client-ip=209.132.180.131; helo=sourceware.org;\n\tenvelope-from=libc-alpha-return-83832-incoming=patchwork.ozlabs.org@sourceware.org;\n\treceiver=)","ozlabs.org; dkim=pass (1024-bit key;\n\tsecure) header.d=sourceware.org header.i=@sourceware.org\n\theader.b=\"tIRJvEkI\"; dkim-atps=neutral","sourceware.org; auth=none"],"Received":["from sourceware.org (server1.sourceware.org [209.132.180.131])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xhX235pY0z9sRV\n\tfor ;\n\tWed, 30 Aug 2017 01:03:07 +1000 (AEST)","(qmail 70894 invoked by alias); 29 Aug 2017 15:03:02 -0000","(qmail 70880 invoked by uid 89); 29 Aug 2017 15:03:01 -0000"],"DomainKey-Signature":"a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id\n\t:list-unsubscribe:list-subscribe:list-archive:list-post\n\t:list-help:sender:from:to:cc:subject:references:date:in-reply-to\n\t:message-id:mime-version:content-type; q=dns; s=default; b=RWH0M\n\t6yaTgeD4TqwVXPww1MPAxDVdk0ZwuZ0a9mPqGXyj6Mpa3IH5jBcf+rMiAsQxkEwM\n\tJqqqRZjEYZwJj1CNmomGAYYTH6weP3v3NNoe1L6dp8HKji5X/BJikvyCNZpbb/um\n\tcqDjduLwjSQ3l6KTcxu6MIMTUPWlzxz2vizf7E=","DKIM-Signature":"v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id\n\t:list-unsubscribe:list-subscribe:list-archive:list-post\n\t:list-help:sender:from:to:cc:subject:references:date:in-reply-to\n\t:message-id:mime-version:content-type; s=default; bh=GyRguP8W03B\n\tHwJUoBThyC9lyAK4=; b=tIRJvEkIs+/3aiBho2wv0NuYqsTc+kBnXH80WLNDFwR\n\t+yKc1ng2kplyL+Dq8wUE4jMthmgDlOAXWful/hLSsyjBAtD0Ztdt3XTJQpTh5L5g\n\t/iiGLAu55IiETE5i5Z5+xngK9T5/1dLyjBO7mbaienoDZhphIhX5O+YuKKL2t09A\n\t=","Mailing-List":"contact libc-alpha-help@sourceware.org; run by ezmlm","Precedence":"bulk","List-Id":"","List-Unsubscribe":"","List-Subscribe":"","List-Archive":"","List-Post":"","List-Help":",\n\t","Sender":"libc-alpha-owner@sourceware.org","X-Virus-Found":"No","X-Spam-SWARE-Status":"No, score=-1.9 required=5.0 tests=BAYES_00,\n\tRP_MATCHES_RCVD,\n\tSPF_PASS autolearn=ham version=3.3.2 spammy=Hx-languages-length:239","X-HELO":"mx1.suse.de","From":"Andreas Schwab ","To":"Florian Weimer ","Cc":"GNU C Library ,\n\tPatsy Franklin , Jeff Law ","Subject":"Re: [PATCH] Mangle NULL pointers in iconv/gconv [BZ #22025]","References":"<50ea6b93-b58a-fdad-c178-a188ff6b6728@redhat.com>\n\t\n\t<92b4bf3d-5965-568c-ffd3-e014bafb2d12@redhat.com>","X-Yow":"Sorry, wrong ZIP CODE!!","Date":"Tue, 29 Aug 2017 17:02:48 +0200","In-Reply-To":"<92b4bf3d-5965-568c-ffd3-e014bafb2d12@redhat.com> (Florian\n\tWeimer's message of \"Tue, 29 Aug 2017 16:55:02 +0200\")","Message-ID":"","User-Agent":"Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)","MIME-Version":"1.0","Content-Type":"text/plain"}}]