{"id":2230324,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2230324/?format=json","web_url":"http://patchwork.ozlabs.org/project/glibc/patch/20260429145934.278803-3-fberat@redhat.com/","project":{"id":41,"url":"http://patchwork.ozlabs.org/api/1.1/projects/41/?format=json","name":"GNU C Library","link_name":"glibc","list_id":"libc-alpha.sourceware.org","list_email":"libc-alpha@sourceware.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260429145934.278803-3-fberat@redhat.com>","date":"2026-04-29T14:59:34","name":"[2/2] wcsmbs: Add gconv module ref counter overflow test","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"ce3d71b7d0ca2af12152224c2a57c7bdc3d6d7b1","submitter":{"id":84672,"url":"http://patchwork.ozlabs.org/api/1.1/people/84672/?format=json","name":"Frédéric Bérat","email":"fberat@redhat.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/glibc/patch/20260429145934.278803-3-fberat@redhat.com/mbox/","series":[{"id":502092,"url":"http://patchwork.ozlabs.org/api/1.1/series/502092/?format=json","web_url":"http://patchwork.ozlabs.org/project/glibc/list/?series=502092","date":"2026-04-29T14:59:33","name":"Fix gconv reference count overflow in swscanf","version":1,"mbox":"http://patchwork.ozlabs.org/series/502092/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2230324/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2230324/checks/","tags":{},"headers":{"Return-Path":"<libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org>","X-Original-To":["incoming@patchwork.ozlabs.org","libc-alpha@sourceware.org"],"Delivered-To":["patchwork-incoming@legolas.ozlabs.org","libc-alpha@sourceware.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=I9FW8C+E;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org\n (client-ip=38.145.34.32; helo=vm01.sourceware.org;\n envelope-from=libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org;\n receiver=patchwork.ozlabs.org)","sourceware.org;\n\tdkim=pass (1024-bit key,\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=I9FW8C+E","sourceware.org; dmarc=pass (p=quarantine dis=none)\n header.from=redhat.com","sourceware.org; spf=pass smtp.mailfrom=redhat.com","server2.sourceware.org;\n arc=none smtp.remote-ip=170.10.129.124"],"Received":["from vm01.sourceware.org (vm01.sourceware.org [38.145.34.32])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g5L9L6kXgz1yK5\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 30 Apr 2026 01:01:26 +1000 (AEST)","from vm01.sourceware.org (localhost [127.0.0.1])\n\tby sourceware.org (Postfix) with ESMTP id 24B754BAE7FD\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2026 15:01:25 +0000 (GMT)","from us-smtp-delivery-124.mimecast.com\n (us-smtp-delivery-124.mimecast.com [170.10.129.124])\n by sourceware.org (Postfix) with ESMTP id 2A7714BA23C2\n for <libc-alpha@sourceware.org>; Wed, 29 Apr 2026 14:59:52 +0000 (GMT)","from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com\n (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by\n relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,\n cipher=TLS_AES_256_GCM_SHA384) id us-mta-441-VNW6TWxBO_me0rZzY0i5xA-1; Wed,\n 29 Apr 2026 10:59:47 -0400","from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com\n (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS\n id C8BC7180060C; Wed, 29 Apr 2026 14:59:46 +0000 (UTC)","from Nymeria-redhat.redhat.com (unknown [10.44.32.149])\n by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with\n ESMTPS\n id 3213B1800348; Wed, 29 Apr 2026 14:59:44 +0000 (UTC)"],"DKIM-Filter":["OpenDKIM Filter v2.11.0 sourceware.org 24B754BAE7FD","OpenDKIM Filter v2.11.0 sourceware.org 2A7714BA23C2"],"DMARC-Filter":"OpenDMARC Filter v1.4.2 sourceware.org 2A7714BA23C2","ARC-Filter":"OpenARC Filter v1.0.0 sourceware.org 2A7714BA23C2","ARC-Seal":"i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1777474792; cv=none;\n b=Awvx7X9qPP6VrFjhZHLAF+Uugq82ton32veaB++Py8sSscUK5YM6CKPgv3CZx8C7aYC33CjEyfqGy/836dj/EG6kO5sfCMm/DGVdIDkdPuWioTrlN6huYVzrf30KMVyCGM+KCLL1T+7rIx5lZg6KrGgmQtd18wfU+3KXstl0tJ4=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=sourceware.org; s=key;\n t=1777474792; c=relaxed/simple;\n bh=fO4CQJrV00KIcoP6v4dnLXaLUhMMon3LQY/Yf7NQ7b0=;\n h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;\n b=uOqT2tuIn4OWqGiNnxc4XlL07UNX7gTFWYX1LxeTz9yVyEaNwfRN78MYcBZW2uXVjWhs3vTXqAqksS1xmAX58V6i0XSh/B/hVmxlzzS1XgeqMXHi7sQSw8pgf+J9tCBPBuBufbJ41kg6jUbV0ybKxNc8O5p8H63JmFDDrSrn3Ow=","ARC-Authentication-Results":"i=1; server2.sourceware.org","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n s=mimecast20190719; t=1777474791;\n h=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n to:to:cc:mime-version:mime-version:content-type:content-type:\n content-transfer-encoding:content-transfer-encoding:\n in-reply-to:in-reply-to:references:references;\n bh=xuaY+eeHNFAAd8kRQK6GH0Mj7YEQns7r6yuC35b7zbA=;\n b=I9FW8C+E4LDJA1j9eDoe4HhK3WLAuP1K3Kwn1LzITnJLstBsP5sgClHjIf9vkRzoYZ0rc8\n FcXqGEi+yzarXs7x+V4urskygMuCVaxZXwWIDqrCNPJkim0Vs5s0XByHWrY/87VsQLq0BP\n DYC3pQ+X307LoNlEqB9ES2awuFsLRAY=","X-MC-Unique":"VNW6TWxBO_me0rZzY0i5xA-1","X-Mimecast-MFC-AGG-ID":"VNW6TWxBO_me0rZzY0i5xA_1777474786","From":"=?utf-8?b?RnLDqWTDqXJpYyBCw6lyYXQ=?= <fberat@redhat.com>","To":"libc-alpha@sourceware.org, dj@redhat.com, fweimer@redhat.com,\n adhemerval.zanella@linaro.org","Subject":"[PATCH 2/2] wcsmbs: Add gconv module ref counter overflow test","Date":"Wed, 29 Apr 2026 16:59:34 +0200","Message-ID":"<20260429145934.278803-3-fberat@redhat.com>","In-Reply-To":"<20260429145934.278803-1-fberat@redhat.com>","References":"<20260429145934.278803-1-fberat@redhat.com>","MIME-Version":"1.0","X-Scanned-By":"MIMEDefang 3.4.1 on 10.30.177.93","X-Mimecast-Spam-Score":"0","X-Mimecast-MFC-PROC-ID":"VHjiVKT9pxQ16ieTF4zfA5pGGHWjcZuh0bguDWihTIY_1777474786","X-Mimecast-Originator":"redhat.com","Content-Transfer-Encoding":"8bit","content-type":"text/plain; charset=\"US-ASCII\"; x-default=true","X-BeenThere":"libc-alpha@sourceware.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Libc-alpha mailing list <libc-alpha.sourceware.org>","List-Unsubscribe":"<https://sourceware.org/mailman/options/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>","List-Archive":"<https://sourceware.org/pipermail/libc-alpha/>","List-Post":"<mailto:libc-alpha@sourceware.org>","List-Help":"<mailto:libc-alpha-request@sourceware.org?subject=help>","List-Subscribe":"<https://sourceware.org/mailman/listinfo/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=subscribe>","Errors-To":"libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org"},"content":"Adds a new xtest, tst-wcsmbs-clone-overflow, to detect reference count\nleaks in gconv modules.\n\nThe test specifically targets an issue where functions like swscanf\ntrigger __wcsmbs_clone_conv without a corresponding release when\nprocessing wide character strings from stack-allocated buffers. This\nresults in a leaked reference count for the gconv module.\n\nThe test performs 0x80000000 iterations to ensure a 32-bit signed\ninteger reference counter overflows, thus reliably reproducing and\nverifying the leak. It is marked as an xtest due to its long runtime.\n\nAssisted-by: LLM\n---\n wcsmbs/Makefile                    |  3 +-\n wcsmbs/tst-wcsmbs-clone-overflow.c | 50 ++++++++++++++++++++++++++++++\n 2 files changed, 52 insertions(+), 1 deletion(-)\n create mode 100644 wcsmbs/tst-wcsmbs-clone-overflow.c","diff":"diff --git a/wcsmbs/Makefile b/wcsmbs/Makefile\nindex 849a47971e..e9db577220 100644\n--- a/wcsmbs/Makefile\n+++ b/wcsmbs/Makefile\n@@ -208,7 +208,7 @@ tests := \\\n   # tests\n \n # This test runs for a long time.\n-xtests += test-wcsncmp-nonarray\n+xtests += test-wcsncmp-nonarray tst-wcsmbs-clone-overflow\n \n \n include ../Rules\n@@ -241,6 +241,7 @@ $(objpfx)tst-c32-state.out: $(gen-locales)\n $(objpfx)test-c8rtomb.out: $(gen-locales)\n $(objpfx)test-mbrtoc8.out: $(gen-locales)\n $(objpfx)tst-wscanf-to_inpunct.out: $(gen-locales)\n+$(objpfx)tst-wcsmbs-clone-overflow.out: $(gen-locales)\n endif\n \n $(objpfx)tst-wcstod-round: $(libm)\ndiff --git a/wcsmbs/tst-wcsmbs-clone-overflow.c b/wcsmbs/tst-wcsmbs-clone-overflow.c\nnew file mode 100644\nindex 0000000000..a6f0a25685\n--- /dev/null\n+++ b/wcsmbs/tst-wcsmbs-clone-overflow.c\n@@ -0,0 +1,50 @@\n+/* Test for gconv module reference counter overflow.\n+   Copyright (C) 2026 Free Software Foundation, Inc.\n+   This file is part of the GNU C Library.\n+\n+   The GNU C Library is free software; you can redistribute it and/or\n+   modify it under the terms of the GNU Lesser General Public\n+   License as published by the Free Software Foundation; either\n+   version 2.1 of the License, or (at your option) any later version.\n+\n+   The GNU C Library is distributed in the hope that it will be useful,\n+   but WITHOUT ANY WARRANTY; without even the implied warranty of\n+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n+   Lesser General Public License for more details.\n+\n+   You should have received a copy of the GNU Lesser General Public\n+   License along with the GNU C Library; if not, see\n+   <https://www.gnu.org/licenses/>.  */\n+\n+#include <stdio.h>\n+#include <wchar.h>\n+#include <locale.h>\n+#include <support/check.h>\n+#include <support/support.h>\n+\n+static int\n+do_test (int argc, char **argv)\n+{\n+  if (setlocale (LC_ALL, \"de_DE.ISO-8859-1\") == NULL)\n+    FAIL_EXIT1 (\"setlocale failed, check if de_DE.ISO-8859-1 is generated\");\n+\n+  /* The reproduction loop. 0x80000000 iterations are required to overflow\n+     a 32-bit signed integer. This typically takes 3-5 minutes.  */\n+  wchar_t buf[32] = L\"123\";\n+  int j;\n+  for (long long i = 0; i < 0x80000000LL; i++)\n+    {\n+      /* swscanf on a stack-allocated buffer triggers __wcsmbs_clone_conv\n+         without a corresponding release, leaking a reference count.  */\n+      if (swscanf (buf, L\"%d\", &j) < 1)\n+        FAIL_EXIT1 (\"swscanf failed at iteration %lld\", i);\n+      /* Prevent compiler from optimizing the loop away. */\n+      __asm__ volatile (\"\" : : \"g\" (j) : \"memory\");\n+    }\n+\n+  return 0;\n+}\n+\n+/* This test is slow because it requires billions of iterations.  */\n+#define TIMEOUT 600\n+#include \"../test-skeleton.c\"\n","prefixes":["2/2"]}