aboutsummaryrefslogtreecommitdiff
path: root/iconv/gconv_db.c
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2017-08-29 17:33:58 +0200
committerFlorian Weimer <fweimer@redhat.com>2017-08-29 17:33:58 +0200
commit251bccfa1fcb3568e43546b0df33e052889406c1 (patch)
tree29c7966c2fc0ee4fba8cbf1ddf42123a71b0716e /iconv/gconv_db.c
parente7c18b9d0aacb02f9d6edffdf4d1e26a54fbfb84 (diff)
downloadglibc-251bccfa1fcb3568e43546b0df33e052889406c1.zip
glibc-251bccfa1fcb3568e43546b0df33e052889406c1.tar.gz
glibc-251bccfa1fcb3568e43546b0df33e052889406c1.tar.bz2
iconv_open: Fix heap corruption on gconv_init failure [BZ #22026]
Also mangle the __end_fct function pointer on the error handling path.
Diffstat (limited to 'iconv/gconv_db.c')
-rw-r--r--iconv/gconv_db.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/iconv/gconv_db.c b/iconv/gconv_db.c
index 7a95aea..96f0871 100644
--- a/iconv/gconv_db.c
+++ b/iconv/gconv_db.c
@@ -318,9 +318,14 @@ gen_steps (struct derivation_step *best, const char *toset,
if (__builtin_expect (status, __GCONV_OK) != __GCONV_OK)
{
failed = 1;
- /* Make sure we unload this modules. */
- --step_cnt;
+ /* Do not call the end function because the init
+ function has failed. */
result[step_cnt].__end_fct = NULL;
+# ifdef PTR_MANGLE
+ PTR_MANGLE (result[step_cnt].__end_fct);
+# endif
+ /* Make sure we unload this module. */
+ --step_cnt;
break;
}
}