diff options
author | Corinna Vinschen <corinna@vinschen.de> | 2022-08-11 19:27:48 +0200 |
---|---|---|
committer | Corinna Vinschen <corinna@vinschen.de> | 2022-08-12 12:29:41 +0200 |
commit | b612db5b14728214ca09355af5d1490df2fa1c2f (patch) | |
tree | db1184a898782edcc5f696bc21b57c849ff0f27c | |
parent | 55eb8b193f9f6e7b8733bf83c9f7f9d2818c67d3 (diff) | |
download | newlib-b612db5b14728214ca09355af5d1490df2fa1c2f.zip newlib-b612db5b14728214ca09355af5d1490df2fa1c2f.tar.gz newlib-b612db5b14728214ca09355af5d1490df2fa1c2f.tar.bz2 |
newlocale: fix crash when trying to write to __C_localecygwin-3_3_6-release
This simple testcase:
locale_t st = newlocale(LC_ALL_MASK, "C", (locale_t)0);
locale_t st2 = newlocale(LC_CTYPE_MASK, "en_US.UTF-8", st);
is sufficient to reproduce a crash in _newlocale_r. After the first call
to newlocale, `st' points to __C_locale, which is const. When using `st'
as locale base in the second call, _newlocale_r tries to set pointers
inside base to NULL. This is bad if base is __C_locale, obviously.
Add a test to avoid trying to overwrite pointer values inside base if
base is __C_locale.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
-rw-r--r-- | newlib/libc/locale/newlocale.c | 3 | ||||
-rw-r--r-- | winsup/cygwin/release/3.3.6 | 3 |
2 files changed, 5 insertions, 1 deletions
diff --git a/newlib/libc/locale/newlocale.c b/newlib/libc/locale/newlocale.c index 0789d5fd..08f29db 100644 --- a/newlib/libc/locale/newlocale.c +++ b/newlib/libc/locale/newlocale.c @@ -188,7 +188,8 @@ _newlocale_r (struct _reent *p, int category_mask, const char *locale, if (tmp_locale.lc_cat[i].buf == (const void *) -1) { tmp_locale.lc_cat[i].buf = base->lc_cat[i].buf; - base->lc_cat[i].ptr = base->lc_cat[i].buf = NULL; + if (base != __get_C_locale ()) + base->lc_cat[i].ptr = base->lc_cat[i].buf = NULL; } #endif /* __HAVE_LOCALE_INFO__ */ _freelocale_r (p, base); diff --git a/winsup/cygwin/release/3.3.6 b/winsup/cygwin/release/3.3.6 index 364e0cb..1da4fa2 100644 --- a/winsup/cygwin/release/3.3.6 +++ b/winsup/cygwin/release/3.3.6 @@ -39,3 +39,6 @@ Bug Fixes - Fix a path handling bug that could cause a non-existing file to be treated as the current directory. Addresses: https://cygwin.com/pipermail/cygwin/2022-August/252030.html + +- Fix a crash in newlocale. + Addresses: https://cygwin.com/pipermail/cygwin/2022-August/252043.html |