This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug locale/22027] New: iconv_open: assertion failure if a gconv module does not define a gconv function
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 29 Aug 2017 13:25:54 +0000
- Subject: [Bug locale/22027] New: iconv_open: assertion failure if a gconv module does not define a gconv function
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=22027
Bug ID: 22027
Summary: iconv_open: assertion failure if a gconv module does
not define a gconv function
Product: glibc
Version: 2.26
Status: NEW
Severity: normal
Priority: P2
Component: locale
Assignee: unassigned at sourceware dot org
Reporter: fweimer at redhat dot com
Target Milestone: ---
Flags: security-
Without a gconv function, we execute an error handling path which is not
prepared to deal with the inconsistency:
tst-gconv-init-failure: gconv_dl.c:171: do_release_shlib: Assertion
`obj->counter > 0' failed.
Backtrace:
#4 0x00007ffff7a3b6fc in do_release_shlib (nodep=<optimized out>,
value=<optimized out>, level=<optimized out>) at gconv_dl.c:171
#5 0x00007ffff7a3b8ca in __gconv_find_shlib (name=<optimized out>) at
gconv_dl.c:124
#6 0x00007ffff7a32de5 in gen_steps (toset=0x604898 "ISO-10646/UTF8/",
nsteps=0x7fffffffd908, handle=0x7fffffffd900,
fromset=0x7fffffffd950 "TST-GCONV-INIT-FAILURE//", best=<optimized out>) at
gconv_db.c:291
#7 find_derivation (toset=toset@entry=0x7fffffffd980 "UTF-8//",
toset_expand=toset_expand@entry=0x604898 "ISO-10646/UTF8/",
fromset=fromset@entry=0x7fffffffd950 "TST-GCONV-INIT-FAILURE//",
fromset_expand=<optimized out>,
handle=handle@entry=0x7fffffffd900, nsteps=nsteps@entry=0x7fffffffd908) at
gconv_db.c:676
#8 0x00007ffff7a33431 in __gconv_find_transform
(toset=toset@entry=0x7fffffffd980 "UTF-8//",
fromset=fromset@entry=0x7fffffffd950 "TST-GCONV-INIT-FAILURE//",
handle=handle@entry=0x7fffffffd900,
nsteps=nsteps@entry=0x7fffffffd908, flags=flags@entry=0) at gconv_db.c:777
#9 0x00007ffff7a31f66 in __gconv_open (toset=toset@entry=0x7fffffffd980
"UTF-8//",
fromset=fromset@entry=0x7fffffffd950 "TST-GCONV-INIT-FAILURE//",
handle=handle@entry=0x7fffffffd9b8, flags=flags@entry=0)
at gconv_open.c:110
#10 0x00007ffff7a31a16 in iconv_open (tocode=0x7fffffffd980 "UTF-8//",
tocode@entry=0x402275 "UTF-8",
fromcode=0x7fffffffd950 "TST-GCONV-INIT-FAILURE//", fromcode@entry=0x40225c
"tst-gconv-init-failure//") at iconv_open.c:71
Error handling code:
found->fct = __libc_dlsym (found->handle, "gconv");
if (found->fct == NULL)
{
/* Argh, no conversion function. There is something
wrong here. */
__gconv_release_shlib (found);
found = NULL;
}
We probably need to set found->counter to 1 before calling
__gconv_release_shlib, or deallocate the half-initialized object in a different
manner.
--
You are receiving this mail because:
You are on the CC list for the bug.