This is the mail archive of the libc-alpha@sourceware.cygnus.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

one more gettext crash

To: libc-alpha at sourceware dot cygnus dot com
Subject: one more gettext crash
From: Bruno Haible <haible at ilog dot fr>
Date: Fri, 5 May 2000 15:28:14 +0200 (MET DST)


This fixes a crash of "zic" during glibc's "make install", caused by memory
corruption: The return value of tsearch is normally a malloc'ed pointer,
such that
             newp == *foundp
but
             &newp != foundp

The code
             if (&newp != foundp)
               free (newp);
would therefore cause newp to be freed although it is still in use.


2000-05-05  Bruno Haible  <haible@clisp.cons.org>

	* intl/dcigettext.c (dcigettext): Fix interpretation of tsearch
	return value.

*** intl/dcigettext.c.bak	Thu May  4 12:53:41 2000
--- intl/dcigettext.c	Fri May  5 11:05:53 2000
***************
*** 607,613 ****
  		      /* Insert the entry in the search tree.  */
  		      foundp = (struct known_translation_t **)
  			tsearch (newp, &root, transcmp);
! 		      if (__builtin_expect (&newp != foundp, 0))
  			/* The insert failed.  */
  			free (newp);
  		    }
--- 607,614 ----
  		      /* Insert the entry in the search tree.  */
  		      foundp = (struct known_translation_t **)
  			tsearch (newp, &root, transcmp);
! 		      if (foundp == NULL
! 			  || __builtin_expect (*foundp != newp, 0))
  			/* The insert failed.  */
  			free (newp);
  		    }

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]