newlocale: fix crash when trying to write to __C_locale

This simple testcase: locale_t st = newlocale(LC_ALL_MASK, "C", (locale_t)0); locale_t st2 = newlocale(LC_CTYPE_MASK, "en_US.UTF-8", st); is sufficient to reproduce a crash in _newlocale_r. After the first call to newlocale, `st' points to __C_locale, which is const. When using `st' as locale base in the second call, _newlocale_r tries to set pointers inside base to NULL. This is bad if base is __C_locale, obviously. Add a test to avoid trying to overwrite pointer values inside base if base is __C_locale. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2022-08-11 19:27:48 +02:00 · 2022-08-11 19:27:48 +02:00 · 85be74f295
parent bf1d972d5c
commit 85be74f295
2 changed files with 5 additions and 1 deletions
--- a/newlib/libc/locale/newlocale.c
+++ b/newlib/libc/locale/newlocale.c
@ -188,7 +188,8 @@ _newlocale_r (struct _reent *p, int category_mask, const char *locale,
 	if (tmp_locale.lc_cat[i].buf == (const void *) -1)
 	  {
 	    tmp_locale.lc_cat[i].buf = base->lc_cat[i].buf;
-	    base->lc_cat[i].ptr = base->lc_cat[i].buf = NULL;
+	    if (base != __get_C_locale ())
+	      base->lc_cat[i].ptr = base->lc_cat[i].buf = NULL;
 	  }
 #endif /* __HAVE_LOCALE_INFO__ */
      _freelocale_r (p, base);
--- a/winsup/cygwin/release/3.3.6
+++ b/winsup/cygwin/release/3.3.6
@ -39,3 +39,6 @@ Bug Fixes
 - Fix a path handling bug that could cause a non-existing file to be
  treated as the current directory.
  Addresses: https://cygwin.com/pipermail/cygwin/2022-August/252030.html
+
+- Fix a crash in newlocale.
+  Addresses: https://cygwin.com/pipermail/cygwin/2022-August/252043.html