newlocale: fix crash when trying to write to __C_locale
This simple testcase: locale_t st = newlocale(LC_ALL_MASK, "C", (locale_t)0); locale_t st2 = newlocale(LC_CTYPE_MASK, "en_US.UTF-8", st); is sufficient to reproduce a crash in _newlocale_r. After the first call to newlocale, `st' points to __C_locale, which is const. When using `st' as locale base in the second call, _newlocale_r tries to set pointers inside base to NULL. This is bad if base is __C_locale, obviously. Add a test to avoid trying to overwrite pointer values inside base if base is __C_locale. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen
parent
bf1d972d5c
commit
85be74f295
|
|
@ -188,7 +188,8 @@ _newlocale_r (struct _reent *p, int category_mask, const char *locale,
|
||||||
if (tmp_locale.lc_cat[i].buf == (const void *) -1)
|
if (tmp_locale.lc_cat[i].buf == (const void *) -1)
|
||||||
{
|
{
|
||||||
tmp_locale.lc_cat[i].buf = base->lc_cat[i].buf;
|
tmp_locale.lc_cat[i].buf = base->lc_cat[i].buf;
|
||||||
base->lc_cat[i].ptr = base->lc_cat[i].buf = NULL;
|
if (base != __get_C_locale ())
|
||||||
|
base->lc_cat[i].ptr = base->lc_cat[i].buf = NULL;
|
||||||
}
|
}
|
||||||
#endif /* __HAVE_LOCALE_INFO__ */
|
#endif /* __HAVE_LOCALE_INFO__ */
|
||||||
_freelocale_r (p, base);
|
_freelocale_r (p, base);
|
||||||
|
|
|
||||||
|
|
@ -39,3 +39,6 @@ Bug Fixes
|
||||||
- Fix a path handling bug that could cause a non-existing file to be
|
- Fix a path handling bug that could cause a non-existing file to be
|
||||||
treated as the current directory.
|
treated as the current directory.
|
||||||
Addresses: https://cygwin.com/pipermail/cygwin/2022-August/252030.html
|
Addresses: https://cygwin.com/pipermail/cygwin/2022-August/252030.html
|
||||||
|
|
||||||
|
- Fix a crash in newlocale.
|
||||||
|
Addresses: https://cygwin.com/pipermail/cygwin/2022-August/252043.html
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue