help-libidn
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Fix for invalid read of size 4 in idna_to_ascii_4z


From: Simon Josefsson
Subject: Re: [PATCH] Fix for invalid read of size 4 in idna_to_ascii_4z
Date: Mon, 08 Jun 2015 23:53:53 +0200
User-agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/24.4 (gnu/linux)

Alessandro Ghedini <address@hidden> writes:

> Hello,
>
> this bug was originally reported at [0], but then closed because it isn't
> libidn's fault. However, I was able to make a little modification to libidn
> that fixed the problem for me.
>
> The change simply involves replacing strlen()+malloc()+strcpy() with strdup()
> (see the attached patch), and AFAICT all the tests pass. So I thought that
> maybe you wanted to have a look at it and maybe merge it.

Is there any reason you want this instead of the normal approach of
using a valgrind suppressions file?  The valgrind warning is caused by
glibc/gcc optimizations, and those are typically silenced.  There is a
valgrind suppressions file shipped with Libidn, see tests/libidn.supp.
Getting it include in valgrind may be possible, I don't know their
policy on their default suppression files.

/Simon

> You can verify the problem (and that my patch fixes it) by running the
> following command from the libidn git repository:
>
>   $ ./libtool --mode=execute valgrind src/idn -a 'ουτοπία.δπθ.gr'
>
> Without patch it prints something like:
>
> ==24305== Invalid read of size 4
> ==24305==    at 0x4E3A680: idna_to_ascii_4z (idna.c:529)
> ==24305==    by 0x401B51: main (idn.c:374)
> ==24305==  Address 0x5412c6c is 12 bytes inside a block of size 15 alloc'd
> ==24305==    at 0x4C28C20: malloc (in 
> /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==24305==    by 0x4E3A7D3: idna_to_ascii_4z (idna.c:543)
> ==24305==    by 0x401B51: main (idn.c:374)
> ==24305== 
> ==24305== Invalid read of size 4
> ==24305==    at 0x4E3A695: idna_to_ascii_4z (idna.c:529)
> ==24305==    by 0x401B51: main (idn.c:374)
> ==24305==  Address 0x5413028 is 24 bytes inside a block of size 25 alloc'd
> ==24305==    at 0x4C2AF2E: realloc (in 
> /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==24305==    by 0x4E3A6FA: idna_to_ascii_4z (idna.c:530)
> ==24305==    by 0x401B51: main (idn.c:374)
>
> Cheers
>
> [0] https://bugs.debian.org/724069
>
> From 825d93f98648119cab5a392d1d524fbc626b0b40 Mon Sep 17 00:00:00 2001
> From: Alessandro Ghedini <address@hidden>
> Date: Thu, 4 Jun 2015 11:42:38 +0200
> Subject: [PATCH] Use strdup() to duplicate a buffer
>
> This apparently fixes the "Invalid read of size 4" error from valgrind
> that was reported at https://bugs.debian.org/724069
> ---
>  lib/idna.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/lib/idna.c b/lib/idna.c
> index bf93bfe..17774d0 100644
> --- a/lib/idna.c
> +++ b/lib/idna.c
> @@ -539,11 +539,9 @@ idna_to_ascii_4z (const uint32_t * input, char **output, 
> int flags)
>       }
>        else
>       {
> -       size_t l = strlen (buf) + 1;
> -       out = (char *) malloc (l);
> +       out = strdup (buf);
>         if (!out)
>           return IDNA_MALLOC_ERROR;
> -       strcpy (out, buf);
>       }
>  
>        start = end + 1;

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]