Re: Libidn serious bug on Windows x64

help-libidn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Libidn serious bug on Windows x64

From:	Evgeny Grin
Subject:	Re: Libidn serious bug on Windows x64
Date:	Thu, 21 Jul 2016 23:25:32 +0300
User-agent:	Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0

On 20.07.2016 20:03, Simon Josefsson wrote:
> Evgeny Grin <address@hidden> writes:
> 
>> Hi!
>>
>> While debugging cURL on Windows x64 crash with simple run of "curl -v
>> http://яндекс.рф";, I discovered that crash caused by calling
>> tld_check_lz(). Further investigations reveal pointer to size_t is cast
>> to pointer to long in stringprep_utf8_to_ucs4() which in invalid on
>> Win64. As result - very high number is stored in items_written and in
>> tld_get_4() dereferenced an invalid pointer.
>> I can't make a minimal example to illustrate it as in minimal example
>> initial nullifying hides the problem. Hope that invalid casting is
>> obvious problem.
> 
> Hello.  Does this problem still exist with 1.32?  What size does
> 'size_t' and 'long' have on Windows x64?

Yes, the same bug is present in 1.32, 1.33 and in current git master.
Currently libidn keep crashing on Windows.
MinGW package includes my patches to prevent crashing:
https://github.com/Alexpux/MINGW-packages/blob/master/mingw-w64-libidn/0003-nfkc.c-Fix-Win64-crash.patch
https://github.com/Alexpux/MINGW-packages/blob/master/mingw-w64-libidn/0004-nfkc.c-Fixed-invalid-var-types.patch

Generally, you can't assume that sizeof(int) == sizeof(long) or
sizeof(long) == sizeof(long long) or sizeof(long) == sizeof(void*)
https://en.wikipedia.org/wiki/64-bit_computing#64-bit_data_models

On Windows x64 sizeof(int) == 4, sizeof(long) == 4, sizeof(long long) ==
8, sizeof(void*) == 8.

But casting pointer to one type to pointer to other type is bad idea in
general, unless you 100% sure that such casting is ALWAYS and ANYWHERE
valid.
I sent already some patches for fixing this bug.
http://lists.gnu.org/archive/html/help-libidn/2016-04/msg00002.html

Additional (unrelated) fixes attached.

--
Best Wishes,
Evgeny Grin

0001-.gitattributes-Preserve-LF-line-endings-for-.gperf.patch
Description: Text document

0002-doc-gdoc.mk-fix-out-of-tree-building.patch
Description: Text document

0003-nfkc.c-do-not-use-UTF-8-codes-longer-then-4-bytes.patch
Description: Text document

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Libidn serious bug on Windows x64, Simon Josefsson, 2016/07/20
- Re: Libidn serious bug on Windows x64, Evgeny Grin <=
  - Re: Libidn serious bug on Windows x64, Evgeny Grin, 2016/07/21

Prev by Date: Bug#804047: marked as done (Build-Depends on gengetopt needed?)
Next by Date: Re: Libidn serious bug on Windows x64
Previous by thread: Re: Libidn serious bug on Windows x64
Next by thread: Re: Libidn serious bug on Windows x64
Index(es):
- Date
- Thread