qiurui
/
glibc
mirror of git://sourceware.org/git/glibc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

locale: Fix UB on VLA allocation 

Both level 2 and level 3 sizes can be zero, which triggers a 0-size
VLA.  Reorganize the code to allocate the VLA iff sizes are positive.
This commit is contained in:
Adhemerval Zanella 2025-04-22 10:50:13 -03:00
parent b5a09ebb3f
commit eadfcdb2b9
2 changed files with 80 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
locale/programs/3level.h
View File

@ -212,58 +212,64 @@ static void
CONCAT(add_locale_,TABLE) (struct locale_file *file, struct TABLE *t) CONCAT(add_locale_,TABLE) (struct locale_file *file, struct TABLE *t)
{ {
size_t i, j, k; size_t i, j, k;
uint32_t reorder3[t->level3_size];
uint32_t reorder2[t->level2_size];
uint32_t level2_offset, level3_offset, last_offset; uint32_t level2_offset, level3_offset, last_offset;
/* Uniquify level3 blocks. */ /* Uniquify level3 blocks. */
k = 0; k = 0;
for (j = 0; j < t->level3_size; j++) if (t->level3_size > 0)
{ {
for (i = 0; i < k; i++) uint32_t reorder3[t->level3_size];
if (memcmp (&t->level3[i << t->p], &t->level3[j << t->p], for (j = 0; j < t->level3_size; j++)
(1 << t->p) * sizeof (ELEMENT)) == 0)
break;
/* Relocate block j to block i. */
reorder3[j] = i;
if (i == k)
{ {
if (i != j) for (i = 0; i < k; i++)
memcpy (&t->level3[i << t->p], &t->level3[j << t->p], if (memcmp (&t->level3[i << t->p], &t->level3[j << t->p],
(1 << t->p) * sizeof (ELEMENT)); (1 << t->p) * sizeof (ELEMENT)) == 0)
k++; break;
/* Relocate block j to block i. */
reorder3[j] = i;
if (i == k)
{
if (i != j)
memcpy (&t->level3[i << t->p], &t->level3[j << t->p],
(1 << t->p) * sizeof (ELEMENT));
k++;
}
} }
for (i = 0; i < (t->level2_size << t->q); i++)
if (t->level2[i] != EMPTY)
t->level2[i] = reorder3[t->level2[i]];
} }
t->level3_size = k; t->level3_size = k;
for (i = 0; i < (t->level2_size << t->q); i++)
if (t->level2[i] != EMPTY)
t->level2[i] = reorder3[t->level2[i]];
/* Uniquify level2 blocks. */ /* Uniquify level2 blocks. */
k = 0; k = 0;
for (j = 0; j < t->level2_size; j++) if (t->level2_size > 0)
{ {
for (i = 0; i < k; i++) uint32_t reorder2[t->level2_size];
if (memcmp (&t->level2[i << t->q], &t->level2[j << t->q], for (j = 0; j < t->level2_size; j++)
(1 << t->q) * sizeof (uint32_t)) == 0)
break;
/* Relocate block j to block i. */
reorder2[j] = i;
if (i == k)
{ {
if (i != j) for (i = 0; i < k; i++)
memcpy (&t->level2[i << t->q], &t->level2[j << t->q], if (memcmp (&t->level2[i << t->q], &t->level2[j << t->q],
(1 << t->q) * sizeof (uint32_t)); (1 << t->q) * sizeof (uint32_t)) == 0)
k++; break;
/* Relocate block j to block i. */
reorder2[j] = i;
if (i == k)
{
if (i != j)
memcpy (&t->level2[i << t->q], &t->level2[j << t->q],
(1 << t->q) * sizeof (uint32_t));
k++;
}
} }
for (i = 0; i < t->level1_size; i++)
if (t->level1[i] != EMPTY)
t->level1[i] = reorder2[t->level1[i]];
} }
t->level2_size = k; t->level2_size = k;
for (i = 0; i < t->level1_size; i++)
if (t->level1[i] != EMPTY)
t->level1[i] = reorder2[t->level1[i]];
/* Create and fill the resulting compressed representation. */ /* Create and fill the resulting compressed representation. */
last_offset = last_offset =
5 * sizeof (uint32_t) 5 * sizeof (uint32_t)

74
locale/programs/ld-ctype.c
View File

@ -3423,58 +3423,64 @@ static void
add_locale_wctype_table (struct locale_file *file, struct wctype_table *t) add_locale_wctype_table (struct locale_file *file, struct wctype_table *t)
{ {
size_t i, j, k; size_t i, j, k;
uint32_t reorder3[t->level3_size];
uint32_t reorder2[t->level2_size];
uint32_t level2_offset, level3_offset; uint32_t level2_offset, level3_offset;
/* Uniquify level3 blocks. */ /* Uniquify level3 blocks. */
k = 0; k = 0;
for (j = 0; j < t->level3_size; j++) if (t->level3_size > 0)
{ {
for (i = 0; i < k; i++) uint32_t reorder3[t->level3_size];
if (memcmp (&t->level3[i << t->p], &t->level3[j << t->p], for (j = 0; j < t->level3_size; j++)
(1 << t->p) * sizeof (uint32_t)) == 0)
break;
/* Relocate block j to block i. */
reorder3[j] = i;
if (i == k)
{ {
if (i != j) for (i = 0; i < k; i++)
memcpy (&t->level3[i << t->p], &t->level3[j << t->p], if (memcmp (&t->level3[i << t->p], &t->level3[j << t->p],
(1 << t->p) * sizeof (uint32_t)); (1 << t->p) * sizeof (uint32_t)) == 0)
k++; break;
/* Relocate block j to block i. */
reorder3[j] = i;
if (i == k)
{
if (i != j)
memcpy (&t->level3[i << t->p], &t->level3[j << t->p],
(1 << t->p) * sizeof (uint32_t));
k++;
}
} }
for (i = 0; i < (t->level2_size << t->q); i++)
if (t->level2[i] != EMPTY)
t->level2[i] = reorder3[t->level2[i]];
} }
t->level3_size = k; t->level3_size = k;
for (i = 0; i < (t->level2_size << t->q); i++)
if (t->level2[i] != EMPTY)
t->level2[i] = reorder3[t->level2[i]];
/* Uniquify level2 blocks. */ /* Uniquify level2 blocks. */
k = 0; k = 0;
for (j = 0; j < t->level2_size; j++) if (t->level2_size > 0)
{ {
for (i = 0; i < k; i++) uint32_t reorder2[t->level2_size];
if (memcmp (&t->level2[i << t->q], &t->level2[j << t->q], for (j = 0; j < t->level2_size; j++)
(1 << t->q) * sizeof (uint32_t)) == 0)
break;
/* Relocate block j to block i. */
reorder2[j] = i;
if (i == k)
{ {
if (i != j) for (i = 0; i < k; i++)
memcpy (&t->level2[i << t->q], &t->level2[j << t->q], if (memcmp (&t->level2[i << t->q], &t->level2[j << t->q],
(1 << t->q) * sizeof (uint32_t)); (1 << t->q) * sizeof (uint32_t)) == 0)
k++; break;
/* Relocate block j to block i. */
reorder2[j] = i;
if (i == k)
{
if (i != j)
memcpy (&t->level2[i << t->q], &t->level2[j << t->q],
(1 << t->q) * sizeof (uint32_t));
k++;
}
} }
for (i = 0; i < t->level1_size; i++)
if (t->level1[i] != EMPTY)
t->level1[i] = reorder2[t->level1[i]];
} }
t->level2_size = k; t->level2_size = k;
for (i = 0; i < t->level1_size; i++)
if (t->level1[i] != EMPTY)
t->level1[i] = reorder2[t->level1[i]];
t->result_size = t->result_size =
5 * sizeof (uint32_t) 5 * sizeof (uint32_t)
+ t->level1_size * sizeof (uint32_t) + t->level1_size * sizeof (uint32_t)