setting ishift 5 tshift 2
make: *** [wctables.h] segmentation fault
bug
Crash is due to improper initialization of uniqblock array in newopt() in gen_wctype.c. As the result uniqblock[0] is used unintialized.
uniqblock array is initialized here:
get_wctype.c:804
=======================================
uniq = 1;
uit[(ti[0]-ut)/blocksize] = 0;
for (i=1 ; i < numblocks ; i++) {
if (memcmp(ti[i-1], ti[i], blocksize) < 0) {
if (++uniq > 255) {
break;
}
uniqblock[uniq - 1] = i;
}
#if 1
else if (memcmp(ti[i-1], ti[i], blocksize) > 0) {
printf("bad sort %i!\n", i);
abort();
}
#endif
uit[(ti[i]-ut)/blocksize] = uniq - 1;
}
=======================================
uniqblock initialized with statement
804: uniqblock[uniq - 1] = i;
uniq is initialized with 1 and on first iteration it is incremented up to 2 here:
808: if (++uniq > 255) {
So the first item of array being initialized is 1, ie uniqblock[0] is uninitialized, but later it is accessed here:
865: memcpy(tbl->ti + i * blocksize, ti[uniqblock[i]], blocksize);
making get_wctype crash.
Attached proposed patch
======= patch =========
--- /var/tmp/cross/arm-linux-uclibc/portage/cross-arm-linux-uclibc/uclibc-0.9.28.3/work/uClibc-0.9.28.3/extra/locale/gen_wctype.c 2005-02-26 21:54:07.000000000 +0300
+++ uClibc-0.9.28.3/extra/locale/gen_wctype.c 2007-06-28 16:13:32.000000000 +0400
@@ -802,6 +802,7 @@
qsort(ti, numblocks, sizeof(unsigned char *), nu_memcmp);
uniq = 1;
+ uniqblock[0]=0;
uit[(ti[0]-ut)/blocksize] = 0;
for (i=1 ; i < numblocks ; i++) {
if (memcmp(ti[i-1], ti[i], blocksize) < 0) {
風花水月六十石
15 年前
沒有留言:
張貼留言