This is the mail archive of the
libc-alpha@sourceware.cygnus.com
mailing list for the glibc project.
Re: [iconv crashes]
- To: Akira Higuchi <a-higuti at math dot sci dot hokudai dot ac dot jp>
- Subject: Re: [iconv crashes]
- From: "H . J . Lu" <hjl at lucon dot org>
- Date: Thu, 1 Jun 2000 08:33:43 -0700
- Cc: libc-alpha at sourceware dot cygnus dot com, a at kondara dot org
- References: <200006011215.VAA28974@hilbert.math.sci.hokudai.ac.jp>
On Thu, Jun 01, 2000 at 09:15:59PM +0900, Akira Higuchi wrote:
>
> >Submitter-Id: net
> >Originator: Akira Higuchi
> >Organization: Kondara Project
> >Confidential: no
> >Synopsis: iconv() crashes
> >Severity: serious
> >Priority: medium
> >Category: libc
> >Class: sw-bug
> >Release: libc-2.1.90
> >Environment:
> Host type: i586-redhat-linux-gnu
> System: Linux kemule 2.2.14-5k3 #1 Sun Apr 9 09:47:14 JST 2000 i686 unknown
> Architecture: i686
>
> Addons: c_stubs glibc-compat linuxthreads soft-fp
> Build CFLAGS: -mpentium -D__USE_STRING_INLINES -fstrict-aliasing -mcpu=i586 -g -O3
> Build CC: gcc
> Compiler version: 2.95.3 19991030 (prerelease)
> Kernel headers: 2.2.14-5k3
> Symbol versioning: yes
> Build static: yes
> Build shared: yes
> Build pic-default: no
> Build profile: yes
> Build omitfp: no
> Build bounded: no
> Build static-nss: no
> Stdio: libio
>
> >Description:
> Gconv module is sometimes unmapped even if it's in use. Because of it,
> iconv() crashes.
>
> >How-To-Repeat:
> Please compile and run the following program.
>
> -------------- x8-------------- x8-------------- x8--------------
> #include <stdio.h>
> #include <iconv.h>
>
> int main (void)
> {
> char *codesets[] =
> {"ISO_8859-1", "ISO_8859-2", "ISO_8859-3", "ISO_8859-4",
> "ISO_8859-5", "ISO_8859-6", "ISO_8859-7", "ISO_8859-8",};
> iconv_t cd[8], cd_a, cd_b;
> int i;
> char buffer[1024], *to = buffer;
> const char *from = "foobar";
> size_t to_left = 1024, from_left = 6;
>
> if ((cd_a = iconv_open ("EUC-JP", "UTF8")) == (iconv_t)-1)
> exit (-1);
> if ((cd_b = iconv_open ("EUC-JP", "SJIS")) == (iconv_t)-1)
> exit (-1);
> /* EUC-JP.so is mapped and reffered by two converters. */
>
> iconv_close (cd_a);
> /* cd_b is still open */
>
> for (i = 0; i < 8; i++)
> if ((cd[i] = iconv_open (codesets[i], "UTF8")) == (iconv_t)-1)
> exit (-1);
> for (i = 0; i < 8; i++)
> iconv_close (cd[i]);
>
> printf ("I'll crash\n");
>
> /* use cd_b ... CRASH! */
> printf ("%d\n", iconv (cd_b, &from, &from_left, &to, &to_left));
> iconv_close (cd_b);
> return 0;
> }
> -------------- x8-------------- x8-------------- x8--------------
>
> >Fix:
> Please apply the following patch.
>
> -------------- x8-------------- x8-------------- x8--------------
> --- iconv/gconv_dl.c.org Thu Jun 1 14:56:45 2000
> +++ iconv/gconv_dl.c Thu Jun 1 17:55:19 2000
> @@ -154,9 +154,9 @@
> return;
>
> if (obj == release_handle)
> - /* This is the object we want to unload. Now set the release
> - counter to zero. */
> - obj->counter = 0;
> + /* This is the object we want to unload. Now decrement the reference
> + counter. */
> + obj->counter--;
> else if (obj->counter <= 0)
^^^^^^^^^^^^^^^^^^^^^
It doesn't look right to me. It should look like
if (obj->counter <= 0)
> {
> if (--obj->counter < -TRIES_BEFORE_UNLOAD && obj->handle != NULL)
> -------------- x8-------------- x8-------------- x8--------------
H.J.