Bug 1733869 - gettext: Getting errors in double free with msgfmt command.
Summary: gettext: Getting errors in double free with msgfmt command.
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: gettext
Version: 30
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Sundeep Anand
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-29 05:46 UTC by Pooja Yadav
Modified: 2019-08-31 19:47 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Pooja Yadav 2019-07-29 05:46:04 UTC
Description of problem: Error in poc, please refer the result section for details.


Version-Release number of selected component (if applicable):
gettext-0.19.8.1-18.fc30.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Clone https://github.com/CCCCCrash/POCs.git.
2. Run valgrind msgfmt poc command.
3. Observe the output.

Actual results:
[poyadav@localhost doublefree]$ valgrind msgfmt poc
==8072== Memcheck, a memory error detector
==8072== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==8072== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==8072== Command: msgfmt poc
==8072== 
==8072== Conditional jump or move depends on uninitialised value(s)
==8072==    at 0x48D9940: freea (in /usr/lib64/libgettextlib-0.19.8.1.so)
==8072==    by 0x487E8EA: po_lex_charset_set (in /usr/lib64/libgettextsrc-0.19.8.1.so)
==8072==    by 0x487E098: po_gram_parse (in /usr/lib64/libgettextsrc-0.19.8.1.so)
==8072==    by 0x487EB9A: ??? (in /usr/lib64/libgettextsrc-0.19.8.1.so)
==8072==    by 0x487A773: catalog_reader_parse (in /usr/lib64/libgettextsrc-0.19.8.1.so)
==8072==    by 0x10E7C7: ??? (in /usr/bin/msgfmt)
==8072==    by 0x10D8EB: ??? (in /usr/bin/msgfmt)
==8072==    by 0x4AABF32: (below main) (in /usr/lib64/libc-2.29.so)
==8072== 
poc:17: duplicate message definition...
poc:16: ...this is the location of the first definition
poc:18:3: syntax error
poc:18: keyword "n" unknown
poc:19: end-of-line within string
poc:28: duplicate message definition...
poc:24: ...this is the location of the first definition
poc:35: keyword "msgud_plural" unknown
poc:34: missing 'msgstr' section
poc:35:13: syntax error
poc:40: end-of-line within string
poc:46: end-of-line within string
poc: warning: Charset missing in header.
              Message conversion to user's charset will not work.
poc:42: duplicate message definition...
poc:6: ...this is the location of the first definition
poc:46:2: syntax error
poc:46: keyword "Ep" unknown
poc:47: keyword "C" unknown
poc:48: keyword "s" unknown
poc:49: keyword "bo" unknown
poc:50: keyword "S" unknown
poc:50:236: invalid control sequence
poc:50:397: invalid control sequence
poc:51: end-of-line within string
msgfmt: too many errors, aborting
==8072== 
==8072== HEAP SUMMARY:
==8072==     in use at exit: 59,783 bytes in 123 blocks
==8072==   total heap usage: 547 allocs, 424 frees, 99,479 bytes allocated
==8072== 
==8072== LEAK SUMMARY:
==8072==    definitely lost: 650 bytes in 82 blocks
==8072==    indirectly lost: 0 bytes in 0 blocks
==8072==      possibly lost: 0 bytes in 0 blocks
==8072==    still reachable: 59,133 bytes in 41 blocks
==8072==         suppressed: 0 bytes in 0 blocks
==8072== Rerun with --leak-check=full to see details of leaked memory
==8072== 
==8072== Use --track-origins=yes to see where uninitialised values come from
==8072== For lists of detected and suppressed errors, rerun with: -s
==8072== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)


Expected results:
No errors.

Additional info:


Note You need to log in before you can comment on or make changes to this bug.