Hide Forgot
Description of problem: When trying Coverity static analysis run for coreutils, it was discovered that i18n patch has unsafe initialization of char* bufpos, leaving it for first call unitialized or initialized to NULL. It should be initialized to buf (as is already done in one case). Current behaviour is unsafe, as it calls memmove from wrong address (uninitialized or NULL) - although of size of 0 bytes. This should be fixed, although there is no known reproducer how to abuse that (and crash the program) atm. How reproducible: Always Steps to Reproduce: 1. check memmove calls of e.g. fold, expand and some others via ltrace and multibyte locales on multibyte text Actual results: Memmove from address 0 with size of 0 is performed Expected results: No such thing happens Additional info: I don't expect that this could be tested via automated test, just sanity only check should be enough.
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Previously, the internalization patch for coreutils had an unsafe initialization of char* bufops that left bufops uninitialized or initialized to NULL on the first usage. This behaviour called memmove from an incorrect address, namely from address 0 and size 0. This is now fixed and bufops is correctly initialized for the first use.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0646.html