From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: from second.openwall.net (second.openwall.net [193.110.157.125]) by inbox.vuxu.org (Postfix) with SMTP id EA98323C5A for ; Thu, 11 Apr 2024 20:18:04 +0200 (CEST) Received: (qmail 28461 invoked by uid 550); 11 Apr 2024 18:15:48 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 30398 invoked from network); 11 Apr 2024 17:57:21 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712858233; x=1713463033; darn=lists.openwall.com; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=RGWfFgfkaf5BvFSP2HhV91a/qgwVbrA50iJeirR8KtE=; b=G5JOhRxiNuoFxfpJlEta80v4jMuOBQoePPc3p/om8U0xtiU/zXAb0dEtsabBgH+J98 TeuRXmK1nYT5l4pFvROl00BE6Pa/qICDMPtbrsHIKvpQ65RmZdJM3325L0Uu2MMTLIOL n1G5MOtraTkVCS+316de3vS6lgk7l+pt6vzVcuTjI30zj8vTaF8SWoCf33Mi0MCpmjvu kcxCt6egaCvQV5m5Uzk/2GGtCQvO58HRkOgKcSGzV+YWZeeOYMJKeKbONJVqJQTlF3SU CmpJGHzGoIBbbGVRr/HJs57uHDX+vNHHBq3fPYWkJFrsUENdrMCAfVpfyfA5nTT0+B9X awtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712858233; x=1713463033; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RGWfFgfkaf5BvFSP2HhV91a/qgwVbrA50iJeirR8KtE=; b=k8n1ED9lP5vldD67M+NwuAVGytgFXYN8F0LnXfy5i9R8tiJ3BRZGJb3bekH3PZObrX g9ZK0HFpuHsV1WJPEFYNV9Wp2AgCdGQ7MMLNEUR6OBn6Hqhiw49cjs/kN4aTWDCsEwxq 758mAh9oTlMBiT7aVjD19/HvtJb0MCNme1K7dHOW79M0brEj+C/vZ5MP+YHveX8r+TBP XPKcdPbBx7Acsq4rzJdM7ffpwK4xqxtQipHKiSwguQTkWyBkkaM9k0PXtU48Tog5q3Km X/ySHK0WwxR0b+2KKoe6dk5vieQpZLyyxcFybvqKJYbaENaqroyREvBQjTXu829fa+2Q wK0A== X-Gm-Message-State: AOJu0Yy3Gw6qTLho4IDDnoEC9+vHxjuHURzufE9jGY48lVsTzK4VXqmY r0c1zko4SHSEIpVZ6RMjPtDNE5A5gAdyLkVTkptMeX3xYwqZOVO0f6prcLW+1zpNXnIm2kWl9dZ lgcel3h8kFFE1s98+UY2xCsOJGI8= X-Google-Smtp-Source: AGHT+IFEsj10yQkbQ5Z8rBT8PICqBAO+OgBDxyOA0bOZeyO92lGsfjskso+ojLD/AqLNn+Wvu8rJGOSOWpU2pSDKlrs= X-Received: by 2002:a05:6122:d9d:b0:4d3:37d1:5a70 with SMTP id bc29-20020a0561220d9d00b004d337d15a70mr616462vkb.7.1712858232601; Thu, 11 Apr 2024 10:57:12 -0700 (PDT) MIME-Version: 1.0 References: <20240324192503.16512-1-maks.mishinFZ@gmail.com> <20240324193341.GE32430@brightrain.aerifal.cx> In-Reply-To: From: Maks Mishin Date: Thu, 11 Apr 2024 20:56:56 +0300 Message-ID: To: alice Cc: musl@lists.openwall.com Content-Type: multipart/alternative; boundary="0000000000008146b10615d5e2ab" Subject: Re: [musl] Re: [PATCH] iconv: Add check null-check for scd pointer --0000000000008146b10615d5e2ab Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Alice, that's right. Rich, I'm sorry, but it's now always possible to test a particular function= . Can you tell me how you are testing the library? This will help me make more meaningful patches. =D0=BF=D0=BD, 25 =D0=BC=D0=B0=D1=80. 2024=E2=80=AF=D0=B3. =D0=B2 11:53, ali= ce : > On Sun Mar 24, 2024 at 7:33 PM UTC, Rich Felker wrote: > > On Sun, Mar 24, 2024 at 10:25:03PM +0300, Maks Mishin wrote: > > > After having been assigned to a NULL value at iconv.c:230, > > > pointer 'scd' is dereferenced at iconv.c:383. > > > > > > Found by RASU JSC. > > > > > > Signed-off-by: Maks Mishin > > > --- > > > src/locale/iconv.c | 2 ++ > > > 1 file changed, 2 insertions(+) > > > > > > diff --git a/src/locale/iconv.c b/src/locale/iconv.c > > > index 7fb2e1ef..e0d200b8 100644 > > > --- a/src/locale/iconv.c > > > +++ b/src/locale/iconv.c > > > @@ -232,6 +232,8 @@ size_t iconv(iconv_t cd, char **restrict in, > size_t *restrict inb, char **restri > > > scd =3D (void *)cd; > > > cd =3D scd->base_cd; > > > } > > > + if (scd =3D=3D NULL) return x; > > > + > > > unsigned to =3D extract_to(cd); > > > unsigned from =3D extract_from(cd); > > > const unsigned char *map =3D charmaps+from+1; > > > -- > > > 2.30.2 > > > > This makes iconv non-functional for non-stateful conversions. The > > claim by the static analysis tool is false. It is not dereferenced in > > the code path where it's null because in that code path, > > type=3D=3DISO2022_JP is never true. > > > > This tool you are using is really junk. You should stop sending > > untested and obviously incorrect patches to projects, and advise any > > projects that have accepted your patches that they may have been > > dangerously incorrect. > > I'm pretty sure RASU JSC is not a tool but rather the Rusatom State Atomi= c > Corporation JSC, i.e. a branch at the Russian atomic energy company. > > > > > Rich > > --=20 =D0=A1 =D1=83=D0=B2=D0=B0=D0=B6=D0=B5=D0=BD=D0=B8=D0=B5=D0=BC, =D0=9C=D0=B0=D0=BA=D1=81=D0=B8=D0=BC =D0=9C=D0=B8=D1=88=D0=B8=D0=BD +7 (915) 958-41-07 maks.mishinFZ@gmail.com --0000000000008146b10615d5e2ab Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Alice, that's right.

Rich, I'm = sorry, but it's now always possible to test a particular function.
Can you tell me how you are testing the library?
This will = help me make more meaningful patches.

=D0=BF=D0=BD, 25 =D0=BC=D0=B0=D1= =80. 2024=E2=80=AF=D0=B3. =D0=B2 11:53, alice <alice@ayaya.dev>:
On Sun Mar 24, 2024 at 7:33 PM UTC, Rich Felker wrote: > On Sun, Mar 24, 2024 at 10:25:03PM +0300, Maks Mishin wrote:
> > After having been assigned to a NULL value at iconv.c:230,
> > pointer 'scd' is dereferenced at iconv.c:383.
> >
> > Found by RASU JSC.
> >
> > Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
> > ---
> >=C2=A0 src/locale/iconv.c | 2 ++
> >=C2=A0 1 file changed, 2 insertions(+)
> >
> > diff --git a/src/locale/iconv.c b/src/locale/iconv.c
> > index 7fb2e1ef..e0d200b8 100644
> > --- a/src/locale/iconv.c
> > +++ b/src/locale/iconv.c
> > @@ -232,6 +232,8 @@ size_t iconv(iconv_t cd, char **restrict in, = size_t *restrict inb, char **restri
> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0scd =3D (void *)cd= ;
> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0cd =3D scd->bas= e_cd;
> >=C2=A0 =C2=A0 =C2=A0}
> > +=C2=A0 =C2=A0if (scd =3D=3D NULL) return x;
> > +
> >=C2=A0 =C2=A0 =C2=A0unsigned to =3D extract_to(cd);
> >=C2=A0 =C2=A0 =C2=A0unsigned from =3D extract_from(cd);
> >=C2=A0 =C2=A0 =C2=A0const unsigned char *map =3D charmaps+from+1;<= br> > > --
> > 2.30.2
>
> This makes iconv non-functional for non-stateful conversions. The
> claim by the static analysis tool is false. It is not dereferenced in<= br> > the code path where it's null because in that code path,
> type=3D=3DISO2022_JP is never true.
>
> This tool you are using is really junk. You should stop sending
> untested and obviously incorrect patches to projects, and advise any > projects that have accepted your patches that they may have been
> dangerously incorrect.

I'm pretty sure RASU JSC is not a tool but rather the Rusatom State Ato= mic
Corporation JSC, i.e. a branch at the Russian atomic energy company.

>
> Rich



--
=D0=A1 =D1=83=D0=B2=D0=B0=D0=B6=D0=B5=D0=BD=D0=B8=D0=B5= =D0=BC,
=D0=9C=D0=B0=D0=BA=D1=81=D0=B8=D0=BC =D0=9C=D0=B8=D1=88=D0=B8=D0= =BD
+7 (915) 958-41-07
--0000000000008146b10615d5e2ab--