From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	FORGED_HOTMAIL_RCVD2,FREEMAIL_FROM,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham
	autolearn_force=no version=3.4.4
Received: (qmail 7136 invoked from network); 6 Oct 2021 10:23:25 -0000
Received: from mother.openwall.net (195.42.179.200)
  by inbox.vuxu.org with ESMTPUTF8; 6 Oct 2021 10:23:25 -0000
Received: (qmail 7989 invoked by uid 550); 6 Oct 2021 10:23:21 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
Received: (qmail 11401 invoked from network); 6 Oct 2021 09:31:45 -0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=QuqrXTJOez462dWBorzvcR8UGMo7eQOO6k3G945O8U7NUOqilvBuR5FoJsnpH7tVXrId3KqnvDVqYAkpdbivmX16pDt/l/EdIXAxk50OmuWDT1cvWgCDEheWUm55lhrl1hb+/K4XhIsbdPs4kL8nsgK+5/2w1uSEQaicehhqUDwwobkhCyEC3BqBUm6HTgq7nVdwD2p/v3cgfXoZ1c8fJs6lBVb6RIJBM2pCxgfrSZ3H2c6S9e+XS834RrtE0lZSRXhnBdVsgm5l3W/kOVPCCEowuPjit7u7ACrfRkokgdmNt86ZvnHBgQltigR6GVgOStYx/GI0FjiOIP7SpyTAgQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=lolbq/fuBQ8054Y07WaTLQ9dvjZkzCNPMyXtW/u9dIM=;
 b=HIA4e6orTQUZ30IrbYmlLhg9P8sHvMRmHS6Gi1cxJOwtvsp6q3an2FYdx9ia7MEIVxKJJzafjJpmAKHlefVqJdasHPdgV3Efm9+k7KODBQapn6llplzvY4z2AHVTq7q8XeB2nzE7TzN+QdpQwPLecKSUVL1W9CAGDsI2f4Tld7g5u0Pm8h1DurQYJkODDcDTqPdsY1E9EmStlWNLCIViZfiNSC3GiUR3M8DJOMsrxlonXk4QdSjvzLtmma2ngLGZ5u6HSsde13xWRCZcrjMliOGrWYf/Jj+3KX1LGjR6ipIBjmjLxyca6txiNEw3SxAlg6tp/AS5hC/zYKOdSKdQAA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=lolbq/fuBQ8054Y07WaTLQ9dvjZkzCNPMyXtW/u9dIM=;
 b=EjmQzSC+WpbGHe6j1gp894YHK559Arc13GTsr1iGoDCZtJJ1jzG6Pr4Sim+YS5OfQ4/nEBDmYNql+s0hUn4nepCq2JwS8exgi+m6BVzm5eZWl9VaLlg4DhMyZuY4DxePrcwtT0JfN+c+HcgWBFBwwYK11MzFTOJMGZQgvXPRsi0KgbYZ83tUseEt3cN6I+2S/rDPK5ZJc/T/VsmDFa824cN5Zwd3Hy3JxxsnP6x+z+FSeY3lAAEF2CFDrNCsU+kcPLAhzmkWIjXdD3gp4hLS2g2Wjn3j93Xbb00zkQ/0KQer8ZXHsIQhV3AtU6ZkDAI2TaOLuTxcgLbHiMgEtaP8Rg==
X-IncomingTopHeaderMarker:
 OriginalChecksum:4EE44BEB000A2F3BEE88AB4FD182661C508D69EB9116308962DBE1ABE338E355;UpperCasedChecksum:9BA18AFE9EE96023B9C35FC434339EE3358FA8BC6B7AAB3DBA43F115287B89F1;SizeAsReceived:8395;Count:44
Message-ID:
 <AM5P192MB00812237500EA1FEBEB2C7ABC7B09@AM5P192MB0081.EURP192.PROD.OUTLOOK.COM>
From: Pablo Correa Gomez <ablocorrea@hotmail.com>
To: musl@lists.openwall.com
Date: Wed, 06 Oct 2021 11:31:29 +0200
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.36.5-0ubuntu1 
Content-Transfer-Encoding: 8bit
X-TMN: [QdKyOPUBI+Xfk9BxfUwX36HwkaJU3ArP]
X-ClientProxiedBy: MR2P264CA0072.FRAP264.PROD.OUTLOOK.COM
 (2603:10a6:500:31::36) To AM5P192MB0081.EURP192.PROD.OUTLOOK.COM
 (2603:10a6:203:81::10)
X-Microsoft-Original-Message-ID:
 <b9e228d2ec9ca0985cd10adbd20a22fda8b5091a.camel@hotmail.com>
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-IncomingHeaderCount: 44
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-Correlation-Id: 5604d708-ca4a-4c8b-72ee-08d988ac1530
X-MS-TrafficTypeDiagnostic: HE1EUR04HT190:
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
	BPb9KwQFw/1tZi4aVJj4etoPhSiN9c+CODcj1gTzmEGZq2EBcQaHX3iZVTRcCqZ74SIshKcbfOyHWBQBGPwn2jXb6QdhWEeTQUOvTl1ZhCQxxClZTPogKf5r3NT9C4/GGn/ruFrdvpfLMLV4ebGl9RuCqbUk77CXdIxPCNsfHSdZaj57O+LQ+ecAM4Ximyjx2srKeTNN/BHq0Rugq2aoGTRpiKwWLn8XPDRxStQ0EvpMbveQGnqLItdkdzMuVjXq1osyP/LW6LD/dX5x9qe/iXqNUR62d5msyRN2iJhjEnoOCM9LzgDN8mJV12ImupIwXOrZDKoBb1g1ecFTvmXMaGzwa5CmY4Y6P3zypmod835e0Dfp+JkvgcaxBKiDwJ7dX7NM7F6vYHmjy1ov+Ry3ltfeaTcST0cRh6VtSZBoOdFL0WqBFIxrjKGaiqNc3IVOkrhcTOjRbWsG12ScQqtZ4xo/8qK6sRwhcVXa2zi3w3U=
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0:
	NKdxzvl9ph4eBDDWDvMlfrIj9ppB6abt+66Cbrzx98gNvF35Rn7Pn17VVF+BOq8lraTnb3iwVxEIiNOlIMgR/+29b7HsETv6kg9uBa/RRJaSyZXlu/6R3n5SI39JsFw5rBV5rEPrynUlkW+cZS6VFQ==
X-OriginatorOrg: hotmail.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5604d708-ca4a-4c8b-72ee-08d988ac1530
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Oct 2021 09:31:32.6062
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-AuthSource:
	HE1EUR04FT020.eop-eur04.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg:
	00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1EUR04HT190
Subject: [musl] newlocale: Segmentation fault when locale input is NULL

Dear musl maintainers,

While doing some work in GNOME control center for postmarketos, we
bumped into a segmentation fault which is also present in GNOME in
Alpine[1].

After doing some degugging, I figured out that the reason is that,
through GNOME desktop[2], there is a call to newlocale, where they end
up calling it with a NULL argument.

newlocale(LC_CTYPE, NULL, (locale_t)0);

In this case, "name" is passed to __get_locale in
src/locale/newlocale.c:27 and then dereferenced in
src/locale/locale_map.c:43, causing a segmentation fault.

In the case of glibc, this is not an issue, as per the documentation[3]
they consider it an error:

       EINVAL locale is NULL.

Unfortunately, this is a difference in the implementation between glibc
and musl, maybe due to the fact that the standard[4] in not clear in
this point:


The newlocale() function may fail if:

[EINVAL]
    The locale argument is not a valid string pointer. 


My personal believe is that adding a NULL pointer check in musl is very
simple and might help not only GNOME desktop, but maybe also other
projects in the future. This is the reason why I brought the issue here
first instead of directly patching GNOME desktop. If you believe that
musl behaviour should remain the way it is, please let me know and I
will send MRs for upstream and Alpine's GNOME desktop. I am not
subscribed to the mailing list, so I would appreciate if I am CC'ed in
any response.

Best regards,
Pablo Correa Gómez.


[1] 
https://gitlab.com/postmarketOS/pmaports/-/merge_requests/2552#note_686956660
[2] https://gitlab.gnome.org/GNOME/gnome-desktop
[3] https://man7.org/linux/man-pages/man3/newlocale.3.html
[4] 
https://pubs.opengroup.org/onlinepubs/9699919799/functions/newlocale.html