From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: from second.openwall.net (second.openwall.net [193.110.157.125]) by inbox.vuxu.org (Postfix) with SMTP id 29F0C2114A for ; Mon, 25 Mar 2024 09:53:51 +0100 (CET) Received: (qmail 12039 invoked by uid 550); 25 Mar 2024 08:49:05 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 12003 invoked from network); 25 Mar 2024 08:49:05 -0000 Mime-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ayaya.dev; s=key1; t=1711356817; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Mk4u9yVoyyZ/SUqbh/hZcstM1sedWBZ9Z2pnVEMTMhY=; b=ggiDiwrKYPLAXOvLfpp+XAV5OiE4ZFxVMvYB2xgWg/S9G4skvPvV0mYo7OJZVnu6xMM2b2 0IFWPn+ko+A1ynfgr8IBEy5zYezpswbvEFfLwlWLGHUMV9H541nMAR6HKDQd6xFht43jm5 I8rIpv1n4g0M0erCsRBNdtelESWsYqc= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Mon, 25 Mar 2024 08:53:35 +0000 Message-Id: X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: "alice" To: , "Maks Mishin" References: <20240324192503.16512-1-maks.mishinFZ@gmail.com> <20240324193341.GE32430@brightrain.aerifal.cx> In-Reply-To: <20240324193341.GE32430@brightrain.aerifal.cx> X-Migadu-Flow: FLOW_OUT Subject: Re: [musl] Re: [PATCH] iconv: Add check null-check for scd pointer On Sun Mar 24, 2024 at 7:33 PM UTC, Rich Felker wrote: > On Sun, Mar 24, 2024 at 10:25:03PM +0300, Maks Mishin wrote: > > After having been assigned to a NULL value at iconv.c:230, > > pointer 'scd' is dereferenced at iconv.c:383. > >=20 > > Found by RASU JSC. > >=20 > > Signed-off-by: Maks Mishin > > --- > > src/locale/iconv.c | 2 ++ > > 1 file changed, 2 insertions(+) > >=20 > > diff --git a/src/locale/iconv.c b/src/locale/iconv.c > > index 7fb2e1ef..e0d200b8 100644 > > --- a/src/locale/iconv.c > > +++ b/src/locale/iconv.c > > @@ -232,6 +232,8 @@ size_t iconv(iconv_t cd, char **restrict in, size_t= *restrict inb, char **restri > > scd =3D (void *)cd; > > cd =3D scd->base_cd; > > } > > + if (scd =3D=3D NULL) return x; > > + > > unsigned to =3D extract_to(cd); > > unsigned from =3D extract_from(cd); > > const unsigned char *map =3D charmaps+from+1; > > --=20 > > 2.30.2 > > This makes iconv non-functional for non-stateful conversions. The > claim by the static analysis tool is false. It is not dereferenced in > the code path where it's null because in that code path, > type=3D=3DISO2022_JP is never true. > > This tool you are using is really junk. You should stop sending > untested and obviously incorrect patches to projects, and advise any > projects that have accepted your patches that they may have been > dangerously incorrect. I'm pretty sure RASU JSC is not a tool but rather the Rusatom State Atomic Corporation JSC, i.e. a branch at the Russian atomic energy company. > > Rich