bug-glibc
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

iconv_close() calls free() with a NULL pointer


From: Saul Tamari
Subject: iconv_close() calls free() with a NULL pointer
Date: Thu, 7 Nov 2002 06:58:36 -0800 (PST)

Hi


I think I have stumbled across a bug in iconv_close() which causes it
to call free() with a NULL pointer (which is not legal by ANSI/ISO C).
Below is a small program that reproduces the bug.


Thanks,
Saul Tamari

 

#include <iconv.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

extern void *__free_hook;
static void super_free(void *ptr);
 
 
// This program demonstrates a bug iconv_close that causes it to call
free() with a null pointer
int main(int argc, char *argv[])
{
        iconv_t conv[6];
        char *names[] = {"UTF-8", "CP862", "CP862", "UTF-8",
                        "UTF-8", "ISO-8859-8", "ISO-8859-8", "UTF-8",
                        "UTF-8", "EUC-KR", "EUC-KR", "UTF-8"};
        int     i;
 
 
        __free_hook = super_free;
 
        for (i=0; i<6; i++) {
                if ((conv[i] = iconv_open(names[i*2], names[i*2 + 1]))
== -1) {
                        fprintf(stderr, "iconv_open()  failed: %s\n",
strerror(errno));
                        exit(-1);
                }
        }
 
        for (i=0; i<6; i++) {
                if (iconv_close(conv[i]) == -1) {
                        fprintf(stderr, "iconv_close() failed: %s\n",
strerror(errno));
                        exit(-1);
                }
        }
 
        return 0;
}
 
 
static void super_free(void *ptr)
{
        void (*old_hook)(void *ptr);
 
        if (ptr == 0)
                fprintf(stderr, "super_free: got NULL pointer\n");
 
 
        old_hook = __free_hook;
        __free_hook = 0;
        free(ptr);
        __free_hook = old_hook;
}

 



Do you Yahoo!?
U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD
reply via email to

[Prev in Thread] Current Thread [Next in Thread]