From owner-freebsd-standards@FreeBSD.ORG  Fri Mar 28 22:30:00 2014
Return-Path: <owner-freebsd-standards@FreeBSD.ORG>
Delivered-To: freebsd-standards@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id AF7ADEED
 for <freebsd-standards@smarthost.ysv.freebsd.org>;
 Fri, 28 Mar 2014 22:30:00 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 8BDA7D64
 for <freebsd-standards@smarthost.ysv.freebsd.org>;
 Fri, 28 Mar 2014 22:30:00 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s2SMU0Pb029803
 for <freebsd-standards@freefall.freebsd.org>; Fri, 28 Mar 2014 22:30:00 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s2SMU0dM029802;
 Fri, 28 Mar 2014 22:30:00 GMT (envelope-from gnats)
Resent-Date: Fri, 28 Mar 2014 22:30:00 GMT
Resent-Message-Id: <201403282230.s2SMU0dM029802@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-standards@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
 Tomohisa Tanaka <tomohisa.tanaka@gmail.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 93D82B50
 for <freebsd-gnats-submit@FreeBSD.org>; Fri, 28 Mar 2014 22:21:18 +0000 (UTC)
Received: from cgiserv.freebsd.org (cgiserv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:4])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 66B62C88
 for <freebsd-gnats-submit@FreeBSD.org>; Fri, 28 Mar 2014 22:21:18 +0000 (UTC)
Received: from cgiserv.freebsd.org ([127.0.1.6])
 by cgiserv.freebsd.org (8.14.8/8.14.8) with ESMTP id s2SMLIwr030827
 for <freebsd-gnats-submit@FreeBSD.org>; Fri, 28 Mar 2014 22:21:18 GMT
 (envelope-from nobody@cgiserv.freebsd.org)
Received: (from nobody@localhost)
 by cgiserv.freebsd.org (8.14.8/8.14.8/Submit) id s2SMLIHv030818;
 Fri, 28 Mar 2014 22:21:18 GMT (envelope-from nobody)
Message-Id: <201403282221.s2SMLIHv030818@cgiserv.freebsd.org>
Date: Fri, 28 Mar 2014 22:21:18 GMT
From: Tomohisa Tanaka <tomohisa.tanaka@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Subject: standards/188036: mblen(3) in EUC locales causes crash and
 segmentation fault.
X-BeenThere: freebsd-standards@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Standards compliance <freebsd-standards.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-standards>, 
 <mailto:freebsd-standards-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-standards/>
List-Post: <mailto:freebsd-standards@freebsd.org>
List-Help: <mailto:freebsd-standards-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-standards>, 
 <mailto:freebsd-standards-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Mar 2014 22:30:00 -0000


>Number:         188036
>Category:       standards
>Synopsis:       mblen(3) in EUC locales causes crash and segmentation fault.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-standards
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 28 22:30:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator:     Tomohisa Tanaka
>Release:        FreeBSD 9.2-RELEASE-p3
>Organization:
>Environment:
FreeBSD freebsd9 9.2-RELEASE-p3 FreeBSD 9.2-RELEASE-p3 #0: Sat Jan 11 03:25:02 UTC 2014     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
Calling function mblen(3) in EUC locales results in crash and
segmentation fault.  To repeat the problem, both setlocale(3) and
uselocale(3) must be called before calling mblen(3).

I think it is because the value of _CurrentRuneLocale->__variable in
/usr/src/lib/libc/locale/euc.c is always NULL after calling both
setlocale(3) and uselocale(3).

>How-To-Repeat:
% cat main.c
#include <stdio.h>
#include <stdlib.h>
#include <locale.h>
#include <xlocale.h>

int
main(void)
{
  printf("setlocale: %s\n", setlocale(LC_ALL, ""));

  locale_t newLocale = newlocale(LC_ALL_MASK, "C", NULL);
  locale_t oldLocale = uselocale(newLocale);
  /* ... */
  uselocale(oldLocale);

  printf("%d\n", mblen("a", 1));
  return 0;
}
% gcc -g3 -std=c99 main.c
% setenv LC_MESSAGES C
% env LANG=zh_CN.eucCN ./a.out
setlocale: zh_CN.eucCN/zh_CN.eucCN/zh_CN.eucCN/zh_CN.eucCN/zh_CN.eucCN/C
Segmentation fault (core dumped)
% env LANG=ko_KR.eucKR ./a.out
setlocale: ko_KR.eucKR/ko_KR.eucKR/ko_KR.eucKR/ko_KR.eucKR/ko_KR.eucKR/C
Segmentation fault (core dumped)
% env LANG=ja_JP.eucJP ./a.out
setlocale: ja_JP.eucJP/ja_JP.eucJP/ja_JP.eucJP/ja_JP.eucJP/ja_JP.eucJP/C
Segmentation fault (core dumped)
% env LANG=ja_JP.UTF-8 ./a.out
setlocale: ja_JP.UTF-8/ja_JP.UTF-8/ja_JP.UTF-8/ja_JP.UTF-8/ja_JP.UTF-8/C
1

>Fix:
diff -ur /usr/src/lib/libc/locale/euc.c locale/euc.c
--- /usr/src/lib/libc/locale/euc.c	2013-09-27 10:07:50.000000000 +0900
+++ locale/euc.c	2014-03-29 06:16:10.000000000 +0900
@@ -134,7 +134,8 @@
 	return (ps == NULL || ((const _EucState *)ps)->want == 0);
 }
 
-#define	CEI	((_EucInfo *)(_CurrentRuneLocale->__variable))
+#define	CEI	\
+	((_EucInfo *)(XLOCALE_CTYPE(__get_locale())->runes->__variable))
 
 #define	_SS2	0x008e
 #define	_SS3	0x008f



Patch attached with submission follows:

diff -ur /usr/src/lib/libc/locale/euc.c locale/euc.c
--- /usr/src/lib/libc/locale/euc.c	2013-09-27 10:07:50.000000000 +0900
+++ locale/euc.c	2014-03-29 06:16:10.000000000 +0900
@@ -134,7 +134,8 @@
 	return (ps == NULL || ((const _EucState *)ps)->want == 0);
 }
 
-#define	CEI	((_EucInfo *)(_CurrentRuneLocale->__variable))
+#define	CEI	\
+	((_EucInfo *)(XLOCALE_CTYPE(__get_locale())->runes->__variable))
 
 #define	_SS2	0x008e
 #define	_SS3	0x008f


>Release-Note:
>Audit-Trail:
>Unformatted: