Bug#636286: eglibc: SIGSEGV in strcoll in UTF-8 locales with certain characters

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#636286: eglibc: SIGSEGV in strcoll in UTF-8 locales with certain characters
From: Thorsten Glaser <tg@mirbsd.de>
Date: Mon, 01 Aug 2011 23:56:36 +0000
Message-id: <[🔎] 20110801235636.31812.58475.reportbug@aranym.mirbsd.org>
Reply-to: Thorsten Glaser <tg@mirbsd.de>, 636286@bugs.debian.org

Source: eglibc
Version: 2.13-11
Severity: normal

(Only normal severity because this doesn't happen on i386)

root@aranym:~ # LC_ALL=C ./sfl; echo $?
1
root@aranym:~ # LC_ALL=CUT ./sfl; echo $?
sfl: setlocale: No such file or directory
4
root@aranym:~ # LC_ALL=C.UTF-8 ./sfl; echo $?
Segmentation fault
139

Works with no or a nonexistent locale, but not with
a UTF-8 locale. The problem was found in the code of
localechooser (a d-i component which runs sort over
native language lists at build).

Program received signal SIGSEGV, Segmentation fault.
0xc0094940 in findidx (s1=0x80000556 " ব", s2=0x8000055b " ভ", l=0xc0145990) at ../locale/weight.h:126
126               return indirect[-i + offset];
(gdb) bt
#0  0xc0094940 in findidx (s1=0x80000556 " ব", s2=0x8000055b " ভ", l=0xc0145990) at ../locale/weight.h:126
#1  __strcoll_l (s1=0x80000556 " ব", s2=0x8000055b " ভ", l=0xc0145990) at strcoll_l.c:213
#2  0xc008f960 in strcoll (s1=0x80000556 " ব", s2=0x8000055b " ভ") at strcoll.c:37
#3  0x8000048e in main () at sfl.c:16
(gdb) print indirect
$1 = <value optimized out>
(gdb) print i
$2 = <value optimized out>
(gdb) print offset
$3 = <value optimized out>

I’ve got libc6-dbg installed, but it doesn’t seem to pick that
up, even with LD_LIBRARY_PATH=/usr/lib/debug/lib/m68k-linux-gnu
set. It does however load the symbols:

Reading symbols from /lib/m68k-linux-gnu/libc.so.6...Reading symbols from /usr/lib/debug/lib/m68k-linux-gnu/libc-2.13.so...done.   

I had to manually unpack and quilt push -a the source to get this
far, though. How am I supposed to use the libc6-dbg package then?

The error does NOT occur if the test programme is linked statically.

By preventing inlining and handcompiling strcoll_l.c with a
slightly adjusted (duplocale and __strcoll_l using) programme
I got this:

0x80000796 in findidx (cpp=0xefbc0728) at ../locale/weight.h:126
126               return indirect[-i + offset];
(gdb) print cpp
$1 = (const unsigned char **) 0xefbc0728
(gdb) print *cpp
$2 = (const unsigned char *) 0x8000107c "\246\254"
(gdb) x/4xb *cpp
0x8000107c <s1+2>:      0xa6    0xac    0x00    0x20
(gdb) print indirect
Cannot access memory at address 0xcda56b30
(gdb) print i
$3 = -1130053888
(gdb) print offset
$4 = <value optimized out>

Sorry, can’t debug this further.


https://wiki.debian.org/Aranym/Quick has an easy way to get a VM
image for testing.



-- System Information:
Debian Release: wheezy/sid
Architecture: m68k

Kernel: Linux 3.0.0-1-atari
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/mksh-static

Reply to:

Prev by Date: Bug#636116: libc6-dev-amd64
Next by Date: Bug#636266: libc6: fread() reads more than specified number of bytes
Previous by thread: Bug#636116: libc6-dev-amd64
Next by thread: Bug#636286: eglibc: SIGSEGV in strcoll in UTF-8 locales with certain characters
Index(es):
- Date
- Thread