Package: libc6 Version: 2.3.6.ds1-10 Severity: important Hi,
The iconv() function may die with bus error due to unaligned memory accesses on sparc and, probably, other platforms with strict alignment requirements. It can be occasionally triggered by attempting 'aptitude install non-existent-package' (thanks to Al Viro and Fabio M. Di Nitto for the report and initial investigation). It also affects etch version (2.3.6.ds1-8) as well. The test case (attached) illustrates the problem: [EMAIL PROTECTED]:~$ gcc -g iconv-crash.c [EMAIL PROTECTED]:~$ ./iconv-crash Bus error [EMAIL PROTECTED]:~$ gdb ./iconv-crash GNU gdb 6.5-debian Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "sparc-linux-gnu"...Using host libthread_db library "/lib/libthread_db.so.1". (gdb) run Starting program: /home/jurij/iconv-crash Program received signal SIGBUS, Bus error. 0xf7e7a1f4 in __gconv_transform_internal_ascii () from /lib/libc.so.6 (gdb) bt #0 0xf7e7a1f4 in __gconv_transform_internal_ascii () from /lib/libc.so.6 #1 0xf7e75df4 in __gconv () from /lib/libc.so.6 #2 0xf7e752a8 in iconv () from /lib/libc.so.6 #3 0x000105e0 in main () at iconv-crash.c:15 (gdb) AFAICT, the body of the __gconv_transform_internal_ascii() is defined in iconv/gconv_simple.c as #define BODY \ { \ if (__builtin_expect (*((const uint32_t *) inptr) > 0x7f, 0)) \ { \ UNICODE_TAG_HANDLER (*((const uint32_t *) inptr), 4); \ STANDARD_TO_LOOP_ERR_HANDLER (4); \ } \ else \ /* It's an one byte sequence. */ \ *outptr++ = *((const uint32_t *) inptr); \ inptr += sizeof (uint32_t); \ } The word-sized accesses at the potentially unaligned location pointed to by inptr are likely to be causing the problem. Best regards, -- Jurij Smakov [EMAIL PROTECTED] Key: http://www.wooyd.org/pgpkey/ KeyID: C99E03CC
#include <stdio.h> #include <stdlib.h> #include <iconv.h> #include <string.h> int main() { iconv_t cd; size_t inr = 4, outr = 8, res; char *inbuf = strdup("abcde"); char *outbuf = malloc(8); inbuf++; cd = iconv_open("ASCII", "WCHAR_T"); res = iconv(cd, &inbuf, &inr, &outbuf, &outr); return 0; }