Hello, this bug was originally reported at [0], but then closed because it isn't libidn's fault. However, I was able to make a little modification to libidn that fixed the problem for me.
The change simply involves replacing strlen()+malloc()+strcpy() with strdup() (see the attached patch), and AFAICT all the tests pass. So I thought that maybe you wanted to have a look at it and maybe merge it. You can verify the problem (and that my patch fixes it) by running the following command from the libidn git repository: $ ./libtool --mode=execute valgrind src/idn -a 'ουτοπία.δπθ.gr' Without patch it prints something like: ==24305== Invalid read of size 4 ==24305== at 0x4E3A680: idna_to_ascii_4z (idna.c:529) ==24305== by 0x401B51: main (idn.c:374) ==24305== Address 0x5412c6c is 12 bytes inside a block of size 15 alloc'd ==24305== at 0x4C28C20: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==24305== by 0x4E3A7D3: idna_to_ascii_4z (idna.c:543) ==24305== by 0x401B51: main (idn.c:374) ==24305== ==24305== Invalid read of size 4 ==24305== at 0x4E3A695: idna_to_ascii_4z (idna.c:529) ==24305== by 0x401B51: main (idn.c:374) ==24305== Address 0x5413028 is 24 bytes inside a block of size 25 alloc'd ==24305== at 0x4C2AF2E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==24305== by 0x4E3A6FA: idna_to_ascii_4z (idna.c:530) ==24305== by 0x401B51: main (idn.c:374) Cheers [0] https://bugs.debian.org/724069
>From 825d93f98648119cab5a392d1d524fbc626b0b40 Mon Sep 17 00:00:00 2001 From: Alessandro Ghedini <alessan...@ghedini.me> Date: Thu, 4 Jun 2015 11:42:38 +0200 Subject: [PATCH] Use strdup() to duplicate a buffer This apparently fixes the "Invalid read of size 4" error from valgrind that was reported at https://bugs.debian.org/724069 --- lib/idna.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lib/idna.c b/lib/idna.c index bf93bfe..17774d0 100644 --- a/lib/idna.c +++ b/lib/idna.c @@ -539,11 +539,9 @@ idna_to_ascii_4z (const uint32_t * input, char **output, int flags) } else { - size_t l = strlen (buf) + 1; - out = (char *) malloc (l); + out = strdup (buf); if (!out) return IDNA_MALLOC_ERROR; - strcpy (out, buf); } start = end + 1; -- 2.1.4
_______________________________________________ Help-libidn mailing list Help-libidn@gnu.org https://lists.gnu.org/mailman/listinfo/help-libidn
