https://bugzilla.redhat.com/show_bug.cgi?id=1733869
Bug ID: 1733869 Summary: gettext: Getting errors in double free with msgfmt command. Product: Fedora Version: 30 Status: NEW Component: gettext Assignee: panovotn@redhat.com Reporter: poyadav@redhat.com QA Contact: extras-qa@fedoraproject.org CC: dueno@redhat.com, i18n-bugs@lists.fedoraproject.org, jjanco@redhat.com, nphilipp@redhat.com, panovotn@redhat.com, petersen@redhat.com, praiskup@redhat.com, suanand@redhat.com Target Milestone: --- Classification: Fedora
Description of problem: Error in poc, please refer the result section for details.
Version-Release number of selected component (if applicable): gettext-0.19.8.1-18.fc30.x86_64
How reproducible: Always
Steps to Reproduce: 1. Clone https://github.com/CCCCCrash/POCs.git. 2. Run valgrind msgfmt poc command. 3. Observe the output.
Actual results: [poyadav@localhost doublefree]$ valgrind msgfmt poc ==8072== Memcheck, a memory error detector ==8072== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==8072== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info ==8072== Command: msgfmt poc ==8072== ==8072== Conditional jump or move depends on uninitialised value(s) ==8072== at 0x48D9940: freea (in /usr/lib64/libgettextlib-0.19.8.1.so) ==8072== by 0x487E8EA: po_lex_charset_set (in /usr/lib64/libgettextsrc-0.19.8.1.so) ==8072== by 0x487E098: po_gram_parse (in /usr/lib64/libgettextsrc-0.19.8.1.so) ==8072== by 0x487EB9A: ??? (in /usr/lib64/libgettextsrc-0.19.8.1.so) ==8072== by 0x487A773: catalog_reader_parse (in /usr/lib64/libgettextsrc-0.19.8.1.so) ==8072== by 0x10E7C7: ??? (in /usr/bin/msgfmt) ==8072== by 0x10D8EB: ??? (in /usr/bin/msgfmt) ==8072== by 0x4AABF32: (below main) (in /usr/lib64/libc-2.29.so) ==8072== poc:17: duplicate message definition... poc:16: ...this is the location of the first definition poc:18:3: syntax error poc:18: keyword "n" unknown poc:19: end-of-line within string poc:28: duplicate message definition... poc:24: ...this is the location of the first definition poc:35: keyword "msgud_plural" unknown poc:34: missing 'msgstr' section poc:35:13: syntax error poc:40: end-of-line within string poc:46: end-of-line within string poc: warning: Charset missing in header. Message conversion to user's charset will not work. poc:42: duplicate message definition... poc:6: ...this is the location of the first definition poc:46:2: syntax error poc:46: keyword "Ep" unknown poc:47: keyword "C" unknown poc:48: keyword "s" unknown poc:49: keyword "bo" unknown poc:50: keyword "S" unknown poc:50:236: invalid control sequence poc:50:397: invalid control sequence poc:51: end-of-line within string msgfmt: too many errors, aborting ==8072== ==8072== HEAP SUMMARY: ==8072== in use at exit: 59,783 bytes in 123 blocks ==8072== total heap usage: 547 allocs, 424 frees, 99,479 bytes allocated ==8072== ==8072== LEAK SUMMARY: ==8072== definitely lost: 650 bytes in 82 blocks ==8072== indirectly lost: 0 bytes in 0 blocks ==8072== possibly lost: 0 bytes in 0 blocks ==8072== still reachable: 59,133 bytes in 41 blocks ==8072== suppressed: 0 bytes in 0 blocks ==8072== Rerun with --leak-check=full to see details of leaked memory ==8072== ==8072== Use --track-origins=yes to see where uninitialised values come from ==8072== For lists of detected and suppressed errors, rerun with: -s ==8072== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Expected results: No errors.
Additional info: