about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog5
-rw-r--r--locale/loadlocale.c38
2 files changed, 39 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index 3d61c09bb4..371d384d43 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
 2004-09-25  Ulrich Drepper  <drepper@redhat.com>
 
+	* locale/loadlocale.c (_nl_intern_locale_data): Recognize LC_CTYPE
+	data where _nl_value_type_LC_CTYPE does not contain the type
+	information.  Add range checks.
+	Reported by John Lumby <johnlumby@hotmail.com> [BZ #356].
+
 	* libio/vasprintf.c (_IO_vasprintf): Fix condition to decide
 	whether to realloc or not.
 	Reported by Pavel Kankovsky <peak@argo.troja.mff.cuni.cz> [BZ #346].
diff --git a/locale/loadlocale.c b/locale/loadlocale.c
index b2d944794f..11ece50a22 100644
--- a/locale/loadlocale.c
+++ b/locale/loadlocale.c
@@ -1,5 +1,5 @@
 /* Functions to read locale data files.
-   Copyright (C) 1996-2001, 2002, 2003 Free Software Foundation, Inc.
+   Copyright (C) 1996-2001, 2002, 2003, 2004 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
 
@@ -115,15 +115,45 @@ _nl_intern_locale_data (int category, const void *data, size_t datasize)
 	  __set_errno (EINVAL);
 	  return NULL;
 	}
-      if (__builtin_expect (_nl_value_types[category][cnt] == word, 0))
+
+      /* Determine the type.  There is one special case: the LC_CTYPE
+	 category can have more elements than there are in the
+	 _nl_value_type_LC_XYZ array.  There are all pointers.  */
+      switch (category)
+	{
+#define CATTEST(cat) \
+	case LC_##cat:							      \
+	  assert (cnt < (sizeof (_nl_value_type_LC_##cat)		      \
+			 / sizeof (_nl_value_type_LC_##cat[0])));	      \
+	  break
+	  CATTEST (NUMERIC);
+	  CATTEST (TIME);
+	  CATTEST (COLLATE);
+	  CATTEST (MONETARY);
+	  CATTEST (MESSAGES);
+	  CATTEST (PAPER);
+	  CATTEST (NAME);
+	  CATTEST (ADDRESS);
+	  CATTEST (TELEPHONE);
+	  CATTEST (MEASUREMENT);
+	  CATTEST (IDENTIFICATION);
+	default:
+	  assert (category == LC_CTYPE);
+	  break;
+	}
+
+      if ((category == LC_CTYPE
+	   && cnt >= (sizeof (_nl_value_type_LC_CTYPE)
+		      / sizeof (_nl_value_type_LC_CTYPE[0])))
+	  || __builtin_expect (_nl_value_types[category][cnt] != word, 1))
+	newdata->values[cnt].string = newdata->filedata + idx;
+      else
 	{
 	  if (idx % __alignof__ (u_int32_t) != 0)
 	    goto puntdata;
 	  newdata->values[cnt].word =
 	    *((const u_int32_t *) (newdata->filedata + idx));
 	}
-      else
-	newdata->values[cnt].string = newdata->filedata + idx;
     }
 
   return newdata;