Re: [PATCH v2] locale: don't crash if locale-archive contains all zeros

["Carlos O'Donell" <carlos at redhat dot com>]

On 12/03/2013 01:08 PM, Mike Frysinger wrote:
> On Tuesday 03 December 2013 08:23:16 Aurelien Jarno wrote:
>> On Tue, Dec 03, 2013 at 12:40:54PM +0100, OndÅej BÃlka wrote:
>>> On Tue, Dec 03, 2013 at 12:21:33PM +0100, Andreas Schwab wrote:
>>>> Aurelien Jarno <aurelien@aurel32.net> writes:
>>>>> +  /* Avoid division by 0 if the file is corrupted.  */
>>>>> +  if (__glibc_unlikely (head->namehash_size == 0))
>>>>> +    goto close_and_out;
>>>>
>>>> That won't help for head->namehash_size == 2, or any other corruptions.
>>
>> Indeed it will still crash for head->namehash_size == 2, it's something
>> I missed. For other corruptions, they are handled later in the code.
>>
>>> Which is less common zeroed file. Proper solution would be starting
>>> files with magic constant which is too late to add.
>>
>> Isn't it possible to break the format between releases, iow people are
>> not supposed to rebuild the locales when installing a new libc?
> 
> adding a magic constant would be good.  do we feel like that'd catch most 
> cases of corruption ?  would some overall small crc check be useful too ?  the 
> point of the archive file is to be fast, so we don't want to bog it down in the 
> general case ...

I like the idea of a small crc, but that's a lot more complicated than
a quick magic header check and invalid hash values... and would cost
more in performance.

I'm happy to see a magic header value go in with the invalid hash
check, but anything beyond that is going to need some performance
measurements.

Cheers,
Carlos.