Bug#724069: libidn11:amd64: invalid read of size 4 in idna_to_ascii_8z/idna_to_ascii_4z reported by valgrind

[Tim Rühsen]

Package: libidn11
Version: 1.28-1
Severity: normal

Dear Maintainer,

compiling and running a C program using valgrind leads to 'invalid read of 
size 4' report.

The code snippet is

#include <stdio.h>
#include <idna.h>
void main(void)
{
char *host_asc = NULL;
idna_to_ascii_8z("www.exampl.com", &host_asc, IDNA_USE_STD3_ASCII_RULES);
printf("->%s\n",host_asc);
}

Compiling it with gcc 4.8.1-10 and executing the executable with
  valgrind ./x

leads to
==8903== Invalid read of size 4
==8903==    at 0x4E386A2: idna_to_ascii_4z (in /usr/lib/x86_64-linux-
gnu/libidn.so.11.6.11)
==8903==    by 0x4E38919: idna_to_ascii_8z (in /usr/lib/x86_64-linux-
gnu/libidn.so.11.6.11)
==8903==    by 0x400642: main (in /home/tim/src/mget/tmp/x)
==8903==  Address 0x54121c8 is 8 bytes inside a block of size 11 alloc'd
==8903==    at 0x4C2B72E: realloc (vg_replace_malloc.c:662)
==8903==    by 0x4E3870D: idna_to_ascii_4z (in /usr/lib/x86_64-linux-
gnu/libidn.so.11.6.11)
==8903==    by 0x4E38919: idna_to_ascii_8z (in /usr/lib/x86_64-linux-
gnu/libidn.so.11.6.11)
==8903==    by 0x400642: main (in /home/tim/src/mget/tmp/x)


Using www.example.com (or any string with one byte longer) does not trigger 
valgrind.
The printf() prints in both cases the expected result.



-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.10-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libidn11:amd64 depends on:
ii  libc6              2.17-92+b1
ii  multiarch-support  2.17-92+b1

libidn11:amd64 recommends no packages.

libidn11:amd64 suggests no packages.

-- no debconf information

signature.asc
Description: This is a digitally signed message part.