Austin Group Defect Tracker

Aardvark Mark IV


Viewing Issue Simple Details Jump to Notes ] Issue History ] Print ]
ID Category Severity Type Date Submitted Last Update
0001243 [1003.1(2016/18)/Issue7+TC2] System Interfaces Comment Clarification Requested 2019-03-29 13:00 2019-11-19 16:12
Reporter schwarze View Status public  
Assigned To
Priority normal Resolution Accepted As Marked  
Status Applied  
Name Ingo Schwarze
Organization OpenBSD
User Reference
Section newlocale
Page Number 1392
Line Number 46271-46272, 46280-46282
Interp Status ---
Final Accepted Text See Note: 0004455.
Summary 0001243: newlocale(3) wording unintentionally permits ignoring the "base" argument
Description In OpenBSD, i implemented newlocale(3) according to the spec:

https://pubs.opengroup.org/onlinepubs/9699919799/functions/newlocale.html [^]

For simplicity, i chose to completely ignore the "base" argument because the spec says:

"It is unspecified whether the locale object pointed to by base shall be modified, or freed and a new locale object created."

And then later:

"If a completely new locale object is created, the data for all sections not requested by category_mask shall be taken from the default locale."

The normative text of the spec does not require anywhere to copy anything from "base" to the new locale object, but Karl Williamson convinced me that is likely intended for categories not included in the "category_mask" argument, so for compatibility with other systems, i just changed the OpenBSD implementation to no longer ignore the "base" argument.

Karl Williamson thinks that no other implementation ignores the "base" argument, and he might indeed know because he seems to be working on Perl 5 which is quite portable.
Desired Action You might wish to clarify under which circumstances copying from "base" to the new locale object is required.
Tags tc3-2008
Attached Files

- Relationships

-  Notes
(0004347)
kre (reporter)
2019-03-29 14:12

I think Karl Williamson is quite clearly correct, though the wording could
do with some tweaks to make this all clearer.

The "create or modify" and "completely new" words I think were intended
as being clear enough, but clearly were not.

I'd suggest changing page 1392, lines 46270-2 from:

      The newlocale() function shall create a new locale object or
      modify an existing one. If the base argument is (locale_t)0,
      a new locale object shall be created. It is unspecified whether
      the locale object pointed to by base shall be modified, or freed
      and a new locale object created.

to

      The newlocale() function shall create a new locale object or
      modify an existing one. If the base argument is (locale_t)0,
      a new locale object shall be created, otherwise the locale
      specified by base shall be modified. In the latter case it is
      unspecified whether the resulting locale object shall be that
      pointed to by base, modified, or whether that object shall be
      freed and a new locale object created using some values from it.

I doubt any other changes are needed.
(0004348)
schwarze (reporter)
2019-03-29 14:32

I agree that the proposed change of wording would exclude the unintended interpretation, and it doesn't seem to cause any new problems.
(0004349)
shware_systems (reporter)
2019-03-29 20:14
edited on: 2019-03-29 20:25

The wording still doesn't make it explicit the base argument is the source of unspecified categories. Second sentence should be more like:
"If the base argument is (locale_t)0, a new locale object shall be created, where the global locale, as process default, or the locale data specified by base, if not equal to (locale_t)0, shall provide the data for categories unspecified by the category and locale arguments."

Then it's unspecified whether this new object, possibly temporary, replaces the base with the same handle, with or without freeing previous data, or is left as a new object with a different handle from base.

(0004350)
kre (reporter)
2019-03-30 00:48

There is no need for the complication in Note: 0004349 - the way that
newlocale() constructs its result is covered in the following 2
paragraphs which are not being changed.

Further, there are exactly 2 options for processing base (when it is not 0),
either it is modified in place, and the return value == base (assuming no error)
or a new locale struct is allocated, data is copied from base (or the locale
named for the categories set in the bit mask) base is freed (ie: freelocale())
and the newly allocated locale is returned. No other combination is acceptable.
(0004451)
eblake (manager)
2019-06-24 16:15

Note: 0004347 could be read as requiring use-after free; maybe the proposal should tweak the last sentence to be:
In the latter case it is unspecified whether the resulting locale object shall be that pointed to by base modified in place, or whether that object shall be freed after a new locale object is first created using some values from it.
(0004455)
eblake (manager)
2019-06-27 15:59
edited on: 2019-06-27 16:02

Change page 1392, lines 46270-2 from:
The newlocale( ) function shall create a new locale object or
modify an existing one. If the base argument is (locale_t)0,
a new locale object shall be created. It is unspecified whether
the locale object pointed to by base shall be modified, or freed
and a new locale object created.
to:
The newlocale( ) function shall create a new locale object or
modify an existing one. If the base argument is (locale_t)0,
a new locale object shall be created, otherwise the locale
specified by base shall be modified. In the latter case it is
unspecified whether the resulting locale object shall be that
pointed to by base modified in place, or whether that object shall be
freed after a new locale object is first created using some values from it.



- Issue History
Date Modified Username Field Change
2019-03-29 13:00 schwarze New Issue
2019-03-29 13:00 schwarze Name => Ingo Schwarze
2019-03-29 13:00 schwarze Organization => OpenBSD
2019-03-29 13:00 schwarze Section => newlocale
2019-03-29 13:00 schwarze Page Number => unknown because the printed spec is not publicly available
2019-03-29 13:00 schwarze Line Number => unknown because the printed spec is not publicly available
2019-03-29 14:12 kre Note Added: 0004347
2019-03-29 14:32 schwarze Note Added: 0004348
2019-03-29 20:14 shware_systems Note Added: 0004349
2019-03-29 20:25 shware_systems Note Edited: 0004349
2019-03-30 00:48 kre Note Added: 0004350
2019-03-30 01:19 Don Cragun Page Number unknown because the printed spec is not publicly available => 1392
2019-03-30 01:19 Don Cragun Line Number unknown because the printed spec is not publicly available => 46271-46272, 46280-46282
2019-03-30 01:19 Don Cragun Interp Status => ---
2019-06-24 16:01 Don Cragun Final Accepted Text => See Note: 0004347.
2019-06-24 16:01 Don Cragun Status New => Resolved
2019-06-24 16:01 Don Cragun Resolution Open => Accepted As Marked
2019-06-24 16:01 Don Cragun Tag Attached: tc3-2008
2019-06-24 16:15 eblake Note Added: 0004451
2019-06-27 15:59 eblake Note Added: 0004455
2019-06-27 16:00 eblake Note Edited: 0004455
2019-06-27 16:02 eblake Note Edited: 0004455
2019-06-27 16:04 eblake Final Accepted Text See Note: 0004347. => See Note: 0004455.
2019-11-19 16:12 geoffclare Status Resolved => Applied


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker