netbsd-bugs: lib/22023: multiple iconv

Subject: lib/22023: multiple iconv_open/close fails
To: None <gnats-bugs@gnats.netbsd.org>
From: Johan Danielsson <joda@pdc.kth.se>
List: netbsd-bugs
Date: 06/30/2003 23:15:36

>Number:         22023
>Category:       lib
>Synopsis:       multiple iconv_open/close fails
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jun 30 21:16:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Johan Danielsson
>Release:        NetBSD 1.6T
>Organization:
	<organization of PR author (multiple lines)>
>Environment:
	<The following information is extracted from your kernel. Please>
	<append output of "ldd", "ident" where relevant (multiple lines).>
System: NetBSD blubb.pdc.kth.se 1.6T NetBSD 1.6T (BLUBB) #531: Thu May 29 13:09:25 CEST 2003 joda@blubb.pdc.kth.se:/usr/misc/src/netbsd/netbsd-cvs/src/sys/arch/i386/compile/BLUBB i386
Architecture: i386
Machine: i386

>Description:

In the following program, the last iconv_open returns -1.  At one
point it worked with an iconv() on a string of proper length before
the two iconv_close() calls, but I can't repeat this anymore.  This
smells a bit like memory corruption.

While this code may seem strange, there are applications that do
things like this. It works with GNU libiconv and the iconv found in
AIX 4.3 (those were the only ones I could find that supported UTF-8).

#include <stdio.h>
#include <iconv.h>

main()
{
    iconv_t a, b;

    a = iconv_open("UTF-8", "UTF-8");
    printf("%p\n", a);
    if(a == (iconv_t)-1)
        exit(1);
    b = iconv_open("ISO8859-1", "UTF-8");
    printf("%p\n", b);
    if(b == (iconv_t)-1)
        exit(1);

    iconv_close(a);
    iconv_close(b);

    b = iconv_open("ISO8859-1", "UTF-8");
    printf("%p\n", b);
}

>How-To-Repeat:

$ gcc test.c 
$ ./a.out 
0x804c030
0x804c060
0xffffffff

>Fix:

I have no idea. The citrus code is a too complicated for me, epecially
since my gdb doesn't like to single step. I got as far as open_dsts()
in citrus_iconv_std.c before giving up.
>Release-Note:
>Audit-Trail:
>Unformatted:
 	<Please check that the above is correct for the bug being reported,>
 	<and append source date of snapshot, if applicable (one line).>