Skip to content

uucore: reject non-regular and oversized locale files#11234

Open
mattsu2020 wants to merge 1 commit intouutils:mainfrom
mattsu2020:yes_11230
Open

uucore: reject non-regular and oversized locale files#11234
mattsu2020 wants to merge 1 commit intouutils:mainfrom
mattsu2020:yes_11230

Conversation

@mattsu2020
Copy link
Contributor

@mattsu2020 mattsu2020 commented Mar 8, 2026

Summary

Fix a localization startup issue where .ftl files were read with fs::read_to_string() without validating the target file type or size first.

If a locale file is symlinked to /dev/zero, startup can keep reading indefinitely until the process is killed by OOM. This affects utilities like true because localization is initialized before the utility runs.

What changed

  • added a guarded locale file reader for .ftl files
  • reject non-regular files before reading locale contents
  • enforce a maximum locale file size to avoid unbounded reads
  • route locale resource loading through the new safe reader

Tests

Added coverage for:

  • rejecting a non-regular locale path
  • rejecting an oversized locale file
  • rejecting a locale symlink that points to /dev/zero
  • still accepting a symlink that points to a regular locale file

Result

Utilities no longer risk unbounded memory growth during localization setup when locale files point to special files such as /dev/zero.

issue

#11230

@github-actions
Copy link

github-actions bot commented Mar 8, 2026

GNU testsuite comparison:

Skip an intermittent issue tests/cut/bounded-memory (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/date/date-locale-hour (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/date/resolution (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/pr/bounded-memory (fails in this run but passes in the 'main' branch)
Skipping an intermittent issue tests/tail/follow-name (passes in this run but fails in the 'main' branch)
Note: The gnu test tests/env/env-signal-handler was skipped on 'main' but is now failing.

@sylvestre
Copy link
Contributor

sylvestre commented Mar 8, 2026

i found this overkill for something that will never happen in real life

@oech3
Copy link
Contributor

oech3 commented Mar 8, 2026

How about loading *.ftl to stack with sizes determined at build.rs for perf?

@cakebaker cakebaker linked an issue Mar 8, 2026 that may be closed by this pull request
all: SIGKILL if *.ftl file is symlinked to /dev/zero #11230
Open
@oech3
Copy link
Contributor

oech3 commented Mar 8, 2026

This does not happen for proper packages. So I think we can just remove localization feature from https://github.com/uutils/coreutils/releases by --features feat_no_locales.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

all: SIGKILL if *.ftl file is symlinked to /dev/zero

3 participants

@mattsu2020 @sylvestre @oech3