This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug math/16962] nan function unbounded stack allocation

--- Comment #2 from cvs-commit at gcc dot <cvs-commit at gcc dot> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  8f5e8b01a1da2a207228f2072c934fa5918554b8 (commit)
      from  79e0d340a9e7fb2c931686462131c92b99611003 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------;h=8f5e8b01a1da2a207228f2072c934fa5918554b8

commit 8f5e8b01a1da2a207228f2072c934fa5918554b8
Author: Joseph Myers <>
Date:   Fri Dec 4 20:36:28 2015 +0000

    Fix nan functions handling of payload strings (bug 16961, bug 16962).

    The nan, nanf and nanl functions handle payload strings by doing e.g.:

      if (tagp[0] != '\0')
          char buf[6 + strlen (tagp)];
          sprintf (buf, "NAN(%s)", tagp);
          return strtod (buf, NULL);

    This is an unbounded stack allocation based on the length of the
    argument.  Furthermore, if the argument starts with an n-char-sequence
    followed by ')', that n-char-sequence is wrongly treated as
    significant for determining the payload of the resulting NaN, when ISO
    C says the call should be equivalent to strtod ("NAN", NULL), without
    being affected by that initial n-char-sequence.  This patch fixes both
    those problems by using the __strtod_nan etc. functions recently
    factored out of strtod etc. for that purpose, with those functions
    being exported from libc at version GLIBC_PRIVATE.

    Tested for x86_64, x86, mips64 and powerpc.

        [BZ #16961]
        [BZ #16962]
        * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
        string on the stack for strtod.
        * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
        a string on the stack for strtof.
        * math/s_nanl.c (__nanl): Use __strtold_nan instead of
        constructing a string on the stack for strtold.
        * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
        __strtold_nan to GLIBC_PRIVATE.
        * math/test-nan-overflow.c: New file.
        * math/test-nan-payload.c: Likewise.
        * math/Makefile (tests): Add test-nan-overflow and


Summary of changes:
 ChangeLog                                 |   17 ++++
 NEWS                                      |    6 ++
 math/Makefile                             |    3 +-
 math/s_nan.c                              |    9 +--
 math/s_nanf.c                             |    9 +--
 math/s_nanl.c                             |    9 +--
 math/{test-powl.c => test-nan-overflow.c} |   59 +++++++++------
 math/test-nan-payload.c                   |  122 +++++++++++++++++++++++++++++
 stdlib/Versions                           |    1 +
 9 files changed, 187 insertions(+), 48 deletions(-)
 copy math/{test-powl.c => test-nan-overflow.c} (51%)
 create mode 100644 math/test-nan-payload.c

You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]