This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug locale/21036] Missing overflow checks in localedef reading numbers

From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Wed, 11 Jan 2017 14:00:09 +0000
Subject: [Bug locale/21036] Missing overflow checks in localedef reading numbers
Auto-submitted: auto-generated
References: <bug-21036-131@http.sourceware.org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=21036

--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  436cfba0abf749e5993b52dce589bae482f8c58a (commit)
      from  38d01bd6df937f69c881df61b111492e941f2b74 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=436cfba0abf749e5993b52dce589bae482f8c58a

commit 436cfba0abf749e5993b52dce589bae482f8c58a
Author: Joseph Myers <joseph@codesourcery.com>
Date:   Wed Jan 11 13:59:01 2017 +0000

    Fix ld-address format-truncation error.

    With the elf/sotruss-lib.c failure fixed, building 64-bit glibc with
    GCC mainline fails with another format-truncation error in
    locale/programs/ld-address.c, where 11 bytes are allocated for a
    buffer to print a long int value.

    This patch changes that code to allocate 21 bytes.  Treating this
    value as signed is questionable and I don't think large values are
    actually useful here, but I think those can be considered as instances
    of bug 21036 which I've filed for overflow checks for numeric values
    in localedef in general, and don't need to be addressed to fix the
    build.

    Tested with GCC mainline with compilation for aarch64 with
    build-many-glibcs.py, and with glibc testsuite for x86_64 (built with
    GCC 6).

    (Note that while this fixes the build of 64-bit glibc with GCC
    mainline, further fixes will be needed to get the testsuite building
    with GCC mainline again.)

        * locale/programs/ld-address.c (INT_STR_ELEM): Increase size of
        buffer used to print long int value.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                    |    3 +++
 locale/programs/ld-address.c |    4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

References:
- [Bug locale/21036] New: Missing overflow checks in localedef reading numbers
  - From: jsm28 at gcc dot gnu.org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]