This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug string/22644] memmove-sse2-unaligned on 32bit x86 produces garbage when crossing 2GB threshold (CVE-2017-18269)
- From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Thu, 20 Dec 2018 23:40:05 +0000
- Subject: [Bug string/22644] memmove-sse2-unaligned on 32bit x86 produces garbage when crossing 2GB threshold (CVE-2017-18269)
- Auto-submitted: auto-generated
- References: <bug-22644-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=22644
--- Comment #15 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, release/2.24/master has been updated
via 659b3df5db97948f4c6042203163873fb96ec512 (commit)
via b501c7b09eb941dc7ff21f9939c322d2c9c32ec0 (commit)
via ff52a12250bd381aaef91edc0269f6e3e79d20ac (commit)
via 3f949b03473b4ca8b8e69a4e540511dfee39e493 (commit)
from 682f24d0f3995689f407dee842002099d3604586 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=659b3df5db97948f4c6042203163873fb96ec512
commit 659b3df5db97948f4c6042203163873fb96ec512
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu May 24 12:19:11 2018 +0200
Add references to CVE-2017-18269, CVE-2018-11236, CVE-2018-11237
(cherry picked from commit 43d4f3d5ad94e1fa5e56d7a7200d0e9f3d8e2f02)
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b501c7b09eb941dc7ff21f9939c322d2c9c32ec0
commit b501c7b09eb941dc7ff21f9939c322d2c9c32ec0
Author: Andreas Schwab <schwab@suse.de>
Date: Tue May 22 10:37:59 2018 +0200
Don't write beyond destination in __mempcpy_avx512_no_vzeroupper (bug
23196)
When compiled as mempcpy, the return value is the end of the destination
buffer, thus it cannot be used to refer to the start of it.
(cherry picked from commit 9aaaab7c6e4176e61c59b0a63c6ba906d875dc0e)
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ff52a12250bd381aaef91edc0269f6e3e79d20ac
commit ff52a12250bd381aaef91edc0269f6e3e79d20ac
Author: Paul Pluzhnikov <ppluzhnikov@google.com>
Date: Tue May 8 18:12:41 2018 -0700
Fix BZ 22786: integer addition overflow may cause stack buffer overflow
when realpath() input length is close to SSIZE_MAX.
2018-05-09 Paul Pluzhnikov <ppluzhnikov@google.com>
[BZ #22786]
* stdlib/canonicalize.c (__realpath): Fix overflow in path length
computation.
* stdlib/Makefile (test-bz22786): New test.
* stdlib/test-bz22786.c: New test.
(cherry picked from commit 5460617d1567657621107d895ee2dd83bc1f88f2)
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3f949b03473b4ca8b8e69a4e540511dfee39e493
commit 3f949b03473b4ca8b8e69a4e540511dfee39e493
Author: Andrew Senkevich <andrew.n.senkevich@gmail.com>
Date: Fri Mar 23 16:19:45 2018 +0100
Fix i386 memmove issue (bug 22644).
[BZ #22644]
* sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S: Fixed
branch conditions.
* string/test-memmove.c (do_test2): New testcase.
(cherry picked from commit cd66c0e584c6d692bc8347b5e72723d02b8a8ada)
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 27 ++++++
NEWS | 17 ++++
stdlib/Makefile | 2 +-
stdlib/canonicalize.c | 2 +-
stdlib/test-bz22786.c | 90 ++++++++++++++++++++
string/test-memmove.c | 57 ++++++++++++
string/test-mempcpy.c | 1 +
.../i386/i686/multiarch/memcpy-sse2-unaligned.S | 12 ++--
.../multiarch/memmove-avx512-no-vzeroupper.S | 5 +-
9 files changed, 203 insertions(+), 10 deletions(-)
create mode 100644 stdlib/test-bz22786.c
--
You are receiving this mail because:
You are on the CC list for the bug.