Bug 15996 - [2.18] tst-mutexpi8 test case failure on non-x86 systems
Summary: [2.18] tst-mutexpi8 test case failure on non-x86 systems
Status: RESOLVED FIXED
Alias: None
Product: glibc
Classification: Unclassified
Component: nptl (show other bugs)
Version: 2.18
: P2 normal
Target Milestone: 2.18
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on: 15988
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-03 02:45 UTC by Siddhesh Poyarekar
Modified: 2016-08-22 13:37 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Siddhesh Poyarekar 2013-10-03 02:45:29 UTC
2.18 clone to request a backport.

+++ This bug was initially created as a clone of Bug #15988 +++

tst-mutexpi8 test case fails on non-x86 boxes (tested s390 and got a similar report for ppc) for recursive mutexes.  Here's a reproducer that produces the same failure.

#include <pthread.h>
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>

pthread_mutex_t mutex;
pthread_mutexattr_t attr;
pthread_cond_t cond;
pthread_t tid;

void *callback(void *arg){
        for (;;){
                sleep(2);
                pthread_mutex_lock(&mutex);
                printf("Wake up!\n");
                pthread_cond_broadcast(&cond);
                pthread_mutex_unlock(&mutex);
        }
}

int main(){
        pthread_mutexattr_init(&attr);
        pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE);
        pthread_mutexattr_setprotocol(&attr, PTHREAD_PRIO_INHERIT);
        pthread_mutex_init(&mutex, &attr);
        pthread_cond_init(&cond, NULL);

        pthread_mutex_lock(&mutex);
        pthread_create(&tid, NULL, callback, &cond);

        printf("Going to sleep\n");
        for(;;){
                pthread_cond_wait(&cond, &mutex);
                printf("OK\n");
                exit(0);
        }
}

Actual results:

Going to sleep
Wake up!
Wake up!
Wake up!
Wake up!
Wake up!
Wake up!
Wake up!
Wake up!
Wake up!
Wake up!
Wake up!
Wake up!
...

Expected Result:

Going to sleep
Wake up!
OK

Patch coming soon.
Comment 1 Siddhesh Poyarekar 2013-10-03 04:57:45 UTC
Fixed in 2.18:

commit 2770d15e7e880821fc586619c59eb45180628e16
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Thu Oct 3 08:26:21 2013 +0530

    Fix PI mutex check in pthread_cond_broadcast and pthread_cond_signal
    
    Fixes BZ #15996.
    
    The check had a typo - it checked for PTHREAD_MUTEX_ROBUST_NP instead
    of PTHREAD_MUTEX_ROBUST_NORMAL_NP.  It has now been replaced by the
    already existing convenience macro USE_REQUEUE_PI.
Comment 2 cvs-commit@gcc.gnu.org 2014-01-06 16:55:32 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, remotes/origin/gentoo/2.18 has been created
        at  3cd70f9e650bafef5c73c19229e6f0176604bb9e (commit)

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3cd70f9e650bafef5c73c19229e6f0176604bb9e

commit 3cd70f9e650bafef5c73c19229e6f0176604bb9e
Author: David S. Miller <davem@davemloft.net>
Date:   Tue Nov 12 12:48:01 2013 -0800

    Fix sparc 64-bit GMP ifunc resolution in static builds.
    
    	[BZ #16150]
    	* sysdeps/sparc/sparc64/multiarch/add_n.S: Resolve to the correct generic
    	symbol in the non-vis3 case in static builds.
    	* sysdeps/sparc/sparc64/multiarch/addmul_1.S: Likewise.
    	* sysdeps/sparc/sparc64/multiarch/mul_1.S: Likewise.
    	* sysdeps/sparc/sparc64/multiarch/sub_n.S: Likewise.
    	* sysdeps/sparc/sparc64/multiarch/submul_1.S: Likewise.
    
    (cherry picked from commit 2293d2b10a583486cd22ce578796848f4c3a8b6d)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02bebc1e960eb20099738b3ecce1ac780925729

commit e02bebc1e960eb20099738b3ecce1ac780925729
Author: David S. Miller <davem@davemloft.net>
Date:   Wed Nov 6 13:01:36 2013 -0800

    Fix build on pre-v9 32-bit Sparc.
    
    We cannot use fnegd in this code, as fnegd was added in v9.
    Only fnegs exists in v8 and earlier.
    
    	[BZ #15985]
    	* sysdeps/sparc/sparc32/fpu/s_fdim.S (__fdim): Do not use fnegd
    	on pre-v9 cpus, use a fnegs+fmovs sequence instead.
    
    (cherry picked from commit 2216e48645dbd297cdc0f4050fdfc0b52e2a4ab8)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9695c981b9033f4a7e23ff7c35a4e66f13d68eb4

commit 9695c981b9033f4a7e23ff7c35a4e66f13d68eb4
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Wed Sep 25 13:43:04 2013 -0500

    PowerPC: Fix POINTER_CHK_GUARD thread register for PPC64
    
    (cherry picked from commit dc3a1f98dc4c86cb454474f4912ae325573655cb)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4da92b3ac5974326963532aa16c4437d801a0efe

commit 4da92b3ac5974326963532aa16c4437d801a0efe
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Aug 16 12:54:29 2013 +0100

    malloc: Check for integer overflow in memalign.
    
    A large bytes parameter to memalign could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15857]
    	* malloc/malloc.c (__libc_memalign): Check the value of bytes
    	does not overflow.
    
    (cherry picked from commit c51d675c459aefef8d84d5a0b114010f916ea278)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=42b872e43db7c71cd40357724f1542252eb0c708

commit 42b872e43db7c71cd40357724f1542252eb0c708
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Aug 16 11:59:37 2013 +0100

    malloc: Check for integer overflow in valloc.
    
    A large bytes parameter to valloc could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15856]
    	* malloc/malloc.c (__libc_valloc): Check the value of bytes
    	does not overflow.
    
    (cherry picked from commit 6a6a386a3040726053a5fb8582ff26dc85d84741)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7e52cc7af467b6a8ba6367af4fecd4c3289db454

commit 7e52cc7af467b6a8ba6367af4fecd4c3289db454
Author: Will Newton <will.newton@linaro.org>
Date:   Mon Aug 12 15:08:02 2013 +0100

    malloc: Check for integer overflow in pvalloc.
    
    A large bytes parameter to pvalloc could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15855]
    	* malloc/malloc.c (__libc_pvalloc): Check the value of bytes
    	does not overflow.
    
    (cherry picked from commit 7e0e64ead52591b968df582b0ddc247ba5c4eab4)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4e3c791909a092489659d4359b73474febbd484a

commit 4e3c791909a092489659d4359b73474febbd484a
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Mon Sep 23 00:52:09 2013 -0400

    BZ #15754: CVE-2013-4788
    
    The pointer guard used for pointer mangling was not initialized for
    static applications resulting in the security feature being disabled.
    The pointer guard is now correctly initialized to a random value for
    static applications. Existing static applications need to be
    recompiled to take advantage of the fix.
    
    The test tst-ptrguard1-static and tst-ptrguard1 add regression
    coverage to ensure the pointer guards are sufficiently random
    and initialized to a default value.
    
    (cherry picked from commit c779e9df75256f19c7be8d12b2d163e2016a63f4)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=46ee9243f23f56ded21bf8507f86a55980b04ed1

commit 46ee9243f23f56ded21bf8507f86a55980b04ed1
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Fri Oct 25 10:22:12 2013 +0530

    Fix stack overflow due to large AF_INET6 requests
    
    Resolves #16072 (CVE-2013-4458).
    
    This patch fixes another stack overflow in getaddrinfo when it is
    called with AF_INET6.  The AF_UNSPEC case was fixed as CVE-2013-1914,
    but the AF_INET6 case went undetected back then.
    
    (cherry picked from commit 6f95434fd488e9b72117f9b93ec2e2dbf397a4d3)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cbee0562887196f6c87dc538aaeeb494c79daa15

commit cbee0562887196f6c87dc538aaeeb494c79daa15
Author: Allan McRae <allan@archlinux.org>
Date:   Mon Sep 9 22:52:58 2013 +1000

    Fix memory leak in stdlib/isomac.c
    
    (cherry picked from commit 3f71830d35d7bf4ac11664f0c48c3c68d250618b)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=45560694ca0b6d80ccbba23b51d1c4aa8cd228ab

commit 45560694ca0b6d80ccbba23b51d1c4aa8cd228ab
Author: Allan McRae <allan@archlinux.org>
Date:   Mon Sep 9 22:50:41 2013 +1000

    Fix memory leaks in libio on allocation failure
    
    (cherry picked from commit 8e395175c4786ad9679851e3ed3c0c54a6f4e1f0)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6c42eca168f60bc50ed5e57ce59d1bfdf19120e2

commit 6c42eca168f60bc50ed5e57ce59d1bfdf19120e2
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Thu Sep 5 09:32:56 2013 -0500

    PowerPC: fix POWER7 memrchr for some large inputs
    
    (cherry picked from commit b51679672648410c6627a4bd169e076c5b36f47b)
    
    Conflicts:
    	ChangeLog

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c4efa458d767026ade69a4cb72362856a7495127

commit c4efa458d767026ade69a4cb72362856a7495127
Author: Andreas Arnez <arnez@linux.vnet.ibm.com>
Date:   Thu Oct 31 09:57:33 2013 -0500

    * elf/setup-vdso.h (setup_vdso): Fix missing string termination.
    
    backport of f315524e034cfc644157cb4af5ecc99f645dd067
    
    (cherry picked from commit f8a004f1fa412e3aae77faa30b4dfb654d721510)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f50548ac238605f133138f1c00be80b4e2ae3128

commit f50548ac238605f133138f1c00be80b4e2ae3128
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Oct 31 09:55:52 2013 -0500

    CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r
    
    * sysdeps/posix/dirstream.h (struct __dirstream): Add errcode
    member.
    * sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode
    member.
    * sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member.
    * sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit.
    Return delayed error code.  Remove GETDENTS_64BIT_ALIGNED
    conditional.
    * sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define
    GETDENTS_64BIT_ALIGNED.
    * sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise.
    * manual/filesys.texi (Reading/Closing Directory): Document
    ENAMETOOLONG return value of readdir_r.  Recommend readdir more
    strongly.
    * manual/conf.texi (Limits for Files): Add portability note to
    NAME_MAX, PATH_MAX.
    (Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX.
    
    backport of 91ce40854d0b7f865cf5024ef95a8026b76096f3
    
    (cherry picked from commit f166b9c6e90d631115c59b4357357bc168d8e51a)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=703be862e20ab99e0c241480658d372d3f71fd4e

commit 703be862e20ab99e0c241480658d372d3f71fd4e
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Thu Oct 3 08:26:21 2013 +0530

    Fix PI mutex check in pthread_cond_broadcast and pthread_cond_signal
    
    Fixes BZ #15996.
    
    The check had a typo - it checked for PTHREAD_MUTEX_ROBUST_NP instead
    of PTHREAD_MUTEX_ROBUST_NORMAL_NP.  It has now been replaced by the
    already existing convenience macro USE_REQUEUE_PI.
    
    (cherry picked from commit 2770d15e7e880821fc586619c59eb45180628e16)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6987b2d519f836926540d6fee1ad8840b29865bf

commit 6987b2d519f836926540d6fee1ad8840b29865bf
Author: Will Newton <will.newton@linaro.org>
Date:   Thu Aug 29 20:10:26 2013 +0100

    ARM: Fix clone code when built for Thumb.
    
    The mov lr, pc instruction will lose the Thumb bit from the return address
    so use blx lr instead.
    
    ports/ChangeLog.arm:
    
    2013-08-30  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15909]
    	* sysdeps/unix/sysv/linux/arm/clone.S (__clone): Use blx
    	instead of mov lr, pc.
    
    (cherry picked from commit 6b06ac56cdfc9293908724e51e827534e97819aa)
    (cherry picked from commit 4f2bcda964d4fff56855e0c66198c9bcb682ea1e)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=50219dba1e5108fd32de15b0533a6a53db0085ed

commit 50219dba1e5108fd32de15b0533a6a53db0085ed
Author: Mike Frysinger <vapier@gentoo.org>
Date:   Sun Jan 5 16:23:42 2014 -0500

    ia64: add __ prefix to pt_all_user_regs/ia64_fpreg [BZ #762]
    
    This addresses a long standing collision between userspace headers and
    kernel headers only on ia64 systems.  All other types have a __ prefix
    in the ptrace headers except these two.  Let's finally namespace these.
    
    Verified that at least strace still builds after this change, as well
    as after deleting all the struct hacks it has specifically for ia64.
    
    URL: https://sourceware.org/bugzilla/show_bug.cgi?id=762
    Signed-off-by: Mike Frysinger <vapier@gentoo.org>

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=367416b057d5da2f719856c8ee9072b58600f48d

commit 367416b057d5da2f719856c8ee9072b58600f48d
Author: Mike Frysinger <vapier@gentoo.org>
Date:   Sun Jan 5 16:07:13 2014 -0500

    ptrace.h: add __ prefix to ptrace_peeksiginfo_args
    
    All the other ptrace structures in this file have a __ prefix except this
    new one.  This in turn causes build problems for most packages that try to
    use ptrace such as strace:
    
    gcc -DHAVE_CONFIG_H -I. -I../..  -I../../linux/x86_64 -I../../linux \
    	-I./linux  -Wall -Wwrite-strings -g -O2 -MT process.o -MD -MP \
    	-MF .deps/process.Tpo -c -o process.o ../../process.c
    In file included from ../../process.c:63:0:
    /usr/include/linux/ptrace.h:58:8: error: redefinition of 'struct ptrace_peeksiginfo_args'
     struct ptrace_peeksiginfo_args {
            ^
    In file included from ../../defs.h:159:0,
                     from ../../process.c:37:
    /usr/include/sys/ptrace.h:191:8: note: originally defined here
     struct ptrace_peeksiginfo_args
            ^
    
    Since this struct was introduced in glibc-2.18, there shouldn't be any
    real regressions with adding the __ prefix.
    
    Signed-off-by: Mike Frysinger <vapier@gentoo.org>

-----------------------------------------------------------------------
Comment 3 cvs-commit@gcc.gnu.org 2014-01-06 16:56:30 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, gentoo/2.18 has been updated
       via  3cd70f9e650bafef5c73c19229e6f0176604bb9e (commit)
       via  e02bebc1e960eb20099738b3ecce1ac780925729 (commit)
       via  9695c981b9033f4a7e23ff7c35a4e66f13d68eb4 (commit)
       via  4da92b3ac5974326963532aa16c4437d801a0efe (commit)
       via  42b872e43db7c71cd40357724f1542252eb0c708 (commit)
       via  7e52cc7af467b6a8ba6367af4fecd4c3289db454 (commit)
       via  4e3c791909a092489659d4359b73474febbd484a (commit)
       via  46ee9243f23f56ded21bf8507f86a55980b04ed1 (commit)
       via  cbee0562887196f6c87dc538aaeeb494c79daa15 (commit)
       via  45560694ca0b6d80ccbba23b51d1c4aa8cd228ab (commit)
       via  6c42eca168f60bc50ed5e57ce59d1bfdf19120e2 (commit)
       via  c4efa458d767026ade69a4cb72362856a7495127 (commit)
       via  f50548ac238605f133138f1c00be80b4e2ae3128 (commit)
       via  703be862e20ab99e0c241480658d372d3f71fd4e (commit)
       via  6987b2d519f836926540d6fee1ad8840b29865bf (commit)
       via  50219dba1e5108fd32de15b0533a6a53db0085ed (commit)
       via  367416b057d5da2f719856c8ee9072b58600f48d (commit)
      from  d1b29e58c17436b3e0cf92c12b1e99ec6b4cd9ba (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3cd70f9e650bafef5c73c19229e6f0176604bb9e

commit 3cd70f9e650bafef5c73c19229e6f0176604bb9e
Author: David S. Miller <davem@davemloft.net>
Date:   Tue Nov 12 12:48:01 2013 -0800

    Fix sparc 64-bit GMP ifunc resolution in static builds.
    
    	[BZ #16150]
    	* sysdeps/sparc/sparc64/multiarch/add_n.S: Resolve to the correct generic
    	symbol in the non-vis3 case in static builds.
    	* sysdeps/sparc/sparc64/multiarch/addmul_1.S: Likewise.
    	* sysdeps/sparc/sparc64/multiarch/mul_1.S: Likewise.
    	* sysdeps/sparc/sparc64/multiarch/sub_n.S: Likewise.
    	* sysdeps/sparc/sparc64/multiarch/submul_1.S: Likewise.
    
    (cherry picked from commit 2293d2b10a583486cd22ce578796848f4c3a8b6d)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02bebc1e960eb20099738b3ecce1ac780925729

commit e02bebc1e960eb20099738b3ecce1ac780925729
Author: David S. Miller <davem@davemloft.net>
Date:   Wed Nov 6 13:01:36 2013 -0800

    Fix build on pre-v9 32-bit Sparc.
    
    We cannot use fnegd in this code, as fnegd was added in v9.
    Only fnegs exists in v8 and earlier.
    
    	[BZ #15985]
    	* sysdeps/sparc/sparc32/fpu/s_fdim.S (__fdim): Do not use fnegd
    	on pre-v9 cpus, use a fnegs+fmovs sequence instead.
    
    (cherry picked from commit 2216e48645dbd297cdc0f4050fdfc0b52e2a4ab8)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9695c981b9033f4a7e23ff7c35a4e66f13d68eb4

commit 9695c981b9033f4a7e23ff7c35a4e66f13d68eb4
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Wed Sep 25 13:43:04 2013 -0500

    PowerPC: Fix POINTER_CHK_GUARD thread register for PPC64
    
    (cherry picked from commit dc3a1f98dc4c86cb454474f4912ae325573655cb)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4da92b3ac5974326963532aa16c4437d801a0efe

commit 4da92b3ac5974326963532aa16c4437d801a0efe
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Aug 16 12:54:29 2013 +0100

    malloc: Check for integer overflow in memalign.
    
    A large bytes parameter to memalign could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15857]
    	* malloc/malloc.c (__libc_memalign): Check the value of bytes
    	does not overflow.
    
    (cherry picked from commit c51d675c459aefef8d84d5a0b114010f916ea278)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=42b872e43db7c71cd40357724f1542252eb0c708

commit 42b872e43db7c71cd40357724f1542252eb0c708
Author: Will Newton <will.newton@linaro.org>
Date:   Fri Aug 16 11:59:37 2013 +0100

    malloc: Check for integer overflow in valloc.
    
    A large bytes parameter to valloc could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15856]
    	* malloc/malloc.c (__libc_valloc): Check the value of bytes
    	does not overflow.
    
    (cherry picked from commit 6a6a386a3040726053a5fb8582ff26dc85d84741)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7e52cc7af467b6a8ba6367af4fecd4c3289db454

commit 7e52cc7af467b6a8ba6367af4fecd4c3289db454
Author: Will Newton <will.newton@linaro.org>
Date:   Mon Aug 12 15:08:02 2013 +0100

    malloc: Check for integer overflow in pvalloc.
    
    A large bytes parameter to pvalloc could cause an integer overflow
    and corrupt allocator internals. Check the overflow does not occur
    before continuing with the allocation.
    
    ChangeLog:
    
    2013-09-11  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15855]
    	* malloc/malloc.c (__libc_pvalloc): Check the value of bytes
    	does not overflow.
    
    (cherry picked from commit 7e0e64ead52591b968df582b0ddc247ba5c4eab4)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4e3c791909a092489659d4359b73474febbd484a

commit 4e3c791909a092489659d4359b73474febbd484a
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Mon Sep 23 00:52:09 2013 -0400

    BZ #15754: CVE-2013-4788
    
    The pointer guard used for pointer mangling was not initialized for
    static applications resulting in the security feature being disabled.
    The pointer guard is now correctly initialized to a random value for
    static applications. Existing static applications need to be
    recompiled to take advantage of the fix.
    
    The test tst-ptrguard1-static and tst-ptrguard1 add regression
    coverage to ensure the pointer guards are sufficiently random
    and initialized to a default value.
    
    (cherry picked from commit c779e9df75256f19c7be8d12b2d163e2016a63f4)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=46ee9243f23f56ded21bf8507f86a55980b04ed1

commit 46ee9243f23f56ded21bf8507f86a55980b04ed1
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Fri Oct 25 10:22:12 2013 +0530

    Fix stack overflow due to large AF_INET6 requests
    
    Resolves #16072 (CVE-2013-4458).
    
    This patch fixes another stack overflow in getaddrinfo when it is
    called with AF_INET6.  The AF_UNSPEC case was fixed as CVE-2013-1914,
    but the AF_INET6 case went undetected back then.
    
    (cherry picked from commit 6f95434fd488e9b72117f9b93ec2e2dbf397a4d3)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cbee0562887196f6c87dc538aaeeb494c79daa15

commit cbee0562887196f6c87dc538aaeeb494c79daa15
Author: Allan McRae <allan@archlinux.org>
Date:   Mon Sep 9 22:52:58 2013 +1000

    Fix memory leak in stdlib/isomac.c
    
    (cherry picked from commit 3f71830d35d7bf4ac11664f0c48c3c68d250618b)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=45560694ca0b6d80ccbba23b51d1c4aa8cd228ab

commit 45560694ca0b6d80ccbba23b51d1c4aa8cd228ab
Author: Allan McRae <allan@archlinux.org>
Date:   Mon Sep 9 22:50:41 2013 +1000

    Fix memory leaks in libio on allocation failure
    
    (cherry picked from commit 8e395175c4786ad9679851e3ed3c0c54a6f4e1f0)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6c42eca168f60bc50ed5e57ce59d1bfdf19120e2

commit 6c42eca168f60bc50ed5e57ce59d1bfdf19120e2
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date:   Thu Sep 5 09:32:56 2013 -0500

    PowerPC: fix POWER7 memrchr for some large inputs
    
    (cherry picked from commit b51679672648410c6627a4bd169e076c5b36f47b)
    
    Conflicts:
    	ChangeLog

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c4efa458d767026ade69a4cb72362856a7495127

commit c4efa458d767026ade69a4cb72362856a7495127
Author: Andreas Arnez <arnez@linux.vnet.ibm.com>
Date:   Thu Oct 31 09:57:33 2013 -0500

    * elf/setup-vdso.h (setup_vdso): Fix missing string termination.
    
    backport of f315524e034cfc644157cb4af5ecc99f645dd067
    
    (cherry picked from commit f8a004f1fa412e3aae77faa30b4dfb654d721510)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f50548ac238605f133138f1c00be80b4e2ae3128

commit f50548ac238605f133138f1c00be80b4e2ae3128
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Oct 31 09:55:52 2013 -0500

    CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r
    
    * sysdeps/posix/dirstream.h (struct __dirstream): Add errcode
    member.
    * sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode
    member.
    * sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member.
    * sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit.
    Return delayed error code.  Remove GETDENTS_64BIT_ALIGNED
    conditional.
    * sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define
    GETDENTS_64BIT_ALIGNED.
    * sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise.
    * manual/filesys.texi (Reading/Closing Directory): Document
    ENAMETOOLONG return value of readdir_r.  Recommend readdir more
    strongly.
    * manual/conf.texi (Limits for Files): Add portability note to
    NAME_MAX, PATH_MAX.
    (Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX.
    
    backport of 91ce40854d0b7f865cf5024ef95a8026b76096f3
    
    (cherry picked from commit f166b9c6e90d631115c59b4357357bc168d8e51a)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=703be862e20ab99e0c241480658d372d3f71fd4e

commit 703be862e20ab99e0c241480658d372d3f71fd4e
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Thu Oct 3 08:26:21 2013 +0530

    Fix PI mutex check in pthread_cond_broadcast and pthread_cond_signal
    
    Fixes BZ #15996.
    
    The check had a typo - it checked for PTHREAD_MUTEX_ROBUST_NP instead
    of PTHREAD_MUTEX_ROBUST_NORMAL_NP.  It has now been replaced by the
    already existing convenience macro USE_REQUEUE_PI.
    
    (cherry picked from commit 2770d15e7e880821fc586619c59eb45180628e16)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6987b2d519f836926540d6fee1ad8840b29865bf

commit 6987b2d519f836926540d6fee1ad8840b29865bf
Author: Will Newton <will.newton@linaro.org>
Date:   Thu Aug 29 20:10:26 2013 +0100

    ARM: Fix clone code when built for Thumb.
    
    The mov lr, pc instruction will lose the Thumb bit from the return address
    so use blx lr instead.
    
    ports/ChangeLog.arm:
    
    2013-08-30  Will Newton  <will.newton@linaro.org>
    
    	[BZ #15909]
    	* sysdeps/unix/sysv/linux/arm/clone.S (__clone): Use blx
    	instead of mov lr, pc.
    
    (cherry picked from commit 6b06ac56cdfc9293908724e51e827534e97819aa)
    (cherry picked from commit 4f2bcda964d4fff56855e0c66198c9bcb682ea1e)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=50219dba1e5108fd32de15b0533a6a53db0085ed

commit 50219dba1e5108fd32de15b0533a6a53db0085ed
Author: Mike Frysinger <vapier@gentoo.org>
Date:   Sun Jan 5 16:23:42 2014 -0500

    ia64: add __ prefix to pt_all_user_regs/ia64_fpreg [BZ #762]
    
    This addresses a long standing collision between userspace headers and
    kernel headers only on ia64 systems.  All other types have a __ prefix
    in the ptrace headers except these two.  Let's finally namespace these.
    
    Verified that at least strace still builds after this change, as well
    as after deleting all the struct hacks it has specifically for ia64.
    
    URL: https://sourceware.org/bugzilla/show_bug.cgi?id=762
    Signed-off-by: Mike Frysinger <vapier@gentoo.org>

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=367416b057d5da2f719856c8ee9072b58600f48d

commit 367416b057d5da2f719856c8ee9072b58600f48d
Author: Mike Frysinger <vapier@gentoo.org>
Date:   Sun Jan 5 16:07:13 2014 -0500

    ptrace.h: add __ prefix to ptrace_peeksiginfo_args
    
    All the other ptrace structures in this file have a __ prefix except this
    new one.  This in turn causes build problems for most packages that try to
    use ptrace such as strace:
    
    gcc -DHAVE_CONFIG_H -I. -I../..  -I../../linux/x86_64 -I../../linux \
    	-I./linux  -Wall -Wwrite-strings -g -O2 -MT process.o -MD -MP \
    	-MF .deps/process.Tpo -c -o process.o ../../process.c
    In file included from ../../process.c:63:0:
    /usr/include/linux/ptrace.h:58:8: error: redefinition of 'struct ptrace_peeksiginfo_args'
     struct ptrace_peeksiginfo_args {
            ^
    In file included from ../../defs.h:159:0,
                     from ../../process.c:37:
    /usr/include/sys/ptrace.h:191:8: note: originally defined here
     struct ptrace_peeksiginfo_args
            ^
    
    Since this struct was introduced in glibc-2.18, there shouldn't be any
    real regressions with adding the __ prefix.
    
    Signed-off-by: Mike Frysinger <vapier@gentoo.org>

-----------------------------------------------------------------------

Summary of changes:
 NEWS                                               |    6 ++
 csu/libc-start.c                                   |   16 ++++
 elf/Makefile                                       |    9 ++-
 elf/setup-vdso.h                                   |    2 +-
 elf/tst-ptrguard1-static.c                         |    1 +
 elf/{tst-stackguard1.c => tst-ptrguard1.c}         |   54 ++++++++-------
 libio/memstream.c                                  |    5 +-
 libio/wmemstream.c                                 |    6 +-
 malloc/malloc.c                                    |   21 ++++++
 manual/conf.texi                                   |    9 +++
 manual/filesys.texi                                |   73 ++++++++++++++------
 nptl/ChangeLog                                     |    9 +++
 nptl/pthread_cond_broadcast.c                      |    5 +-
 nptl/pthread_cond_signal.c                         |    7 +--
 ports/ChangeLog.arm                                |    6 ++
 ports/sysdeps/ia64/stackguard-macros.h             |    3 +
 ports/sysdeps/tile/stackguard-macros.h             |    6 ++
 ports/sysdeps/unix/sysv/linux/aarch64/sys/ptrace.h |    2 +-
 ports/sysdeps/unix/sysv/linux/arm/clone.S          |    4 +-
 .../sysdeps/unix/sysv/linux/ia64/bits/sigcontext.h |    4 +-
 ports/sysdeps/unix/sysv/linux/ia64/sys/procfs.h    |    2 +-
 ports/sysdeps/unix/sysv/linux/ia64/sys/ptrace.h    |    6 +-
 ports/sysdeps/unix/sysv/linux/tile/sys/ptrace.h    |    2 +-
 stdlib/isomac.c                                    |    1 +
 sysdeps/generic/stackguard-macros.h                |    3 +
 sysdeps/i386/stackguard-macros.h                   |    8 ++
 sysdeps/posix/dirstream.h                          |    2 +
 sysdeps/posix/getaddrinfo.c                        |   20 +++++-
 sysdeps/posix/opendir.c                            |    1 +
 sysdeps/posix/readdir_r.c                          |   42 ++++++++---
 sysdeps/posix/rewinddir.c                          |    1 +
 sysdeps/powerpc/powerpc32/power7/memrchr.S         |    4 +-
 sysdeps/powerpc/powerpc32/stackguard-macros.h      |   10 +++
 sysdeps/powerpc/powerpc64/power7/memrchr.S         |    4 +-
 sysdeps/powerpc/powerpc64/stackguard-macros.h      |   10 +++
 sysdeps/s390/s390-32/stackguard-macros.h           |   11 +++
 sysdeps/s390/s390-64/stackguard-macros.h           |   14 ++++
 sysdeps/sparc/sparc32/fpu/s_fdim.S                 |    3 +-
 sysdeps/sparc/sparc32/stackguard-macros.h          |    3 +
 sysdeps/sparc/sparc64/multiarch/add_n.S            |    2 +-
 sysdeps/sparc/sparc64/multiarch/addmul_1.S         |    2 +-
 sysdeps/sparc/sparc64/multiarch/mul_1.S            |    2 +-
 sysdeps/sparc/sparc64/multiarch/sub_n.S            |    2 +-
 sysdeps/sparc/sparc64/multiarch/submul_1.S         |    2 +-
 sysdeps/sparc/sparc64/stackguard-macros.h          |    3 +
 sysdeps/unix/sysv/linux/i386/readdir64_r.c         |    1 -
 sysdeps/unix/sysv/linux/powerpc/sys/ptrace.h       |    2 +-
 sysdeps/unix/sysv/linux/s390/sys/ptrace.h          |    2 +-
 sysdeps/unix/sysv/linux/sparc/sys/ptrace.h         |    2 +-
 sysdeps/unix/sysv/linux/sys/ptrace.h               |    2 +-
 sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c    |    1 -
 sysdeps/x86_64/stackguard-macros.h                 |    5 ++
 52 files changed, 323 insertions(+), 100 deletions(-)
 create mode 100644 elf/tst-ptrguard1-static.c
 copy elf/{tst-stackguard1.c => tst-ptrguard1.c} (70%)