Bug 22343 (CVE-2018-6485) - Integer overflow in posix_memalign (CVE-2018-6485)
Summary: Integer overflow in posix_memalign (CVE-2018-6485)
Status: RESOLVED FIXED
Alias: CVE-2018-6485
Product: glibc
Classification: Unclassified
Component: malloc (show other bugs)
Version: 2.26
: P3 minor
Target Milestone: 2.27
Assignee: Arjun Shankar
URL:
Keywords:
: 23060 (view as bug list)
Depends on:
Blocks:
 
Reported: 2017-10-24 08:19 UTC by Florian Weimer
Modified: 2018-04-18 12:26 UTC (History)
4 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security+


Attachments
reproducer.c (135 bytes, text/plain)
2017-10-24 08:19 UTC, Florian Weimer
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Weimer 2017-10-24 08:19:56 UTC
Created attachment 10553 [details]
reproducer.c

Jakub Wilk reported that posix_memalign fails to properly report an error for allocation sizes close to SIZE_MAX:

Some posix_memalign() calls fail catastrophically:

  $ grep memalign test-posix-memalign.c
       return posix_memalign(&p, 0x10, SIZE_MAX - 0x20);

  $ make test-posix-memalign
  cc     test-posix-memalign.c   -o test-posix-memalign

  $ ./test-posix-memalign
  *** Error in `./test-posix-memalign': free(): invalid next size (fast): 0x57a96008 ***
  ...

Backtrace:

#0  0xf7fd7dc9 in __kernel_vsyscall ()
#1  0xf7e2add0 in __libc_signal_restore_set (set=0xffffd160) at ../sysdeps/unix/sysv/linux/nptl-signals.h:79
#2  __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:48
#3  0xf7e2c297 in __GI_abort () at abort.c:89
#4  0xf7e6638f in __libc_message (do_abort=<optimized out>, fmt=<optimized out>) at ../sysdeps/posix/libc_fatal.c:175
#5  0xf7e6cfc7 in malloc_printerr (action=<optimized out>, str=0xf7f60318 "free(): invalid next size (fast)", ptr=<optimized out>, ar_ptr=0xf7fb2780 <main_arena>) at malloc.c:5049
#6  0xf7e6d806 in _int_free (av=av@entry=0xf7fb2780 <main_arena>, p=p@entry=0x56558000, have_lock=have_lock@entry=1) at malloc.c:3905
#7  0xf7e6f8c3 in _int_memalign (av=av@entry=0xf7fb2780 <main_arena>, alignment=alignment@entry=16, bytes=bytes@entry=4294967263) at malloc.c:4497
#8  0xf7e70eea in _mid_memalign (alignment=16, bytes=4294967263, address=<optimized out>) at malloc.c:3158
#9  0xf7e71028 in _mid_memalign (alignment=alignment@entry=16, bytes=bytes@entry=4294967263, address=<optimized out>) at malloc.c:3121
#10 0xf7e72b7f in __posix_memalign (memptr=0xffffd6ac, alignment=16, size=4294967263) at malloc.c:5071
#11 0x5655556b in main ()
Comment 1 cvs-commit@gcc.gnu.org 2018-01-18 16:58:51 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  8e448310d74b283c5cd02b9ed7fb997b47bf9b22 (commit)
      from  80647883cf5847c8b6b0197e9703eb04222496b6 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22

commit 8e448310d74b283c5cd02b9ed7fb997b47bf9b22
Author: Arjun Shankar <arjun.is@lostca.se>
Date:   Thu Jan 18 16:47:06 2018 +0000

    Fix integer overflows in internal memalign and malloc functions [BZ #22343]
    
    When posix_memalign is called with an alignment less than MALLOC_ALIGNMENT
    and a requested size close to SIZE_MAX, it falls back to malloc code
    (because the alignment of a block returned by malloc is sufficient to
    satisfy the call).  In this case, an integer overflow in _int_malloc leads
    to posix_memalign incorrectly returning successfully.
    
    Upon fixing this and writing a somewhat thorough regression test, it was
    discovered that when posix_memalign is called with an alignment larger than
    MALLOC_ALIGNMENT (so it uses _int_memalign instead) and a requested size
    close to SIZE_MAX, a different integer overflow in _int_memalign leads to
    posix_memalign incorrectly returning successfully.
    
    Both integer overflows affect other memory allocation functions that use
    _int_malloc (one affected malloc in x86) or _int_memalign as well.
    
    This commit fixes both integer overflows.  In addition to this, it adds a
    regression test to guard against false successful allocations by the
    following memory allocation functions when called with too-large allocation
    sizes and, where relevant, various valid alignments:
    malloc, realloc, calloc, reallocarray, memalign, posix_memalign,
    aligned_alloc, valloc, and pvalloc.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                     |   10 ++
 malloc/Makefile               |    1 +
 malloc/malloc.c               |   30 ++++--
 malloc/tst-malloc-too-large.c |  253 +++++++++++++++++++++++++++++++++++++++++
 4 files changed, 286 insertions(+), 8 deletions(-)
 create mode 100644 malloc/tst-malloc-too-large.c
Comment 2 Arjun Shankar 2018-01-18 17:03:39 UTC
Fixed in master by commit 8e448310d7.
Comment 3 cvs-commit@gcc.gnu.org 2018-02-01 16:18:01 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  4590634fd65162568b9f52fb4beb60aa25da37f2 (commit)
      from  673e230560ac874deed6993d8b9ebaf82e73c408 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4590634fd65162568b9f52fb4beb60aa25da37f2

commit 4590634fd65162568b9f52fb4beb60aa25da37f2
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Feb 1 15:00:44 2018 +0100

    Record CVE-2018-6485 in ChangeLog and NEWS [BZ #22343]

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog |    1 +
 NEWS      |    4 ++++
 2 files changed, 5 insertions(+), 0 deletions(-)
Comment 4 cvs-commit@gcc.gnu.org 2018-02-08 15:33:51 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.26/master has been updated
       via  01ba6f50762ad4fcd156a53ef7dbe671b64d3a5c (commit)
      from  bbabb868cd248763373d0db763bacd84ce27ede8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=01ba6f50762ad4fcd156a53ef7dbe671b64d3a5c

commit 01ba6f50762ad4fcd156a53ef7dbe671b64d3a5c
Author: Arjun Shankar <arjun@redhat.com>
Date:   Thu Jan 18 16:47:06 2018 +0000

    Fix integer overflows in internal memalign and malloc [BZ #22343] [BZ #22774]
    
    When posix_memalign is called with an alignment less than MALLOC_ALIGNMENT
    and a requested size close to SIZE_MAX, it falls back to malloc code
    (because the alignment of a block returned by malloc is sufficient to
    satisfy the call).  In this case, an integer overflow in _int_malloc leads
    to posix_memalign incorrectly returning successfully.
    
    Upon fixing this and writing a somewhat thorough regression test, it was
    discovered that when posix_memalign is called with an alignment larger than
    MALLOC_ALIGNMENT (so it uses _int_memalign instead) and a requested size
    close to SIZE_MAX, a different integer overflow in _int_memalign leads to
    posix_memalign incorrectly returning successfully.
    
    Both integer overflows affect other memory allocation functions that use
    _int_malloc (one affected malloc in x86) or _int_memalign as well.
    
    This commit fixes both integer overflows.  In addition to this, it adds a
    regression test to guard against false successful allocations by the
    following memory allocation functions when called with too-large allocation
    sizes and, where relevant, various valid alignments:
    malloc, realloc, calloc, reallocarray, memalign, posix_memalign,
    aligned_alloc, valloc, and pvalloc.
    
    (cherry picked from commit 8e448310d74b283c5cd02b9ed7fb997b47bf9b22)

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                     |   13 ++
 NEWS                          |    8 ++
 malloc/Makefile               |    1 +
 malloc/malloc.c               |   30 ++++--
 malloc/tst-malloc-too-large.c |  253 +++++++++++++++++++++++++++++++++++++++++
 5 files changed, 297 insertions(+), 8 deletions(-)
 create mode 100644 malloc/tst-malloc-too-large.c
Comment 5 cvs-commit@gcc.gnu.org 2018-02-08 16:08:21 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.26/master has been updated
       via  d300041c533a3d837c9f37a099bcc95466860e98 (commit)
      from  01ba6f50762ad4fcd156a53ef7dbe671b64d3a5c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d300041c533a3d837c9f37a099bcc95466860e98

commit d300041c533a3d837c9f37a099bcc95466860e98
Author: Arjun Shankar <arjun@redhat.com>
Date:   Thu Feb 8 17:04:17 2018 +0100

    Update NEWS for bug 22343 and bug 22774

-----------------------------------------------------------------------

Summary of changes:
 NEWS |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)
Comment 6 cvs-commit@gcc.gnu.org 2018-02-09 12:25:57 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.25/master has been updated
       via  9331dbdcd7aa8e997eb4caa9b1b0cb6c804320c8 (commit)
      from  dcc03e70817985c2f16a1c4f419d5f53fd4f46e2 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9331dbdcd7aa8e997eb4caa9b1b0cb6c804320c8

commit 9331dbdcd7aa8e997eb4caa9b1b0cb6c804320c8
Author: Arjun Shankar <arjun@redhat.com>
Date:   Thu Jan 18 16:47:06 2018 +0000

    Fix integer overflows in internal memalign and malloc [BZ #22343] [BZ #22774]
    
    When posix_memalign is called with an alignment less than MALLOC_ALIGNMENT
    and a requested size close to SIZE_MAX, it falls back to malloc code
    (because the alignment of a block returned by malloc is sufficient to
    satisfy the call).  In this case, an integer overflow in _int_malloc leads
    to posix_memalign incorrectly returning successfully.
    
    Upon fixing this and writing a somewhat thorough regression test, it was
    discovered that when posix_memalign is called with an alignment larger than
    MALLOC_ALIGNMENT (so it uses _int_memalign instead) and a requested size
    close to SIZE_MAX, a different integer overflow in _int_memalign leads to
    posix_memalign incorrectly returning successfully.
    
    Both integer overflows affect other memory allocation functions that use
    _int_malloc (one affected malloc in x86) or _int_memalign as well.
    
    This commit fixes both integer overflows.  In addition to this, it adds a
    regression test to guard against false successful allocations by the
    following memory allocation functions when called with too-large allocation
    sizes and, where relevant, various valid alignments:
    malloc, realloc, calloc, memalign, posix_memalign, aligned_alloc, valloc,
    and pvalloc.
    
    (cherry picked from commit 8e448310d74b283c5cd02b9ed7fb997b47bf9b22)

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                     |   13 +++
 NEWS                          |   10 ++
 malloc/Makefile               |    1 +
 malloc/malloc.c               |   30 ++++--
 malloc/tst-malloc-too-large.c |  237 +++++++++++++++++++++++++++++++++++++++++
 5 files changed, 283 insertions(+), 8 deletions(-)
 create mode 100644 malloc/tst-malloc-too-large.c
Comment 7 cvs-commit@gcc.gnu.org 2018-04-06 20:17:35 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.22/master has been updated
       via  017d97cd2ec0f626f8afb8c73ea3d612d8e844c3 (commit)
       via  436359fd41343c1db0616bd90e8a05bf188f237c (commit)
       via  407ec876262f0e6f55635ea0783f1f4a6c5d127f (commit)
       via  d2450a97c3df5527ea0fd49743bc354c979c185f (commit)
       via  c64d6bc3da8e61feab4117bcad53bd97e7a111cd (commit)
       via  d9c54360ca92a92ee8ee587f15a3cfc64fe4cb37 (commit)
       via  f87adbcaa47de2109e1c4561a2badf8aa82bc349 (commit)
       via  21c5d14bfb4e08bee86f94fd815535d3be2c3869 (commit)
       via  9d0aec236891576c7f12e935128364669b785233 (commit)
       via  89dc0372bb497b7d51bcf9999ce3f9684d450959 (commit)
       via  1be1845b280cfadff0cbd09170af554549849ffb (commit)
      from  771fb81f98a2be9e96f2a09056617ad93d64959f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=017d97cd2ec0f626f8afb8c73ea3d612d8e844c3

commit 017d97cd2ec0f626f8afb8c73ea3d612d8e844c3
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue Feb 6 09:19:03 2018 +0100

    Record CVE-2018-6551 in NEWS and ChangeLog [BZ #22774]
    
    (cherry picked from commit 71aa429b029fdb6f9e65d44050388b51eca460d6)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=436359fd41343c1db0616bd90e8a05bf188f237c

commit 436359fd41343c1db0616bd90e8a05bf188f237c
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Feb 1 15:00:44 2018 +0100

    Record CVE-2018-6485 in ChangeLog and NEWS [BZ #22343]
    
    (cherry picked from commit 4590634fd65162568b9f52fb4beb60aa25da37f2)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=407ec876262f0e6f55635ea0783f1f4a6c5d127f

commit 407ec876262f0e6f55635ea0783f1f4a6c5d127f
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Aug 16 16:47:20 2017 +0200

    Add ChangeLog reference to bug 16750/CVE-2009-5064
    
    (cherry picked from commit 403143e1df85dadd374f304bd891be0cd7573e3b)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d2450a97c3df5527ea0fd49743bc354c979c185f

commit d2450a97c3df5527ea0fd49743bc354c979c185f
Author: Arjun Shankar <arjun.is@lostca.se>
Date:   Thu Jan 18 16:47:06 2018 +0000

    Fix integer overflows in internal memalign and malloc functions [BZ #22343]
    
    When posix_memalign is called with an alignment less than MALLOC_ALIGNMENT
    and a requested size close to SIZE_MAX, it falls back to malloc code
    (because the alignment of a block returned by malloc is sufficient to
    satisfy the call).  In this case, an integer overflow in _int_malloc leads
    to posix_memalign incorrectly returning successfully.
    
    Upon fixing this and writing a somewhat thorough regression test, it was
    discovered that when posix_memalign is called with an alignment larger than
    MALLOC_ALIGNMENT (so it uses _int_memalign instead) and a requested size
    close to SIZE_MAX, a different integer overflow in _int_memalign leads to
    posix_memalign incorrectly returning successfully.
    
    Both integer overflows affect other memory allocation functions that use
    _int_malloc (one affected malloc in x86) or _int_memalign as well.
    
    This commit fixes both integer overflows.  In addition to this, it adds a
    regression test to guard against false successful allocations by the
    following memory allocation functions when called with too-large allocation
    sizes and, where relevant, various valid alignments:
    malloc, realloc, calloc, reallocarray, memalign, posix_memalign,
    aligned_alloc, valloc, and pvalloc.
    
    (cherry picked from commit 8e448310d74b283c5cd02b9ed7fb997b47bf9b22)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c64d6bc3da8e61feab4117bcad53bd97e7a111cd

commit c64d6bc3da8e61feab4117bcad53bd97e7a111cd
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Dec 14 15:18:38 2017 +0100

    elf: Compute correct array size in _dl_init_paths [BZ #22606]
    
    (cherry picked from commit 8a0b17e48b83e933960dfeb8fa08b259f03f310e)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d9c54360ca92a92ee8ee587f15a3cfc64fe4cb37

commit d9c54360ca92a92ee8ee587f15a3cfc64fe4cb37
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Nov 2 12:14:01 2017 +0100

    <array_length.h>: New array_length and array_end macros
    
    (cherry picked from commit c94a5688fb1228a862b2d4a3f1239cdc0e3349e5)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f87adbcaa47de2109e1c4561a2badf8aa82bc349

commit f87adbcaa47de2109e1c4561a2badf8aa82bc349
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Dec 14 15:05:57 2017 +0100

    elf: Count components of the expanded path in _dl_init_path [BZ #22607]
    
    (cherry picked from commit 3ff3dfa5af313a6ea33f3393916f30eece4f0171)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=21c5d14bfb4e08bee86f94fd815535d3be2c3869

commit 21c5d14bfb4e08bee86f94fd815535d3be2c3869
Author: Aurelien Jarno <aurelien@aurel32.net>
Date:   Sat Dec 30 10:54:23 2017 +0100

    elf: Check for empty tokens before dynamic string token expansion [BZ #22625]
    
    The fillin_rpath function in elf/dl-load.c loops over each RPATH or
    RUNPATH tokens and interprets empty tokens as the current directory
    ("./"). In practice the check for empty token is done *after* the
    dynamic string token expansion. The expansion process can return an
    empty string for the $ORIGIN token if __libc_enable_secure is set
    or if the path of the binary can not be determined (/proc not mounted).
    
    Fix that by moving the check for empty tokens before the dynamic string
    token expansion. In addition, check for NULL pointer or empty strings
    return by expand_dynamic_string_token.
    
    The above changes highlighted a bug in decompose_rpath, an empty array
    is represented by the first element being NULL at the fillin_rpath
    level, but by using a -1 pointer in decompose_rpath and other functions.
    
    Changelog:
    	[BZ #22625]
    	* elf/dl-load.c (fillin_rpath): Check for empty tokens before dynamic
    	string token expansion. Check for NULL pointer or empty string possibly
    	returned by expand_dynamic_string_token.
    	(decompose_rpath): Check for empty path after dynamic string
    	token expansion.
    
    (cherry picked from commit 3e3c904daef69b8bf7d5cc07f793c9f07c3553ef)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9d0aec236891576c7f12e935128364669b785233

commit 9d0aec236891576c7f12e935128364669b785233
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Apr 13 13:09:38 2017 +0200

    sunrpc: Avoid use-after-free read access in clntudp_call [BZ #21115]
    
    After commit bc779a1a5b3035133024b21e2f339fe4219fb11c
    (CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call
    [BZ #20112]), ancillary data is stored on the heap,
    but it is accessed after it has been freed.
    
    The test case must be run under a heap debugger such as valgrind
    to observe the invalid access.  A malloc implementation which
    immediately calls munmap on free would catch this bug as well.
    
    (cherry picked from commit d42eed4a044e5e10dfb885cf9891c2518a72a491)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89dc0372bb497b7d51bcf9999ce3f9684d450959

commit 89dc0372bb497b7d51bcf9999ce3f9684d450959
Author: Andreas Schwab <schwab@suse.de>
Date:   Wed Aug 16 15:59:55 2017 +0200

    ldd: never run file directly
    
    (cherry picked from commit eedca9772e99c72ab4c3c34e43cc764250aa3e3c)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1be1845b280cfadff0cbd09170af554549849ffb

commit 1be1845b280cfadff0cbd09170af554549849ffb
Author: Arjun Shankar <arjun.is@lostca.se>
Date:   Wed Jun 7 11:46:24 2017 +0200

    Synchronize support/ infrastructure with master
    
    This commit updates the support/ subdirectory to
    commit 2714c5f3c95f90977167c1d21326d907fb76b419
    on the master branch and modifies Makeconfig,
    Rules, and extra-lib.mk accordingly.
    
    (cherry picked from commit 4c5785aa129a5d195fc1cd5c7fcd6f62c2b0ff0c)
    
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                                  |   57 ++
 Makeconfig                                 |   15 +-
 NEWS                                       |   32 +
 Rules                                      |    3 +
 elf/dl-load.c                              |   76 +-
 elf/ldd.bash.in                            |   14 +-
 extra-lib.mk                               |    5 +
 include/array_length.h                     |   36 +
 malloc/Makefile                            |    3 +-
 malloc/malloc.c                            |   30 +-
 malloc/tst-malloc-too-large.c              |  237 ++++++
 scripts/backport-support.sh                |  110 +++
 sunrpc/Makefile                            |    3 +-
 sunrpc/clnt_udp.c                          |    2 +-
 sunrpc/tst-udp-error.c                     |   62 ++
 support/Makefile                           |  146 ++++
 support/README                             |   29 +
 support/README-testing.c                   |   19 +
 support/capture_subprocess.h               |   61 ++
 support/check.c                            |   57 ++
 support/check.h                            |   94 +++
 support/check_addrinfo.c                   |   42 +
 support/check_dns_packet.c                 |   42 +
 support/check_hostent.c                    |   42 +
 support/check_netent.c                     |   42 +
 support/check_nss.h                        |   42 +
 support/delayed_exit.c                     |   55 ++
 support/format_nss.h                       |   41 +
 support/ignore_stderr.c                    |   38 +
 support/namespace.h                        |   65 ++
 support/oom_error.c                        |   29 +
 support/resolv_test.c                      | 1202 ++++++++++++++++++++++++++++
 support/resolv_test.h                      |  180 +++++
 support/run_diff.h                         |   31 +
 support/set_fortify_handler.c              |   34 +
 support/support-xstat.c                    |   30 +
 support/support.h                          |   74 ++
 support/support_become_root.c              |   40 +
 support/support_can_chroot.c               |   65 ++
 support/support_capture_subprocess.c       |  108 +++
 support/support_capture_subprocess_check.c |   67 ++
 support/support_enter_network_namespace.c  |   75 ++
 support/support_format_address_family.c    |   35 +
 support/support_format_addrinfo.c          |  239 ++++++
 support/support_format_dns_packet.c        |  222 +++++
 support/support_format_herrno.c            |   45 +
 support/support_format_hostent.c           |   75 ++
 support/support_format_netent.c            |   52 ++
 support/support_isolate_in_subprocess.c    |   38 +
 support/support_record_failure.c           |  106 +++
 support/support_run_diff.c                 |   76 ++
 support/support_shared_allocate.c          |   59 ++
 support/support_test_main.c                |  423 ++++++++++
 support/support_test_verify_impl.c         |   33 +
 support/support_write_file_string.c        |   39 +
 support/temp_file-internal.h               |   31 +
 support/temp_file.c                        |  132 +++
 support/temp_file.h                        |   37 +
 support/test-driver.c                      |  156 ++++
 support/test-driver.h                      |   74 ++
 support/tst-support-namespace.c            |   34 +
 support/tst-support_capture_subprocess.c   |  188 +++++
 support/tst-support_format_dns_packet.c    |  101 +++
 support/tst-support_record_failure-2.sh    |   69 ++
 support/tst-support_record_failure.c       |  153 ++++
 support/write_message.c                    |   29 +
 support/xaccept.c                          |   32 +
 support/xaccept4.c                         |   32 +
 support/xasprintf.c                        |   36 +
 support/xbind.c                            |   30 +
 support/xcalloc.c                          |   34 +
 support/xchroot.c                          |   28 +
 support/xclose.c                           |   28 +
 support/xconnect.c                         |   30 +
 support/xdup2.c                            |   28 +
 support/xfclose.c                          |   33 +
 support/xfopen.c                           |   31 +
 support/xfork.c                            |   32 +
 support/xgetsockname.c                     |   30 +
 support/xlisten.c                          |   30 +
 support/xmalloc.c                          |   34 +
 support/xmemstream.c                       |   42 +
 support/xmemstream.h                       |   49 ++
 support/xmkdir.c                           |   28 +
 support/xmmap.c                            |   31 +
 support/xmunmap.c                          |   28 +
 support/xopen.c                            |   30 +
 support/xpipe.c                            |   28 +
 support/xpoll.c                            |   32 +
 support/xpthread_attr_destroy.c            |   26 +
 support/xpthread_attr_init.c               |   25 +
 support/xpthread_attr_setdetachstate.c     |   27 +
 support/xpthread_attr_setstacksize.c       |   26 +
 support/xpthread_barrier_destroy.c         |   26 +
 support/xpthread_barrier_init.c            |   27 +
 support/xpthread_barrier_wait.c            |   28 +
 support/xpthread_cancel.c                  |   25 +
 support/xpthread_check_return.c            |   34 +
 support/xpthread_cond_wait.c               |   26 +
 support/xpthread_create.c                  |   29 +
 support/xpthread_detach.c                  |   25 +
 support/xpthread_join.c                    |   27 +
 support/xpthread_mutex_consistent.c        |   26 +
 support/xpthread_mutex_destroy.c           |   26 +
 support/xpthread_mutex_init.c              |   26 +
 support/xpthread_mutex_lock.c              |   25 +
 support/xpthread_mutex_unlock.c            |   25 +
 support/xpthread_mutexattr_destroy.c       |   26 +
 support/xpthread_mutexattr_init.c          |   25 +
 support/xpthread_mutexattr_setprotocol.c   |   26 +
 support/xpthread_mutexattr_setpshared.c    |   26 +
 support/xpthread_mutexattr_setrobust.c     |   26 +
 support/xpthread_mutexattr_settype.c       |   26 +
 support/xpthread_once.c                    |   25 +
 support/xpthread_sigmask.c                 |   34 +
 support/xpthread_spin_lock.c               |   25 +
 support/xpthread_spin_unlock.c             |   25 +
 support/xrealloc.c                         |   32 +
 support/xrecvfrom.c                        |   33 +
 support/xsendto.c                          |   35 +
 support/xsetsockopt.c                      |   31 +
 support/xsignal.h                          |   34 +
 support/xsocket.c                          |   32 +
 support/xsocket.h                          |   39 +
 support/xstdio.h                           |   32 +
 support/xstrdup.c                          |   30 +
 support/xthread.h                          |   77 ++
 support/xunistd.h                          |   56 ++
 support/xwaitpid.c                         |   33 +
 support/xwrite.c                           |   39 +
 130 files changed, 7804 insertions(+), 59 deletions(-)
 create mode 100644 include/array_length.h
 create mode 100644 malloc/tst-malloc-too-large.c
 create mode 100644 scripts/backport-support.sh
 create mode 100644 sunrpc/tst-udp-error.c
 create mode 100644 support/Makefile
 create mode 100644 support/README
 create mode 100644 support/README-testing.c
 create mode 100644 support/capture_subprocess.h
 create mode 100644 support/check.c
 create mode 100644 support/check.h
 create mode 100644 support/check_addrinfo.c
 create mode 100644 support/check_dns_packet.c
 create mode 100644 support/check_hostent.c
 create mode 100644 support/check_netent.c
 create mode 100644 support/check_nss.h
 create mode 100644 support/delayed_exit.c
 create mode 100644 support/format_nss.h
 create mode 100644 support/ignore_stderr.c
 create mode 100644 support/namespace.h
 create mode 100644 support/oom_error.c
 create mode 100644 support/resolv_test.c
 create mode 100644 support/resolv_test.h
 create mode 100644 support/run_diff.h
 create mode 100644 support/set_fortify_handler.c
 create mode 100644 support/support-xstat.c
 create mode 100644 support/support.h
 create mode 100644 support/support_become_root.c
 create mode 100644 support/support_can_chroot.c
 create mode 100644 support/support_capture_subprocess.c
 create mode 100644 support/support_capture_subprocess_check.c
 create mode 100644 support/support_enter_network_namespace.c
 create mode 100644 support/support_format_address_family.c
 create mode 100644 support/support_format_addrinfo.c
 create mode 100644 support/support_format_dns_packet.c
 create mode 100644 support/support_format_herrno.c
 create mode 100644 support/support_format_hostent.c
 create mode 100644 support/support_format_netent.c
 create mode 100644 support/support_isolate_in_subprocess.c
 create mode 100644 support/support_record_failure.c
 create mode 100644 support/support_run_diff.c
 create mode 100644 support/support_shared_allocate.c
 create mode 100644 support/support_test_main.c
 create mode 100644 support/support_test_verify_impl.c
 create mode 100644 support/support_write_file_string.c
 create mode 100644 support/temp_file-internal.h
 create mode 100644 support/temp_file.c
 create mode 100644 support/temp_file.h
 create mode 100644 support/test-driver.c
 create mode 100644 support/test-driver.h
 create mode 100644 support/tst-support-namespace.c
 create mode 100644 support/tst-support_capture_subprocess.c
 create mode 100644 support/tst-support_format_dns_packet.c
 create mode 100644 support/tst-support_record_failure-2.sh
 create mode 100644 support/tst-support_record_failure.c
 create mode 100644 support/write_message.c
 create mode 100644 support/xaccept.c
 create mode 100644 support/xaccept4.c
 create mode 100644 support/xasprintf.c
 create mode 100644 support/xbind.c
 create mode 100644 support/xcalloc.c
 create mode 100644 support/xchroot.c
 create mode 100644 support/xclose.c
 create mode 100644 support/xconnect.c
 create mode 100644 support/xdup2.c
 create mode 100644 support/xfclose.c
 create mode 100644 support/xfopen.c
 create mode 100644 support/xfork.c
 create mode 100644 support/xgetsockname.c
 create mode 100644 support/xlisten.c
 create mode 100644 support/xmalloc.c
 create mode 100644 support/xmemstream.c
 create mode 100644 support/xmemstream.h
 create mode 100644 support/xmkdir.c
 create mode 100644 support/xmmap.c
 create mode 100644 support/xmunmap.c
 create mode 100644 support/xopen.c
 create mode 100644 support/xpipe.c
 create mode 100644 support/xpoll.c
 create mode 100644 support/xpthread_attr_destroy.c
 create mode 100644 support/xpthread_attr_init.c
 create mode 100644 support/xpthread_attr_setdetachstate.c
 create mode 100644 support/xpthread_attr_setstacksize.c
 create mode 100644 support/xpthread_barrier_destroy.c
 create mode 100644 support/xpthread_barrier_init.c
 create mode 100644 support/xpthread_barrier_wait.c
 create mode 100644 support/xpthread_cancel.c
 create mode 100644 support/xpthread_check_return.c
 create mode 100644 support/xpthread_cond_wait.c
 create mode 100644 support/xpthread_create.c
 create mode 100644 support/xpthread_detach.c
 create mode 100644 support/xpthread_join.c
 create mode 100644 support/xpthread_mutex_consistent.c
 create mode 100644 support/xpthread_mutex_destroy.c
 create mode 100644 support/xpthread_mutex_init.c
 create mode 100644 support/xpthread_mutex_lock.c
 create mode 100644 support/xpthread_mutex_unlock.c
 create mode 100644 support/xpthread_mutexattr_destroy.c
 create mode 100644 support/xpthread_mutexattr_init.c
 create mode 100644 support/xpthread_mutexattr_setprotocol.c
 create mode 100644 support/xpthread_mutexattr_setpshared.c
 create mode 100644 support/xpthread_mutexattr_setrobust.c
 create mode 100644 support/xpthread_mutexattr_settype.c
 create mode 100644 support/xpthread_once.c
 create mode 100644 support/xpthread_sigmask.c
 create mode 100644 support/xpthread_spin_lock.c
 create mode 100644 support/xpthread_spin_unlock.c
 create mode 100644 support/xrealloc.c
 create mode 100644 support/xrecvfrom.c
 create mode 100644 support/xsendto.c
 create mode 100644 support/xsetsockopt.c
 create mode 100644 support/xsignal.h
 create mode 100644 support/xsocket.c
 create mode 100644 support/xsocket.h
 create mode 100644 support/xstdio.h
 create mode 100644 support/xstrdup.c
 create mode 100644 support/xthread.h
 create mode 100644 support/xunistd.h
 create mode 100644 support/xwaitpid.c
 create mode 100644 support/xwrite.c
Comment 8 Florian Weimer 2018-04-18 12:26:23 UTC
*** Bug 23060 has been marked as a duplicate of this bug. ***