Bug 30027 - Internal tunables ABI depends on awk array iteration order
Summary: Internal tunables ABI depends on awk array iteration order
Status: ASSIGNED
Alias: None
Product: glibc
Classification: Unclassified
Component: dynamic-link (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: ---
Assignee: Florian Weimer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-01-20 10:26 UTC by Florian Weimer
Modified: 2023-04-28 06:20 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Weimer 2023-01-20 10:26:48 UTC 
I do not think GNU awk specifies the array iteration order. The enum type with the tunables indices is defined like this:

  # Now, the enum names
  print "\ntypedef enum"
  print "{"
  for (tnm in types) {
    split (tnm, indices, SUBSEP);
    t = indices[1];
    n = indices[2];
    m = indices[3];
    printf ("  TUNABLE_ENUM_NAME(%s, %s, %s),\n", t, n, m);
  }
  print "} tunable_id_t;\n"

So the assigned indices depend on array iteration order.

This could be a problem if building glibc multilibs (for glibc-hwcaps), where the (baseline) ld.so and multilib libc.so.6 come from different builds and have potentially different iteration order. This can cause crashes because __tunable_get_val does not perform any type checking. It may store a larger tunable value than the caller specifies through the value pointer, causing memory corruption.