Re: [PATCH v2] vfprintf stack overflow [BZ #16617]

[Allan McRae <allan at archlinux dot org>]

On 15/12/14 20:37, Florian Weimer wrote:
> On 12/15/2014 11:25 AM, Allan McRae wrote:
>> On 12/12/14 20:07, Florian Weimer wrote:
>>> On 12/08/2014 04:59 PM, Florian Weimer wrote:
>>>> On 12/08/2014 04:41 PM, Joseph Myers wrote:
>>>>> On Mon, 8 Dec 2014, Florian Weimer wrote:
>>>>>
>>>>>> +        specs = malloc (nspecs_size);
>>>>>> +        if (specs == NULL)
>>>>>> +          {
>>>>>> +            __set_errno (ENOMEM);
>>>>>> +            done = -1;
>>>>>> +            goto all_done;
>>>>>> +          }
>>>>>
>>>>> It looks to me like this will leak the previous copy of specs on
>>>>> allocation failure, if the previous value was also malloced (so you
>>>>> need
>>>>> "specs = old;" or similar here to get the return path to free it if
>>>>> appropriate).
>>>>
>>>> Ugh, thanks, I've made that change.  Anything else?
>>>
>>> FYI, I plan to commit this in Monday so that this doesn't fall through
>>> the cracks again.
>>
>> Are you going to backport this to release branches?
> 
> What's the procedure there?
> 
> I'm sure it's documented somewhere in the wiki, but could you at
> pointers in the appropriate places, such as:
> 
>   https://sourceware.org/glibc/wiki/Committer%20checklist
>   https://sourceware.org/glibc/wiki/Consensus
> 

https://sourceware.org/glibc/wiki/Release/#General_policy

In short, "git cherry-pick -x <commitid>".  You will need to fix the
conflict in NEWS for this patch.

Allan