This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch remotes/origin/gentoo/2.18 created. glibc-2.18-33-g3cd70f9
- From: vapier at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 6 Jan 2014 16:55:28 -0000
- Subject: GNU C Library master sources branch remotes/origin/gentoo/2.18 created. glibc-2.18-33-g3cd70f9
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, remotes/origin/gentoo/2.18 has been created
at 3cd70f9e650bafef5c73c19229e6f0176604bb9e (commit)
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3cd70f9e650bafef5c73c19229e6f0176604bb9e
commit 3cd70f9e650bafef5c73c19229e6f0176604bb9e
Author: David S. Miller <davem@davemloft.net>
Date: Tue Nov 12 12:48:01 2013 -0800
Fix sparc 64-bit GMP ifunc resolution in static builds.
[BZ #16150]
* sysdeps/sparc/sparc64/multiarch/add_n.S: Resolve to the correct generic
symbol in the non-vis3 case in static builds.
* sysdeps/sparc/sparc64/multiarch/addmul_1.S: Likewise.
* sysdeps/sparc/sparc64/multiarch/mul_1.S: Likewise.
* sysdeps/sparc/sparc64/multiarch/sub_n.S: Likewise.
* sysdeps/sparc/sparc64/multiarch/submul_1.S: Likewise.
(cherry picked from commit 2293d2b10a583486cd22ce578796848f4c3a8b6d)
diff --git a/sysdeps/sparc/sparc64/multiarch/add_n.S b/sysdeps/sparc/sparc64/multiarch/add_n.S
index 25cae39..22c6e58 100644
--- a/sysdeps/sparc/sparc64/multiarch/add_n.S
+++ b/sysdeps/sparc/sparc64/multiarch/add_n.S
@@ -42,7 +42,7 @@ ENTRY(__mpn_add_n)
sethi %gdop_hix22(__mpn_add_n_generic), %o1
xor %o1, %gdop_lox10(__mpn_add_n_generic), %o1
# else
- set __mpn_add_n_vis3, %o1
+ set __mpn_add_n_generic, %o1
# endif
10:
# ifdef SHARED
diff --git a/sysdeps/sparc/sparc64/multiarch/addmul_1.S b/sysdeps/sparc/sparc64/multiarch/addmul_1.S
index a1659e4..a65c934 100644
--- a/sysdeps/sparc/sparc64/multiarch/addmul_1.S
+++ b/sysdeps/sparc/sparc64/multiarch/addmul_1.S
@@ -42,7 +42,7 @@ ENTRY(__mpn_addmul_1)
sethi %gdop_hix22(__mpn_addmul_1_generic), %o1
xor %o1, %gdop_lox10(__mpn_addmul_1_generic), %o1
# else
- set __mpn_addmul_1_vis3, %o1
+ set __mpn_addmul_1_generic, %o1
# endif
10:
# ifdef SHARED
diff --git a/sysdeps/sparc/sparc64/multiarch/mul_1.S b/sysdeps/sparc/sparc64/multiarch/mul_1.S
index 25f51bf..811754e 100644
--- a/sysdeps/sparc/sparc64/multiarch/mul_1.S
+++ b/sysdeps/sparc/sparc64/multiarch/mul_1.S
@@ -42,7 +42,7 @@ ENTRY(__mpn_mul_1)
sethi %gdop_hix22(__mpn_mul_1_generic), %o1
xor %o1, %gdop_lox10(__mpn_mul_1_generic), %o1
# else
- set __mpn_mul_1_vis3, %o1
+ set __mpn_mul_1_generic, %o1
# endif
10:
# ifdef SHARED
diff --git a/sysdeps/sparc/sparc64/multiarch/sub_n.S b/sysdeps/sparc/sparc64/multiarch/sub_n.S
index 5e15bea..3963790 100644
--- a/sysdeps/sparc/sparc64/multiarch/sub_n.S
+++ b/sysdeps/sparc/sparc64/multiarch/sub_n.S
@@ -42,7 +42,7 @@ ENTRY(__mpn_sub_n)
sethi %gdop_hix22(__mpn_sub_n_generic), %o1
xor %o1, %gdop_lox10(__mpn_sub_n_generic), %o1
# else
- set __mpn_sub_n_vis3, %o1
+ set __mpn_sub_n_generic, %o1
# endif
10:
# ifdef SHARED
diff --git a/sysdeps/sparc/sparc64/multiarch/submul_1.S b/sysdeps/sparc/sparc64/multiarch/submul_1.S
index 68552e9..6c4c3a3 100644
--- a/sysdeps/sparc/sparc64/multiarch/submul_1.S
+++ b/sysdeps/sparc/sparc64/multiarch/submul_1.S
@@ -42,7 +42,7 @@ ENTRY(__mpn_submul_1)
sethi %gdop_hix22(__mpn_submul_1_generic), %o1
xor %o1, %gdop_lox10(__mpn_submul_1_generic), %o1
# else
- set __mpn_submul_1_vis3, %o1
+ set __mpn_submul_1_generic, %o1
# endif
10:
# ifdef SHARED
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e02bebc1e960eb20099738b3ecce1ac780925729
commit e02bebc1e960eb20099738b3ecce1ac780925729
Author: David S. Miller <davem@davemloft.net>
Date: Wed Nov 6 13:01:36 2013 -0800
Fix build on pre-v9 32-bit Sparc.
We cannot use fnegd in this code, as fnegd was added in v9.
Only fnegs exists in v8 and earlier.
[BZ #15985]
* sysdeps/sparc/sparc32/fpu/s_fdim.S (__fdim): Do not use fnegd
on pre-v9 cpus, use a fnegs+fmovs sequence instead.
(cherry picked from commit 2216e48645dbd297cdc0f4050fdfc0b52e2a4ab8)
diff --git a/sysdeps/sparc/sparc32/fpu/s_fdim.S b/sysdeps/sparc/sparc32/fpu/s_fdim.S
index 2f0c5ce..22f69ce 100644
--- a/sysdeps/sparc/sparc32/fpu/s_fdim.S
+++ b/sysdeps/sparc/sparc32/fpu/s_fdim.S
@@ -30,7 +30,8 @@ ENTRY(__fdim)
fbug 1f
st %g0, [%sp + 76]
ldd [%sp + 72], %f0
- fnegd %f0, %f2
+ fnegs %f0, %f2
+ fmovs %f1, %f3
1: retl
fsubd %f0, %f2, %f0
END(__fdim)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9695c981b9033f4a7e23ff7c35a4e66f13d68eb4
commit 9695c981b9033f4a7e23ff7c35a4e66f13d68eb4
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Wed Sep 25 13:43:04 2013 -0500
PowerPC: Fix POINTER_CHK_GUARD thread register for PPC64
(cherry picked from commit dc3a1f98dc4c86cb454474f4912ae325573655cb)
diff --git a/sysdeps/powerpc/powerpc64/stackguard-macros.h b/sysdeps/powerpc/powerpc64/stackguard-macros.h
index 4620f96..e80a683 100644
--- a/sysdeps/powerpc/powerpc64/stackguard-macros.h
+++ b/sysdeps/powerpc/powerpc64/stackguard-macros.h
@@ -6,7 +6,7 @@
#define POINTER_CHK_GUARD \
({ \
uintptr_t x; \
- asm ("ld %0,%1(2)" \
+ asm ("ld %0,%1(13)" \
: "=r" (x) \
: "i" (offsetof (tcbhead_t, pointer_guard) - TLS_TCB_OFFSET - sizeof (tcbhead_t)) \
); \
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4da92b3ac5974326963532aa16c4437d801a0efe
commit 4da92b3ac5974326963532aa16c4437d801a0efe
Author: Will Newton <will.newton@linaro.org>
Date: Fri Aug 16 12:54:29 2013 +0100
malloc: Check for integer overflow in memalign.
A large bytes parameter to memalign could cause an integer overflow
and corrupt allocator internals. Check the overflow does not occur
before continuing with the allocation.
ChangeLog:
2013-09-11 Will Newton <will.newton@linaro.org>
[BZ #15857]
* malloc/malloc.c (__libc_memalign): Check the value of bytes
does not overflow.
(cherry picked from commit c51d675c459aefef8d84d5a0b114010f916ea278)
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 31e2dfa..ebbe86d 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -3015,6 +3015,13 @@ __libc_memalign(size_t alignment, size_t bytes)
/* Otherwise, ensure that it is at least a minimum chunk size */
if (alignment < MINSIZE) alignment = MINSIZE;
+ /* Check for overflow. */
+ if (bytes > SIZE_MAX - alignment - MINSIZE)
+ {
+ __set_errno (ENOMEM);
+ return 0;
+ }
+
arena_get(ar_ptr, bytes + alignment + MINSIZE);
if(!ar_ptr)
return 0;
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=42b872e43db7c71cd40357724f1542252eb0c708
commit 42b872e43db7c71cd40357724f1542252eb0c708
Author: Will Newton <will.newton@linaro.org>
Date: Fri Aug 16 11:59:37 2013 +0100
malloc: Check for integer overflow in valloc.
A large bytes parameter to valloc could cause an integer overflow
and corrupt allocator internals. Check the overflow does not occur
before continuing with the allocation.
ChangeLog:
2013-09-11 Will Newton <will.newton@linaro.org>
[BZ #15856]
* malloc/malloc.c (__libc_valloc): Check the value of bytes
does not overflow.
(cherry picked from commit 6a6a386a3040726053a5fb8582ff26dc85d84741)
diff --git a/malloc/malloc.c b/malloc/malloc.c
index bcc08c4..31e2dfa 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -3046,6 +3046,13 @@ __libc_valloc(size_t bytes)
size_t pagesz = GLRO(dl_pagesize);
+ /* Check for overflow. */
+ if (bytes > SIZE_MAX - pagesz - MINSIZE)
+ {
+ __set_errno (ENOMEM);
+ return 0;
+ }
+
void *(*hook) (size_t, size_t, const void *) =
force_reg (__memalign_hook);
if (__builtin_expect (hook != NULL, 0))
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7e52cc7af467b6a8ba6367af4fecd4c3289db454
commit 7e52cc7af467b6a8ba6367af4fecd4c3289db454
Author: Will Newton <will.newton@linaro.org>
Date: Mon Aug 12 15:08:02 2013 +0100
malloc: Check for integer overflow in pvalloc.
A large bytes parameter to pvalloc could cause an integer overflow
and corrupt allocator internals. Check the overflow does not occur
before continuing with the allocation.
ChangeLog:
2013-09-11 Will Newton <will.newton@linaro.org>
[BZ #15855]
* malloc/malloc.c (__libc_pvalloc): Check the value of bytes
does not overflow.
(cherry picked from commit 7e0e64ead52591b968df582b0ddc247ba5c4eab4)
diff --git a/malloc/malloc.c b/malloc/malloc.c
index be472b2..bcc08c4 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -3082,6 +3082,13 @@ __libc_pvalloc(size_t bytes)
size_t page_mask = GLRO(dl_pagesize) - 1;
size_t rounded_bytes = (bytes + page_mask) & ~(page_mask);
+ /* Check for overflow. */
+ if (bytes > SIZE_MAX - 2*pagesz - MINSIZE)
+ {
+ __set_errno (ENOMEM);
+ return 0;
+ }
+
void *(*hook) (size_t, size_t, const void *) =
force_reg (__memalign_hook);
if (__builtin_expect (hook != NULL, 0))
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4e3c791909a092489659d4359b73474febbd484a
commit 4e3c791909a092489659d4359b73474febbd484a
Author: Carlos O'Donell <carlos@redhat.com>
Date: Mon Sep 23 00:52:09 2013 -0400
BZ #15754: CVE-2013-4788
The pointer guard used for pointer mangling was not initialized for
static applications resulting in the security feature being disabled.
The pointer guard is now correctly initialized to a random value for
static applications. Existing static applications need to be
recompiled to take advantage of the fix.
The test tst-ptrguard1-static and tst-ptrguard1 add regression
coverage to ensure the pointer guards are sufficiently random
and initialized to a default value.
(cherry picked from commit c779e9df75256f19c7be8d12b2d163e2016a63f4)
diff --git a/csu/libc-start.c b/csu/libc-start.c
index e5da3ef..c898d06 100644
--- a/csu/libc-start.c
+++ b/csu/libc-start.c
@@ -37,6 +37,12 @@ extern void __pthread_initialize_minimal (void);
in thread local area. */
uintptr_t __stack_chk_guard attribute_relro;
# endif
+# ifndef THREAD_SET_POINTER_GUARD
+/* Only exported for architectures that don't store the pointer guard
+ value in thread local area. */
+uintptr_t __pointer_chk_guard_local
+ attribute_relro attribute_hidden __attribute__ ((nocommon));
+# endif
#endif
#ifdef HAVE_PTR_NTHREADS
@@ -195,6 +201,16 @@ LIBC_START_MAIN (int (*main) (int, char **, char ** MAIN_AUXVEC_DECL),
# else
__stack_chk_guard = stack_chk_guard;
# endif
+
+ /* Set up the pointer guard value. */
+ uintptr_t pointer_chk_guard = _dl_setup_pointer_guard (_dl_random,
+ stack_chk_guard);
+# ifdef THREAD_SET_POINTER_GUARD
+ THREAD_SET_POINTER_GUARD (pointer_chk_guard);
+# else
+ __pointer_chk_guard_local = pointer_chk_guard;
+# endif
+
#endif
/* Register the destructor of the dynamic linker if there is any. */
diff --git a/elf/Makefile b/elf/Makefile
index d703fe2..590d516 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -121,7 +121,8 @@ endif
tests = tst-tls1 tst-tls2 tst-tls9 tst-leaks1 \
tst-array1 tst-array2 tst-array3 tst-array4 tst-array5
tests-static = tst-tls1-static tst-tls2-static tst-stackguard1-static \
- tst-leaks1-static tst-array1-static tst-array5-static
+ tst-leaks1-static tst-array1-static tst-array5-static \
+ tst-ptrguard1-static
ifeq (yes,$(build-shared))
tests-static += tst-tls9-static
tst-tls9-static-ENV = \
@@ -145,7 +146,8 @@ tests += loadtest restest1 preloadtest loadfail multiload origtest resolvfail \
tst-audit1 tst-audit2 tst-audit8 \
tst-stackguard1 tst-addr1 tst-thrlock \
tst-unique1 tst-unique2 tst-unique3 tst-unique4 \
- tst-initorder tst-initorder2 tst-relsort1 tst-null-argv
+ tst-initorder tst-initorder2 tst-relsort1 tst-null-argv \
+ tst-ptrguard1
# reldep9
test-srcs = tst-pathopt
selinux-enabled := $(shell cat /selinux/enforce 2> /dev/null)
@@ -1016,6 +1018,9 @@ LDFLAGS-order2mod2.so = $(no-as-needed)
tst-stackguard1-ARGS = --command "$(host-test-program-cmd) --child"
tst-stackguard1-static-ARGS = --command "$(objpfx)tst-stackguard1-static --child"
+tst-ptrguard1-ARGS = --command "$(host-test-program-cmd) --child"
+tst-ptrguard1-static-ARGS = --command "$(objpfx)tst-ptrguard1-static --child"
+
$(objpfx)tst-leaks1: $(libdl)
$(objpfx)tst-leaks1-mem: $(objpfx)tst-leaks1.out
$(common-objpfx)malloc/mtrace $(objpfx)tst-leaks1.mtrace > $@
diff --git a/elf/tst-ptrguard1-static.c b/elf/tst-ptrguard1-static.c
new file mode 100644
index 0000000..7aff3b7
--- /dev/null
+++ b/elf/tst-ptrguard1-static.c
@@ -0,0 +1 @@
+#include "tst-ptrguard1.c"
diff --git a/elf/tst-ptrguard1.c b/elf/tst-ptrguard1.c
new file mode 100644
index 0000000..c344a04
--- /dev/null
+++ b/elf/tst-ptrguard1.c
@@ -0,0 +1,202 @@
+/* Copyright (C) 2013 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <errno.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/wait.h>
+#include <stackguard-macros.h>
+#include <tls.h>
+#include <unistd.h>
+
+#ifndef POINTER_CHK_GUARD
+extern uintptr_t __pointer_chk_guard;
+# define POINTER_CHK_GUARD __pointer_chk_guard
+#endif
+
+static const char *command;
+static bool child;
+static uintptr_t ptr_chk_guard_copy;
+static bool ptr_chk_guard_copy_set;
+static int fds[2];
+
+static void __attribute__ ((constructor))
+con (void)
+{
+ ptr_chk_guard_copy = POINTER_CHK_GUARD;
+ ptr_chk_guard_copy_set = true;
+}
+
+static int
+uintptr_t_cmp (const void *a, const void *b)
+{
+ if (*(uintptr_t *) a < *(uintptr_t *) b)
+ return 1;
+ if (*(uintptr_t *) a > *(uintptr_t *) b)
+ return -1;
+ return 0;
+}
+
+static int
+do_test (void)
+{
+ if (!ptr_chk_guard_copy_set)
+ {
+ puts ("constructor has not been run");
+ return 1;
+ }
+
+ if (ptr_chk_guard_copy != POINTER_CHK_GUARD)
+ {
+ puts ("POINTER_CHK_GUARD changed between constructor and do_test");
+ return 1;
+ }
+
+ if (child)
+ {
+ write (2, &ptr_chk_guard_copy, sizeof (ptr_chk_guard_copy));
+ return 0;
+ }
+
+ if (command == NULL)
+ {
+ puts ("missing --command or --child argument");
+ return 1;
+ }
+
+#define N 16
+ uintptr_t child_ptr_chk_guards[N + 1];
+ child_ptr_chk_guards[N] = ptr_chk_guard_copy;
+ int i;
+ for (i = 0; i < N; ++i)
+ {
+ if (pipe (fds) < 0)
+ {
+ printf ("couldn't create pipe: %m\n");
+ return 1;
+ }
+
+ pid_t pid = fork ();
+ if (pid < 0)
+ {
+ printf ("fork failed: %m\n");
+ return 1;
+ }
+
+ if (!pid)
+ {
+ if (ptr_chk_guard_copy != POINTER_CHK_GUARD)
+ {
+ puts ("POINTER_CHK_GUARD changed after fork");
+ exit (1);
+ }
+
+ close (fds[0]);
+ close (2);
+ dup2 (fds[1], 2);
+ close (fds[1]);
+
+ system (command);
+ exit (0);
+ }
+
+ close (fds[1]);
+
+ if (TEMP_FAILURE_RETRY (read (fds[0], &child_ptr_chk_guards[i],
+ sizeof (uintptr_t))) != sizeof (uintptr_t))
+ {
+ puts ("could not read ptr_chk_guard value from child");
+ return 1;
+ }
+
+ close (fds[0]);
+
+ pid_t termpid;
+ int status;
+ termpid = TEMP_FAILURE_RETRY (waitpid (pid, &status, 0));
+ if (termpid == -1)
+ {
+ printf ("waitpid failed: %m\n");
+ return 1;
+ }
+ else if (termpid != pid)
+ {
+ printf ("waitpid returned %ld != %ld\n",
+ (long int) termpid, (long int) pid);
+ return 1;
+ }
+ else if (!WIFEXITED (status) || WEXITSTATUS (status))
+ {
+ puts ("child hasn't exited with exit status 0");
+ return 1;
+ }
+ }
+
+ qsort (child_ptr_chk_guards, N + 1, sizeof (uintptr_t), uintptr_t_cmp);
+
+ /* The default pointer guard is the same as the default stack guard.
+ They are only set to default if dl_random is NULL. */
+ uintptr_t default_guard = 0;
+ unsigned char *p = (unsigned char *) &default_guard;
+ p[sizeof (uintptr_t) - 1] = 255;
+ p[sizeof (uintptr_t) - 2] = '\n';
+ p[0] = 0;
+
+ /* Test if the pointer guard canaries are either randomized,
+ or equal to the default pointer guard value.
+ Even with randomized pointer guards it might happen
+ that the random number generator generates the same
+ values, but if that happens in more than half from
+ the 16 runs, something is very wrong. */
+ int ndifferences = 0;
+ int ndefaults = 0;
+ for (i = 0; i < N; ++i)
+ {
+ if (child_ptr_chk_guards[i] != child_ptr_chk_guards[i+1])
+ ndifferences++;
+ else if (child_ptr_chk_guards[i] == default_guard)
+ ndefaults++;
+ }
+
+ printf ("differences %d defaults %d\n", ndifferences, ndefaults);
+
+ if (ndifferences < N / 2 && ndefaults < N / 2)
+ {
+ puts ("pointer guard values are not randomized enough");
+ puts ("nor equal to the default value");
+ return 1;
+ }
+
+ return 0;
+}
+
+#define OPT_COMMAND 10000
+#define OPT_CHILD 10001
+#define CMDLINE_OPTIONS \
+ { "command", required_argument, NULL, OPT_COMMAND }, \
+ { "child", no_argument, NULL, OPT_CHILD },
+#define CMDLINE_PROCESS \
+ case OPT_COMMAND: \
+ command = optarg; \
+ break; \
+ case OPT_CHILD: \
+ child = true; \
+ break;
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"
diff --git a/ports/sysdeps/ia64/stackguard-macros.h b/ports/sysdeps/ia64/stackguard-macros.h
index dc683c2..3907293 100644
--- a/ports/sysdeps/ia64/stackguard-macros.h
+++ b/ports/sysdeps/ia64/stackguard-macros.h
@@ -2,3 +2,6 @@
#define STACK_CHK_GUARD \
({ uintptr_t x; asm ("adds %0 = -8, r13;; ld8 %0 = [%0]" : "=r" (x)); x; })
+
+#define POINTER_CHK_GUARD \
+ ({ uintptr_t x; asm ("adds %0 = -16, r13;; ld8 %0 = [%0]" : "=r" (x)); x; })
diff --git a/ports/sysdeps/tile/stackguard-macros.h b/ports/sysdeps/tile/stackguard-macros.h
index 589ea2b..f2e041b 100644
--- a/ports/sysdeps/tile/stackguard-macros.h
+++ b/ports/sysdeps/tile/stackguard-macros.h
@@ -4,11 +4,17 @@
# if __WORDSIZE == 64
# define STACK_CHK_GUARD \
({ uintptr_t x; asm ("addi %0, tp, -16; ld %0, %0" : "=r" (x)); x; })
+# define POINTER_CHK_GUARD \
+ ({ uintptr_t x; asm ("addi %0, tp, -24; ld %0, %0" : "=r" (x)); x; })
# else
# define STACK_CHK_GUARD \
({ uintptr_t x; asm ("addi %0, tp, -8; ld4s %0, %0" : "=r" (x)); x; })
+# define POINTER_CHK_GUARD \
+ ({ uintptr_t x; asm ("addi %0, tp, -12; ld4s %0, %0" : "=r" (x)); x; })
# endif
#else
# define STACK_CHK_GUARD \
({ uintptr_t x; asm ("addi %0, tp, -8; lw %0, %0" : "=r" (x)); x; })
+# define POINTER_CHK_GUARD \
+ ({ uintptr_t x; asm ("addi %0, tp, -12; lw %0, %0" : "=r" (x)); x; })
#endif
diff --git a/sysdeps/generic/stackguard-macros.h b/sysdeps/generic/stackguard-macros.h
index ababf65..4fa3d96 100644
--- a/sysdeps/generic/stackguard-macros.h
+++ b/sysdeps/generic/stackguard-macros.h
@@ -2,3 +2,6 @@
extern uintptr_t __stack_chk_guard;
#define STACK_CHK_GUARD __stack_chk_guard
+
+extern uintptr_t __pointer_chk_guard_local;
+#define POINTER_CHK_GUARD __pointer_chk_guard_local
diff --git a/sysdeps/i386/stackguard-macros.h b/sysdeps/i386/stackguard-macros.h
index 8c31e19..0397629 100644
--- a/sysdeps/i386/stackguard-macros.h
+++ b/sysdeps/i386/stackguard-macros.h
@@ -2,3 +2,11 @@
#define STACK_CHK_GUARD \
({ uintptr_t x; asm ("movl %%gs:0x14, %0" : "=r" (x)); x; })
+
+#define POINTER_CHK_GUARD \
+ ({ \
+ uintptr_t x; \
+ asm ("movl %%gs:%c1, %0" : "=r" (x) \
+ : "i" (offsetof (tcbhead_t, pointer_guard))); \
+ x; \
+ })
diff --git a/sysdeps/powerpc/powerpc32/stackguard-macros.h b/sysdeps/powerpc/powerpc32/stackguard-macros.h
index 839f6a4..b3d0af8 100644
--- a/sysdeps/powerpc/powerpc32/stackguard-macros.h
+++ b/sysdeps/powerpc/powerpc32/stackguard-macros.h
@@ -2,3 +2,13 @@
#define STACK_CHK_GUARD \
({ uintptr_t x; asm ("lwz %0,-28680(2)" : "=r" (x)); x; })
+
+#define POINTER_CHK_GUARD \
+ ({ \
+ uintptr_t x; \
+ asm ("lwz %0,%1(2)" \
+ : "=r" (x) \
+ : "i" (offsetof (tcbhead_t, pointer_guard) - TLS_TCB_OFFSET - sizeof (tcbhead_t)) \
+ ); \
+ x; \
+ })
diff --git a/sysdeps/powerpc/powerpc64/stackguard-macros.h b/sysdeps/powerpc/powerpc64/stackguard-macros.h
index 9da879c..4620f96 100644
--- a/sysdeps/powerpc/powerpc64/stackguard-macros.h
+++ b/sysdeps/powerpc/powerpc64/stackguard-macros.h
@@ -2,3 +2,13 @@
#define STACK_CHK_GUARD \
({ uintptr_t x; asm ("ld %0,-28688(13)" : "=r" (x)); x; })
+
+#define POINTER_CHK_GUARD \
+ ({ \
+ uintptr_t x; \
+ asm ("ld %0,%1(2)" \
+ : "=r" (x) \
+ : "i" (offsetof (tcbhead_t, pointer_guard) - TLS_TCB_OFFSET - sizeof (tcbhead_t)) \
+ ); \
+ x; \
+ })
diff --git a/sysdeps/s390/s390-32/stackguard-macros.h b/sysdeps/s390/s390-32/stackguard-macros.h
index b74c579..449e8d4 100644
--- a/sysdeps/s390/s390-32/stackguard-macros.h
+++ b/sysdeps/s390/s390-32/stackguard-macros.h
@@ -2,3 +2,14 @@
#define STACK_CHK_GUARD \
({ uintptr_t x; asm ("ear %0,%%a0; l %0,0x14(%0)" : "=a" (x)); x; })
+
+/* On s390/s390x there is no unique pointer guard, instead we use the
+ same value as the stack guard. */
+#define POINTER_CHK_GUARD \
+ ({ \
+ uintptr_t x; \
+ asm ("ear %0,%%a0; l %0,%1(%0)" \
+ : "=a" (x) \
+ : "i" (offsetof (tcbhead_t, stack_guard))); \
+ x; \
+ })
diff --git a/sysdeps/s390/s390-64/stackguard-macros.h b/sysdeps/s390/s390-64/stackguard-macros.h
index 0cebb5f..c8270fb 100644
--- a/sysdeps/s390/s390-64/stackguard-macros.h
+++ b/sysdeps/s390/s390-64/stackguard-macros.h
@@ -2,3 +2,17 @@
#define STACK_CHK_GUARD \
({ uintptr_t x; asm ("ear %0,%%a0; sllg %0,%0,32; ear %0,%%a1; lg %0,0x28(%0)" : "=a" (x)); x; })
+
+/* On s390/s390x there is no unique pointer guard, instead we use the
+ same value as the stack guard. */
+#define POINTER_CHK_GUARD \
+ ({ \
+ uintptr_t x; \
+ asm ("ear %0,%%a0;" \
+ "sllg %0,%0,32;" \
+ "ear %0,%%a1;" \
+ "lg %0,%1(%0)" \
+ : "=a" (x) \
+ : "i" (offsetof (tcbhead_t, stack_guard))); \
+ x; \
+ })
diff --git a/sysdeps/sparc/sparc32/stackguard-macros.h b/sysdeps/sparc/sparc32/stackguard-macros.h
index c0b02b0..1eef0f1 100644
--- a/sysdeps/sparc/sparc32/stackguard-macros.h
+++ b/sysdeps/sparc/sparc32/stackguard-macros.h
@@ -2,3 +2,6 @@
#define STACK_CHK_GUARD \
({ uintptr_t x; asm ("ld [%%g7+0x14], %0" : "=r" (x)); x; })
+
+#define POINTER_CHK_GUARD \
+ ({ uintptr_t x; asm ("ld [%%g7+0x18], %0" : "=r" (x)); x; })
diff --git a/sysdeps/sparc/sparc64/stackguard-macros.h b/sysdeps/sparc/sparc64/stackguard-macros.h
index 80f0635..cc0c12c 100644
--- a/sysdeps/sparc/sparc64/stackguard-macros.h
+++ b/sysdeps/sparc/sparc64/stackguard-macros.h
@@ -2,3 +2,6 @@
#define STACK_CHK_GUARD \
({ uintptr_t x; asm ("ldx [%%g7+0x28], %0" : "=r" (x)); x; })
+
+#define POINTER_CHK_GUARD \
+ ({ uintptr_t x; asm ("ldx [%%g7+0x30], %0" : "=r" (x)); x; })
diff --git a/sysdeps/x86_64/stackguard-macros.h b/sysdeps/x86_64/stackguard-macros.h
index d7fedb3..1948800 100644
--- a/sysdeps/x86_64/stackguard-macros.h
+++ b/sysdeps/x86_64/stackguard-macros.h
@@ -4,3 +4,8 @@
({ uintptr_t x; \
asm ("mov %%fs:%c1, %0" : "=r" (x) \
: "i" (offsetof (tcbhead_t, stack_guard))); x; })
+
+#define POINTER_CHK_GUARD \
+ ({ uintptr_t x; \
+ asm ("mov %%fs:%c1, %0" : "=r" (x) \
+ : "i" (offsetof (tcbhead_t, pointer_guard))); x; })
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=46ee9243f23f56ded21bf8507f86a55980b04ed1
commit 46ee9243f23f56ded21bf8507f86a55980b04ed1
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date: Fri Oct 25 10:22:12 2013 +0530
Fix stack overflow due to large AF_INET6 requests
Resolves #16072 (CVE-2013-4458).
This patch fixes another stack overflow in getaddrinfo when it is
called with AF_INET6. The AF_UNSPEC case was fixed as CVE-2013-1914,
but the AF_INET6 case went undetected back then.
(cherry picked from commit 6f95434fd488e9b72117f9b93ec2e2dbf397a4d3)
diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
index 7bb3ded..2e97255 100644
--- a/sysdeps/posix/getaddrinfo.c
+++ b/sysdeps/posix/getaddrinfo.c
@@ -197,7 +197,22 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
&rc, &herrno, NULL, &localcanon)); \
if (rc != ERANGE || herrno != NETDB_INTERNAL) \
break; \
- tmpbuf = extend_alloca (tmpbuf, tmpbuflen, 2 * tmpbuflen); \
+ if (!malloc_tmpbuf && __libc_use_alloca (alloca_used + 2 * tmpbuflen)) \
+ tmpbuf = extend_alloca_account (tmpbuf, tmpbuflen, 2 * tmpbuflen, \
+ alloca_used); \
+ else \
+ { \
+ char *newp = realloc (malloc_tmpbuf ? tmpbuf : NULL, \
+ 2 * tmpbuflen); \
+ if (newp == NULL) \
+ { \
+ result = -EAI_MEMORY; \
+ goto free_and_return; \
+ } \
+ tmpbuf = newp; \
+ malloc_tmpbuf = true; \
+ tmpbuflen = 2 * tmpbuflen; \
+ } \
} \
if (status == NSS_STATUS_SUCCESS && rc == 0) \
h = &th; \
@@ -209,7 +224,8 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
{ \
__set_h_errno (herrno); \
_res.options |= old_res_options & RES_USE_INET6; \
- return -EAI_SYSTEM; \
+ result = -EAI_SYSTEM; \
+ goto free_and_return; \
} \
if (herrno == TRY_AGAIN) \
no_data = EAI_AGAIN; \
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cbee0562887196f6c87dc538aaeeb494c79daa15
commit cbee0562887196f6c87dc538aaeeb494c79daa15
Author: Allan McRae <allan@archlinux.org>
Date: Mon Sep 9 22:52:58 2013 +1000
Fix memory leak in stdlib/isomac.c
(cherry picked from commit 3f71830d35d7bf4ac11664f0c48c3c68d250618b)
diff --git a/stdlib/isomac.c b/stdlib/isomac.c
index 2c9009b..621b515 100644
--- a/stdlib/isomac.c
+++ b/stdlib/isomac.c
@@ -263,6 +263,7 @@ get_null_defines (void)
if (system (command))
{
puts ("system() returned nonzero");
+ free (command);
return NULL;
}
free (command);
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=45560694ca0b6d80ccbba23b51d1c4aa8cd228ab
commit 45560694ca0b6d80ccbba23b51d1c4aa8cd228ab
Author: Allan McRae <allan@archlinux.org>
Date: Mon Sep 9 22:50:41 2013 +1000
Fix memory leaks in libio on allocation failure
(cherry picked from commit 8e395175c4786ad9679851e3ed3c0c54a6f4e1f0)
diff --git a/libio/memstream.c b/libio/memstream.c
index 34534e2..3cb1bd7 100644
--- a/libio/memstream.c
+++ b/libio/memstream.c
@@ -84,7 +84,10 @@ open_memstream (bufloc, sizeloc)
buf = calloc (1, _IO_BUFSIZ);
if (buf == NULL)
- return NULL;
+ {
+ free (new_f);
+ return NULL;
+ }
_IO_init (&new_f->fp._sf._sbf._f, 0);
_IO_JUMPS ((struct _IO_FILE_plus *) &new_f->fp._sf._sbf) = &_IO_mem_jumps;
_IO_str_init_static_internal (&new_f->fp._sf, buf, _IO_BUFSIZ, buf);
diff --git a/libio/wmemstream.c b/libio/wmemstream.c
index 65738d4..fd7fe44 100644
--- a/libio/wmemstream.c
+++ b/libio/wmemstream.c
@@ -85,8 +85,10 @@ open_wmemstream (bufloc, sizeloc)
buf = calloc (1, _IO_BUFSIZ);
if (buf == NULL)
- return NULL;
-
+ {
+ free (new_f);
+ return NULL;
+ }
_IO_no_init (&new_f->fp._sf._sbf._f, 0, 0, &new_f->wd, &_IO_wmem_jumps);
_IO_fwide (&new_f->fp._sf._sbf._f, 1);
_IO_wstr_init_static (&new_f->fp._sf._sbf._f, buf,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6c42eca168f60bc50ed5e57ce59d1bfdf19120e2
commit 6c42eca168f60bc50ed5e57ce59d1bfdf19120e2
Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Thu Sep 5 09:32:56 2013 -0500
PowerPC: fix POWER7 memrchr for some large inputs
(cherry picked from commit b51679672648410c6627a4bd169e076c5b36f47b)
Conflicts:
ChangeLog
diff --git a/sysdeps/powerpc/powerpc32/power7/memrchr.S b/sysdeps/powerpc/powerpc32/power7/memrchr.S
index d1e3fda..defd832 100644
--- a/sysdeps/powerpc/powerpc32/power7/memrchr.S
+++ b/sysdeps/powerpc/powerpc32/power7/memrchr.S
@@ -101,8 +101,8 @@ L(loop):
/* We're here because the counter reached 0, and that means we
didn't have any matches for BYTE in the whole range. Just return
the original range. */
- addi r9,r8,4
- cmplw cr6,r9,r7
+ addi r8,r8,4
+ cmplw cr6,r8,r7
bgt cr6,L(loop_small)
b L(null)
diff --git a/sysdeps/powerpc/powerpc64/power7/memrchr.S b/sysdeps/powerpc/powerpc64/power7/memrchr.S
index d24fbbb..c499952 100644
--- a/sysdeps/powerpc/powerpc64/power7/memrchr.S
+++ b/sysdeps/powerpc/powerpc64/power7/memrchr.S
@@ -102,8 +102,8 @@ L(loop):
/* We're here because the counter reached 0, and that means we
didn't have any matches for BYTE in the whole range. Just return
the original range. */
- addi r9,r8,8
- cmpld cr6,r9,r7
+ addi r8,r8,8
+ cmpld cr6,r8,r7
bgt cr6,L(loop_small)
b L(null)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c4efa458d767026ade69a4cb72362856a7495127
commit c4efa458d767026ade69a4cb72362856a7495127
Author: Andreas Arnez <arnez@linux.vnet.ibm.com>
Date: Thu Oct 31 09:57:33 2013 -0500
* elf/setup-vdso.h (setup_vdso): Fix missing string termination.
backport of f315524e034cfc644157cb4af5ecc99f645dd067
(cherry picked from commit f8a004f1fa412e3aae77faa30b4dfb654d721510)
diff --git a/elf/setup-vdso.h b/elf/setup-vdso.h
index a98dfec..056d885 100644
--- a/elf/setup-vdso.h
+++ b/elf/setup-vdso.h
@@ -89,7 +89,7 @@ setup_vdso (struct link_map *main_map __attribute__ ((unused)),
addresses in the vsyscall DSO pages in writev() calls. */
const char *dsoname = ((char *) D_PTR (l, l_info[DT_STRTAB])
+ l->l_info[DT_SONAME]->d_un.d_val);
- size_t len = strlen (dsoname);
+ size_t len = strlen (dsoname) + 1;
char *copy = malloc (len);
if (copy == NULL)
_dl_fatal_printf ("out of memory\n");
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f50548ac238605f133138f1c00be80b4e2ae3128
commit f50548ac238605f133138f1c00be80b4e2ae3128
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Oct 31 09:55:52 2013 -0500
CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r
* sysdeps/posix/dirstream.h (struct __dirstream): Add errcode
member.
* sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode
member.
* sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member.
* sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit.
Return delayed error code. Remove GETDENTS_64BIT_ALIGNED
conditional.
* sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define
GETDENTS_64BIT_ALIGNED.
* sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise.
* manual/filesys.texi (Reading/Closing Directory): Document
ENAMETOOLONG return value of readdir_r. Recommend readdir more
strongly.
* manual/conf.texi (Limits for Files): Add portability note to
NAME_MAX, PATH_MAX.
(Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX.
backport of 91ce40854d0b7f865cf5024ef95a8026b76096f3
(cherry picked from commit f166b9c6e90d631115c59b4357357bc168d8e51a)
diff --git a/manual/conf.texi b/manual/conf.texi
index 7eb8b36..c720063 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -1149,6 +1149,9 @@ typed ahead as input. @xref{I/O Queues}.
@deftypevr Macro int NAME_MAX
The uniform system limit (if any) for the length of a file name component, not
including the terminating null character.
+
+@strong{Portability Note:} On some systems, @theglibc{} defines
+@code{NAME_MAX}, but does not actually enforce this limit.
@end deftypevr
@comment limits.h
@@ -1157,6 +1160,9 @@ including the terminating null character.
The uniform system limit (if any) for the length of an entire file name (that
is, the argument given to system calls such as @code{open}), including the
terminating null character.
+
+@strong{Portability Note:} @Theglibc{} does not enforce this limit
+even if @code{PATH_MAX} is defined.
@end deftypevr
@cindex limits, pipe buffer size
@@ -1476,6 +1482,9 @@ Inquire about the value of @code{POSIX_REC_MIN_XFER_SIZE}.
Inquire about the value of @code{POSIX_REC_XFER_ALIGN}.
@end table
+@strong{Portability Note:} On some systems, @theglibc{} does not
+enforce @code{_PC_NAME_MAX} or @code{_PC_PATH_MAX} limits.
+
@node Utility Limits
@section Utility Program Capacity Limits
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..814c210 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -444,9 +444,9 @@ symbols are declared in the header file @file{dirent.h}.
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
This function reads the next entry from the directory. It normally
-returns a pointer to a structure containing information about the file.
-This structure is statically allocated and can be rewritten by a
-subsequent call.
+returns a pointer to a structure containing information about the
+file. This structure is associated with the @var{dirstream} handle
+and can be rewritten by a subsequent call.
@strong{Portability Note:} On some systems @code{readdir} may not
return entries for @file{.} and @file{..}, even though these are always
@@ -461,19 +461,61 @@ conditions are defined for this function:
The @var{dirstream} argument is not valid.
@end table
-@code{readdir} is not thread safe. Multiple threads using
-@code{readdir} on the same @var{dirstream} may overwrite the return
-value. Use @code{readdir_r} when this is critical.
+To distinguish between an end-of-directory condition or an error, you
+must set @code{errno} to zero before calling @code{readdir}. To avoid
+entering an infinite loop, you should stop reading from the directory
+after the first error.
+
+In POSIX.1-2008, @code{readdir} is not thread-safe. In @theglibc{}
+implementation, it is safe to call @code{readdir} concurrently on
+different @var{dirstream}s, but multiple threads accessing the same
+@var{dirstream} result in undefined behavior. @code{readdir_r} is a
+fully thread-safe alternative, but suffers from poor portability (see
+below). It is recommended that you use @code{readdir}, with external
+locking if multiple threads access the same @var{dirstream}.
@end deftypefun
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
-This function is the reentrant version of @code{readdir}. Like
-@code{readdir} it returns the next entry from the directory. But to
-prevent conflicts between simultaneously running threads the result is
-not stored in statically allocated memory. Instead the argument
-@var{entry} points to a place to store the result.
+This function is a version of @code{readdir} which performs internal
+locking. Like @code{readdir} it returns the next entry from the
+directory. To prevent conflicts between simultaneously running
+threads the result is stored inside the @var{entry} object.
+
+@strong{Portability Note:} It is recommended to use @code{readdir}
+instead of @code{readdir_r} for the following reasons:
+
+@itemize @bullet
+@item
+On systems which do not define @code{NAME_MAX}, it may not be possible
+to use @code{readdir_r} safely because the caller does not specify the
+length of the buffer for the directory entry.
+
+@item
+On some systems, @code{readdir_r} cannot read directory entries with
+very long names. If such a name is encountered, @theglibc{}
+implementation of @code{readdir_r} returns with an error code of
+@code{ENAMETOOLONG} after the final directory entry has been read. On
+other systems, @code{readdir_r} may return successfully, but the
+@code{d_name} member may not be NUL-terminated or may be truncated.
+
+@item
+POSIX-1.2008 does not guarantee that @code{readdir} is thread-safe,
+even when access to the same @var{dirstream} is serialized. But in
+current implementations (including @theglibc{}), it is safe to call
+@code{readdir} concurrently on different @var{dirstream}s, so there is
+no need to use @code{readdir_r} in most multi-threaded programs. In
+the rare case that multiple threads need to read from the same
+@var{dirstream}, it is still better to use @code{readdir} and external
+synchronization.
+
+@item
+It is expected that future versions of POSIX will obsolete
+@code{readdir_r} and mandate the level of thread safety for
+@code{readdir} which is provided by @theglibc{} and other
+implementations today.
+@end itemize
Normally @code{readdir_r} returns zero and sets @code{*@var{result}}
to @var{entry}. If there are no more entries in the directory or an
@@ -481,15 +523,6 @@ error is detected, @code{readdir_r} sets @code{*@var{result}} to a
null pointer and returns a nonzero error code, also stored in
@code{errno}, as described for @code{readdir}.
-@strong{Portability Note:} On some systems @code{readdir_r} may not
-return a NUL terminated string for the file name, even when there is no
-@code{d_reclen} field in @code{struct dirent} and the file
-name is the maximum allowed size. Modern systems all have the
-@code{d_reclen} field, and on old systems multi-threading is not
-critical. In any case there is no such problem with the @code{readdir}
-function, so that even on systems without the @code{d_reclen} member one
-could use multiple threads by using external locking.
-
It is also important to look at the definition of the @code{struct
dirent} type. Simply passing a pointer to an object of this type for
the second parameter of @code{readdir_r} might not be enough. Some
diff --git a/sysdeps/posix/dirstream.h b/sysdeps/posix/dirstream.h
index a7a074d..8e8570d 100644
--- a/sysdeps/posix/dirstream.h
+++ b/sysdeps/posix/dirstream.h
@@ -39,6 +39,8 @@ struct __dirstream
off_t filepos; /* Position of next entry to read. */
+ int errcode; /* Delayed error code. */
+
/* Directory block. */
char data[0] __attribute__ ((aligned (__alignof__ (void*))));
};
diff --git a/sysdeps/posix/opendir.c b/sysdeps/posix/opendir.c
index ddfc3a7..fc05b0f 100644
--- a/sysdeps/posix/opendir.c
+++ b/sysdeps/posix/opendir.c
@@ -231,6 +231,7 @@ __alloc_dir (int fd, bool close_fd, int flags, const struct stat64 *statp)
dirp->size = 0;
dirp->offset = 0;
dirp->filepos = 0;
+ dirp->errcode = 0;
return dirp;
}
diff --git a/sysdeps/posix/readdir_r.c b/sysdeps/posix/readdir_r.c
index b5a8e2e..8ed5c3f 100644
--- a/sysdeps/posix/readdir_r.c
+++ b/sysdeps/posix/readdir_r.c
@@ -40,6 +40,7 @@ __READDIR_R (DIR *dirp, DIRENT_TYPE *entry, DIRENT_TYPE **result)
DIRENT_TYPE *dp;
size_t reclen;
const int saved_errno = errno;
+ int ret;
__libc_lock_lock (dirp->lock);
@@ -70,10 +71,10 @@ __READDIR_R (DIR *dirp, DIRENT_TYPE *entry, DIRENT_TYPE **result)
bytes = 0;
__set_errno (saved_errno);
}
+ if (bytes < 0)
+ dirp->errcode = errno;
dp = NULL;
- /* Reclen != 0 signals that an error occurred. */
- reclen = bytes != 0;
break;
}
dirp->size = (size_t) bytes;
@@ -106,29 +107,46 @@ __READDIR_R (DIR *dirp, DIRENT_TYPE *entry, DIRENT_TYPE **result)
dirp->filepos += reclen;
#endif
- /* Skip deleted files. */
+#ifdef NAME_MAX
+ if (reclen > offsetof (DIRENT_TYPE, d_name) + NAME_MAX + 1)
+ {
+ /* The record is very long. It could still fit into the
+ caller-supplied buffer if we can skip padding at the
+ end. */
+ size_t namelen = _D_EXACT_NAMLEN (dp);
+ if (namelen <= NAME_MAX)
+ reclen = offsetof (DIRENT_TYPE, d_name) + namelen + 1;
+ else
+ {
+ /* The name is too long. Ignore this file. */
+ dirp->errcode = ENAMETOOLONG;
+ dp->d_ino = 0;
+ continue;
+ }
+ }
+#endif
+
+ /* Skip deleted and ignored files. */
}
while (dp->d_ino == 0);
if (dp != NULL)
{
-#ifdef GETDENTS_64BIT_ALIGNED
- /* The d_reclen value might include padding which is not part of
- the DIRENT_TYPE data structure. */
- reclen = MIN (reclen,
- offsetof (DIRENT_TYPE, d_name) + sizeof (dp->d_name));
-#endif
*result = memcpy (entry, dp, reclen);
-#ifdef GETDENTS_64BIT_ALIGNED
+#ifdef _DIRENT_HAVE_D_RECLEN
entry->d_reclen = reclen;
#endif
+ ret = 0;
}
else
- *result = NULL;
+ {
+ *result = NULL;
+ ret = dirp->errcode;
+ }
__libc_lock_unlock (dirp->lock);
- return dp != NULL ? 0 : reclen ? errno : 0;
+ return ret;
}
#ifdef __READDIR_R_ALIAS
diff --git a/sysdeps/posix/rewinddir.c b/sysdeps/posix/rewinddir.c
index 2935a8e..d4991ad 100644
--- a/sysdeps/posix/rewinddir.c
+++ b/sysdeps/posix/rewinddir.c
@@ -33,6 +33,7 @@ rewinddir (dirp)
dirp->filepos = 0;
dirp->offset = 0;
dirp->size = 0;
+ dirp->errcode = 0;
#ifndef NOT_IN_libc
__libc_lock_unlock (dirp->lock);
#endif
diff --git a/sysdeps/unix/sysv/linux/i386/readdir64_r.c b/sysdeps/unix/sysv/linux/i386/readdir64_r.c
index 8ebbcfd..a7d114e 100644
--- a/sysdeps/unix/sysv/linux/i386/readdir64_r.c
+++ b/sysdeps/unix/sysv/linux/i386/readdir64_r.c
@@ -18,7 +18,6 @@
#define __READDIR_R __readdir64_r
#define __GETDENTS __getdents64
#define DIRENT_TYPE struct dirent64
-#define GETDENTS_64BIT_ALIGNED 1
#include <sysdeps/posix/readdir_r.c>
diff --git a/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c b/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c
index 5ed8e95..290f2c8 100644
--- a/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c
+++ b/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c
@@ -1,5 +1,4 @@
#define readdir64_r __no_readdir64_r_decl
-#define GETDENTS_64BIT_ALIGNED 1
#include <sysdeps/posix/readdir_r.c>
#undef readdir64_r
weak_alias (__readdir_r, readdir64_r)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=703be862e20ab99e0c241480658d372d3f71fd4e
commit 703be862e20ab99e0c241480658d372d3f71fd4e
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date: Thu Oct 3 08:26:21 2013 +0530
Fix PI mutex check in pthread_cond_broadcast and pthread_cond_signal
Fixes BZ #15996.
The check had a typo - it checked for PTHREAD_MUTEX_ROBUST_NP instead
of PTHREAD_MUTEX_ROBUST_NORMAL_NP. It has now been replaced by the
already existing convenience macro USE_REQUEUE_PI.
(cherry picked from commit 2770d15e7e880821fc586619c59eb45180628e16)
diff --git a/NEWS b/NEWS
index f64fb82..fb6069d 100644
--- a/NEWS
+++ b/NEWS
@@ -9,7 +9,7 @@ Version 2.18.1
* The following bugs are resolved with this release:
- 15909.
+ 15909, 15996.
�
Version 2.18
diff --git a/nptl/ChangeLog b/nptl/ChangeLog
index eae5079..2d78490 100644
--- a/nptl/ChangeLog
+++ b/nptl/ChangeLog
@@ -1,3 +1,12 @@
+2013-10-03 Siddhesh Poyarekar <siddhesh@redhat.com>
+
+ [BZ #15996]
+ * pthread_cond_broadcast.c (__pthread_cond_broadcast)
+ [lll_futex_cmp_requeue_pi && __ASSUME_REQUEUE_PI]: Use
+ USE_REQUEUE_PI.
+ * pthread_cond_signal.c (__pthread_cond_signal)
+ [lll_futex_cmd_requeue_pi && __ASSUME_REQUEUE_PI]: Likewise.
+
2013-07-23 David S. Miller <davem@davemloft.net>
* tst-cancel4.c (WRITE_BUFFER_SIZE): Adjust comment.
diff --git a/nptl/pthread_cond_broadcast.c b/nptl/pthread_cond_broadcast.c
index 0702ec0..7ba9efa 100644
--- a/nptl/pthread_cond_broadcast.c
+++ b/nptl/pthread_cond_broadcast.c
@@ -63,10 +63,7 @@ __pthread_cond_broadcast (cond)
#if (defined lll_futex_cmp_requeue_pi \
&& defined __ASSUME_REQUEUE_PI)
- int pi_flag = PTHREAD_MUTEX_PRIO_INHERIT_NP | PTHREAD_MUTEX_ROBUST_NP;
- pi_flag &= mut->__data.__kind;
-
- if (pi_flag == PTHREAD_MUTEX_PRIO_INHERIT_NP)
+ if (USE_REQUEUE_PI (mut))
{
if (lll_futex_cmp_requeue_pi (&cond->__data.__futex, 1, INT_MAX,
&mut->__data.__lock, futex_val,
diff --git a/nptl/pthread_cond_signal.c b/nptl/pthread_cond_signal.c
index 102d0b3..ffc35dc 100644
--- a/nptl/pthread_cond_signal.c
+++ b/nptl/pthread_cond_signal.c
@@ -49,14 +49,9 @@ __pthread_cond_signal (cond)
#if (defined lll_futex_cmp_requeue_pi \
&& defined __ASSUME_REQUEUE_PI)
- int pi_flag = PTHREAD_MUTEX_PRIO_INHERIT_NP | PTHREAD_MUTEX_ROBUST_NP;
pthread_mutex_t *mut = cond->__data.__mutex;
- /* Do not use requeue for pshared condvars. */
- if (mut != (void *) ~0l)
- pi_flag &= mut->__data.__kind;
-
- if (__builtin_expect (pi_flag == PTHREAD_MUTEX_PRIO_INHERIT_NP, 0)
+ if (USE_REQUEUE_PI (mut)
/* This can only really fail with a ENOSYS, since nobody can modify
futex while we have the cond_lock. */
&& lll_futex_cmp_requeue_pi (&cond->__data.__futex, 1, 0,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6987b2d519f836926540d6fee1ad8840b29865bf
commit 6987b2d519f836926540d6fee1ad8840b29865bf
Author: Will Newton <will.newton@linaro.org>
Date: Thu Aug 29 20:10:26 2013 +0100
ARM: Fix clone code when built for Thumb.
The mov lr, pc instruction will lose the Thumb bit from the return address
so use blx lr instead.
ports/ChangeLog.arm:
2013-08-30 Will Newton <will.newton@linaro.org>
[BZ #15909]
* sysdeps/unix/sysv/linux/arm/clone.S (__clone): Use blx
instead of mov lr, pc.
(cherry picked from commit 6b06ac56cdfc9293908724e51e827534e97819aa)
(cherry picked from commit 4f2bcda964d4fff56855e0c66198c9bcb682ea1e)
diff --git a/NEWS b/NEWS
index b023c30..f64fb82 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,12 @@ See the end for copying conditions.
Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
�
+Version 2.18.1
+
+* The following bugs are resolved with this release:
+
+ 15909.
+�
Version 2.18
* The following bugs are resolved with this release:
diff --git a/ports/ChangeLog.arm b/ports/ChangeLog.arm
index 1e7a35c..54debd7 100644
--- a/ports/ChangeLog.arm
+++ b/ports/ChangeLog.arm
@@ -1,3 +1,9 @@
+2013-08-30 Will Newton <will.newton@linaro.org>
+
+ [BZ #15909]
+ * sysdeps/unix/sysv/linux/arm/clone.S (__clone): Use blx
+ instead of mov lr, pc.
+
2013-07-03 Joseph Myers <joseph@codesourcery.com>
* sysdeps/arm/include/bits/setjmp.h [_ISOMAC] (JMP_BUF_REGLIST):
diff --git a/ports/sysdeps/unix/sysv/linux/arm/clone.S b/ports/sysdeps/unix/sysv/linux/arm/clone.S
index ce9c2a5..6e74fa7 100644
--- a/ports/sysdeps/unix/sysv/linux/arm/clone.S
+++ b/ports/sysdeps/unix/sysv/linux/arm/clone.S
@@ -93,8 +93,8 @@ PSEUDO_END (__clone)
mov lr, pc
bx ip
#else
- mov lr, pc
- ldr pc, [sp], #8
+ ldr lr, [sp], #8
+ blx lr
#endif
@ and we are done, passing the return value through r0
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=50219dba1e5108fd32de15b0533a6a53db0085ed
commit 50219dba1e5108fd32de15b0533a6a53db0085ed
Author: Mike Frysinger <vapier@gentoo.org>
Date: Sun Jan 5 16:23:42 2014 -0500
ia64: add __ prefix to pt_all_user_regs/ia64_fpreg [BZ #762]
This addresses a long standing collision between userspace headers and
kernel headers only on ia64 systems. All other types have a __ prefix
in the ptrace headers except these two. Let's finally namespace these.
Verified that at least strace still builds after this change, as well
as after deleting all the struct hacks it has specifically for ia64.
URL: https://sourceware.org/bugzilla/show_bug.cgi?id=762
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
diff --git a/ports/sysdeps/unix/sysv/linux/ia64/bits/sigcontext.h b/ports/sysdeps/unix/sysv/linux/ia64/bits/sigcontext.h
index 3b8e4a7..94e608b 100644
--- a/ports/sysdeps/unix/sysv/linux/ia64/bits/sigcontext.h
+++ b/ports/sysdeps/unix/sysv/linux/ia64/bits/sigcontext.h
@@ -27,7 +27,7 @@
#include <stddef.h>
#include <bits/sigstack.h>
-struct ia64_fpreg
+struct __ia64_fpreg
{
union
{
@@ -55,7 +55,7 @@ struct sigcontext
unsigned long int sc_pr; /* predicate registers */
unsigned long int sc_br[8]; /* branch registers */
unsigned long int sc_gr[32]; /* general registers (static partition) */
- struct ia64_fpreg sc_fr[128]; /* floating-point registers */
+ struct __ia64_fpreg sc_fr[128]; /* floating-point registers */
unsigned long int sc_rbs_base;/* NULL or new base of sighandler's rbs */
unsigned long int sc_loadrs; /* see description above */
unsigned long int sc_ar25; /* cmp8xchg16 uses this */
diff --git a/ports/sysdeps/unix/sysv/linux/ia64/sys/procfs.h b/ports/sysdeps/unix/sysv/linux/ia64/sys/procfs.h
index 29d1c42..663e0b0 100644
--- a/ports/sysdeps/unix/sysv/linux/ia64/sys/procfs.h
+++ b/ports/sysdeps/unix/sysv/linux/ia64/sys/procfs.h
@@ -46,7 +46,7 @@ struct elf_siginfo
typedef unsigned long elf_greg_t;
typedef elf_greg_t elf_gregset_t[ELF_NGREG];
-typedef struct ia64_fpreg elf_fpreg_t;
+typedef struct __ia64_fpreg elf_fpreg_t;
typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG];
typedef elf_greg_t greg_t;
diff --git a/ports/sysdeps/unix/sysv/linux/ia64/sys/ptrace.h b/ports/sysdeps/unix/sysv/linux/ia64/sys/ptrace.h
index cda5209..4628c3f 100644
--- a/ports/sysdeps/unix/sysv/linux/ia64/sys/ptrace.h
+++ b/ports/sysdeps/unix/sysv/linux/ia64/sys/ptrace.h
@@ -144,7 +144,7 @@ enum __ptrace_flags
};
/* pt_all_user_regs is used for PTRACE_GETREGS/PTRACE_SETREGS. */
-struct pt_all_user_regs
+struct __pt_all_user_regs
{
unsigned long nat;
unsigned long cr_iip;
@@ -155,7 +155,7 @@ struct pt_all_user_regs
unsigned long gr[32];
unsigned long br[8];
unsigned long ar[128];
- struct ia64_fpreg fr[128];
+ struct __ia64_fpreg fr[128];
};
/* Options set using PTRACE_SETOPTIONS. */
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=367416b057d5da2f719856c8ee9072b58600f48d
commit 367416b057d5da2f719856c8ee9072b58600f48d
Author: Mike Frysinger <vapier@gentoo.org>
Date: Sun Jan 5 16:07:13 2014 -0500
ptrace.h: add __ prefix to ptrace_peeksiginfo_args
All the other ptrace structures in this file have a __ prefix except this
new one. This in turn causes build problems for most packages that try to
use ptrace such as strace:
gcc -DHAVE_CONFIG_H -I. -I../.. -I../../linux/x86_64 -I../../linux \
-I./linux -Wall -Wwrite-strings -g -O2 -MT process.o -MD -MP \
-MF .deps/process.Tpo -c -o process.o ../../process.c
In file included from ../../process.c:63:0:
/usr/include/linux/ptrace.h:58:8: error: redefinition of 'struct ptrace_peeksiginfo_args'
struct ptrace_peeksiginfo_args {
^
In file included from ../../defs.h:159:0,
from ../../process.c:37:
/usr/include/sys/ptrace.h:191:8: note: originally defined here
struct ptrace_peeksiginfo_args
^
Since this struct was introduced in glibc-2.18, there shouldn't be any
real regressions with adding the __ prefix.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
diff --git a/ports/sysdeps/unix/sysv/linux/aarch64/sys/ptrace.h b/ports/sysdeps/unix/sysv/linux/aarch64/sys/ptrace.h
index 71e1dec..7b5f6e4 100644
--- a/ports/sysdeps/unix/sysv/linux/aarch64/sys/ptrace.h
+++ b/ports/sysdeps/unix/sysv/linux/aarch64/sys/ptrace.h
@@ -165,7 +165,7 @@ enum __ptrace_eventcodes
};
/* Arguments for PTRACE_PEEKSIGINFO. */
-struct ptrace_peeksiginfo_args
+struct __ptrace_peeksiginfo_args
{
__uint64_t off; /* From which siginfo to start. */
__uint32_t flags; /* Flags for peeksiginfo. */
diff --git a/ports/sysdeps/unix/sysv/linux/ia64/sys/ptrace.h b/ports/sysdeps/unix/sysv/linux/ia64/sys/ptrace.h
index d6f3908..cda5209 100644
--- a/ports/sysdeps/unix/sysv/linux/ia64/sys/ptrace.h
+++ b/ports/sysdeps/unix/sysv/linux/ia64/sys/ptrace.h
@@ -185,7 +185,7 @@ enum __ptrace_eventcodes
};
/* Arguments for PTRACE_PEEKSIGINFO. */
-struct ptrace_peeksiginfo_args
+struct __ptrace_peeksiginfo_args
{
__uint64_t off; /* From which siginfo to start. */
__uint32_t flags; /* Flags for peeksiginfo. */
diff --git a/ports/sysdeps/unix/sysv/linux/tile/sys/ptrace.h b/ports/sysdeps/unix/sysv/linux/tile/sys/ptrace.h
index 32e47c7..3c8aea2 100644
--- a/ports/sysdeps/unix/sysv/linux/tile/sys/ptrace.h
+++ b/ports/sysdeps/unix/sysv/linux/tile/sys/ptrace.h
@@ -154,7 +154,7 @@ enum __ptrace_eventcodes
};
/* Arguments for PTRACE_PEEKSIGINFO. */
-struct ptrace_peeksiginfo_args
+struct __ptrace_peeksiginfo_args
{
__uint64_t off; /* From which siginfo to start. */
__uint32_t flags; /* Flags for peeksiginfo. */
diff --git a/sysdeps/unix/sysv/linux/powerpc/sys/ptrace.h b/sysdeps/unix/sysv/linux/powerpc/sys/ptrace.h
index 2104a2d..e680444 100644
--- a/sysdeps/unix/sysv/linux/powerpc/sys/ptrace.h
+++ b/sysdeps/unix/sysv/linux/powerpc/sys/ptrace.h
@@ -158,7 +158,7 @@ enum __ptrace_eventcodes
};
/* Arguments for PTRACE_PEEKSIGINFO. */
-struct ptrace_peeksiginfo_args
+struct __ptrace_peeksiginfo_args
{
__uint64_t off; /* From which siginfo to start. */
__uint32_t flags; /* Flags for peeksiginfo. */
diff --git a/sysdeps/unix/sysv/linux/s390/sys/ptrace.h b/sysdeps/unix/sysv/linux/s390/sys/ptrace.h
index e7f7b22..932a331 100644
--- a/sysdeps/unix/sysv/linux/s390/sys/ptrace.h
+++ b/sysdeps/unix/sysv/linux/s390/sys/ptrace.h
@@ -197,7 +197,7 @@ enum __ptrace_eventcodes
};
/* Arguments for PTRACE_PEEKSIGINFO. */
-struct ptrace_peeksiginfo_args
+struct __ptrace_peeksiginfo_args
{
__uint64_t off; /* From which siginfo to start. */
__uint32_t flags; /* Flags for peeksiginfo. */
diff --git a/sysdeps/unix/sysv/linux/sparc/sys/ptrace.h b/sysdeps/unix/sysv/linux/sparc/sys/ptrace.h
index 7543fa7..0efec6e 100644
--- a/sysdeps/unix/sysv/linux/sparc/sys/ptrace.h
+++ b/sysdeps/unix/sysv/linux/sparc/sys/ptrace.h
@@ -240,7 +240,7 @@ enum __ptrace_eventcodes
};
/* Arguments for PTRACE_PEEKSIGINFO. */
-struct ptrace_peeksiginfo_args
+struct __ptrace_peeksiginfo_args
{
__uint64_t off; /* From which siginfo to start. */
__uint32_t flags; /* Flags for peeksiginfo. */
diff --git a/sysdeps/unix/sysv/linux/sys/ptrace.h b/sysdeps/unix/sysv/linux/sys/ptrace.h
index 2b78565..58f50c5 100644
--- a/sysdeps/unix/sysv/linux/sys/ptrace.h
+++ b/sysdeps/unix/sysv/linux/sys/ptrace.h
@@ -188,7 +188,7 @@ enum __ptrace_eventcodes
};
/* Arguments for PTRACE_PEEKSIGINFO. */
-struct ptrace_peeksiginfo_args
+struct __ptrace_peeksiginfo_args
{
__uint64_t off; /* From which siginfo to start. */
__uint32_t flags; /* Flags for peeksiginfo. */
-----------------------------------------------------------------------
hooks/post-receive
--
GNU C Library master sources