This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch release/2.19/master updated. glibc-2.19-43-g012adb3

From: aurel32 at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 19 Oct 2015 09:50:42 -0000
Subject: GNU C Library master sources branch release/2.19/master updated. glibc-2.19-43-g012adb3

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.19/master has been updated
       via  012adb33827608d3b78e3832a1948b468b549946 (commit)
       via  fc843f6e48737d3d6690c5cf355d9719274efee1 (commit)
      from  3fd498242948b1fa944c56646ec9b156387dd310 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=012adb33827608d3b78e3832a1948b468b549946

commit 012adb33827608d3b78e3832a1948b468b549946
Author: Paul Pluzhnikov <ppluzhnikov@google.com>
Date:   Sun Feb 22 12:01:47 2015 -0800

    Fix BZ #17269 -- _IO_wstr_overflow integer overflow
    
    (cherry picked from commit bdf1ff052a8e23d637f2c838fa5642d78fcedc33)
    
    Conflicts:
    	ChangeLog
    	NEWS

diff --git a/ChangeLog b/ChangeLog
index a4f4e0d..8d621b2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2015-02-22  Paul Pluzhnikov  <ppluzhnikov@google.com>
+
+	[BZ #17269]
+	* libio/wstrops.c (_IO_wstr_overflow): Guard against integer overflow
+	(enlarge_userbuf): Likewise.
+
 2015-02-26  Andreas Schwab  <schwab@suse.de>
 
 	[BZ #18032]
diff --git a/NEWS b/NEWS
index c017fa3..9e7316b 100644
--- a/NEWS
+++ b/NEWS
@@ -11,7 +11,7 @@ Version 2.19.1
 
   15946, 16545, 16574, 16623, 16657, 16695, 16743, 16878, 16882, 16885,
   16916, 16932, 16943, 16958, 17048, 17069, 17079, 17137, 17153, 17213,
-  17263, 17325, 17555, 18032, 18287.
+  17263, 17269, 17325, 17555, 18032, 18287.
 
 * A buffer overflow in gethostbyname_r and related functions performing DNS
   requests has been fixed.  If the NSS functions were called with a
diff --git a/libio/wstrops.c b/libio/wstrops.c
index 399a377..9218d4a 100644
--- a/libio/wstrops.c
+++ b/libio/wstrops.c
@@ -95,8 +95,11 @@ _IO_wstr_overflow (fp, c)
 	  wchar_t *old_buf = fp->_wide_data->_IO_buf_base;
 	  size_t old_wblen = _IO_wblen (fp);
 	  _IO_size_t new_size = 2 * old_wblen + 100;
-	  if (new_size < old_wblen)
+
+	  if (__glibc_unlikely (new_size < old_wblen)
+	      || __glibc_unlikely (new_size > SIZE_MAX / sizeof (wchar_t)))
 	    return EOF;
+
 	  new_buf
 	    = (wchar_t *) (*((_IO_strfile *) fp)->_s._allocate_buffer) (new_size
 									* sizeof (wchar_t));
@@ -186,6 +189,9 @@ enlarge_userbuf (_IO_FILE *fp, _IO_off64_t offset, int reading)
     return 1;
 
   _IO_size_t newsize = offset + 100;
+  if (__glibc_unlikely (newsize > SIZE_MAX / sizeof (wchar_t)))
+    return 1;
+
   wchar_t *oldbuf = wd->_IO_buf_base;
   wchar_t *newbuf
     = (wchar_t *) (*((_IO_strfile *) fp)->_s._allocate_buffer) (newsize

http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fc843f6e48737d3d6690c5cf355d9719274efee1

commit fc843f6e48737d3d6690c5cf355d9719274efee1
Author: Andreas Schwab <schwab@suse.de>
Date:   Thu Feb 26 14:55:24 2015 +0100

    Fix read past end of pattern in fnmatch (bug 18032)
    
    (cherry picked from commit 4a28f4d55a6cc33474c0792fe93b5942d81bf185)
    
    Conflicts:
    	ChangeLog
    	NEWS

diff --git a/ChangeLog b/ChangeLog
index 815acf0..a4f4e0d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2015-02-26  Andreas Schwab  <schwab@suse.de>
+
+	[BZ #18032]
+	* posix/fnmatch_loop.c (FCT): Remove extra increment when skipping
+	over collating symbol inside a bracket expression.  Minor cleanup.
+
 2014-06-23  Andreas Schwab  <schwab@suse.de>
 
 	[BZ #17079]
diff --git a/NEWS b/NEWS
index ed33f47..c017fa3 100644
--- a/NEWS
+++ b/NEWS
@@ -11,7 +11,7 @@ Version 2.19.1
 
   15946, 16545, 16574, 16623, 16657, 16695, 16743, 16878, 16882, 16885,
   16916, 16932, 16943, 16958, 17048, 17069, 17079, 17137, 17153, 17213,
-  17263, 17325, 17555, 18287.
+  17263, 17325, 17555, 18032, 18287.
 
 * A buffer overflow in gethostbyname_r and related functions performing DNS
   requests has been fixed.  If the NSS functions were called with a
diff --git a/posix/fnmatch_loop.c b/posix/fnmatch_loop.c
index f79d051..f11d0f1 100644
--- a/posix/fnmatch_loop.c
+++ b/posix/fnmatch_loop.c
@@ -951,14 +951,13 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used)
 		  }
 		else if (c == L('[') && *p == L('.'))
 		  {
-		    ++p;
 		    while (1)
 		      {
 			c = *++p;
-			if (c == '\0')
+			if (c == L('\0'))
 			  return FNM_NOMATCH;
 
-			if (*p == L('.') && p[1] == L(']'))
+			if (c == L('.') && p[1] == L(']'))
 			  break;
 		      }
 		    p += 2;

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog            |   12 ++++++++++++
 NEWS                 |    2 +-
 libio/wstrops.c      |    8 +++++++-
 posix/fnmatch_loop.c |    5 ++---
 4 files changed, 22 insertions(+), 5 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]