This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch release/2.19/master updated. glibc-2.19-43-g012adb3
- From: aurel32 at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 19 Oct 2015 09:50:42 -0000
- Subject: GNU C Library master sources branch release/2.19/master updated. glibc-2.19-43-g012adb3
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, release/2.19/master has been updated
via 012adb33827608d3b78e3832a1948b468b549946 (commit)
via fc843f6e48737d3d6690c5cf355d9719274efee1 (commit)
from 3fd498242948b1fa944c56646ec9b156387dd310 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=012adb33827608d3b78e3832a1948b468b549946
commit 012adb33827608d3b78e3832a1948b468b549946
Author: Paul Pluzhnikov <ppluzhnikov@google.com>
Date: Sun Feb 22 12:01:47 2015 -0800
Fix BZ #17269 -- _IO_wstr_overflow integer overflow
(cherry picked from commit bdf1ff052a8e23d637f2c838fa5642d78fcedc33)
Conflicts:
ChangeLog
NEWS
diff --git a/ChangeLog b/ChangeLog
index a4f4e0d..8d621b2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2015-02-22 Paul Pluzhnikov <ppluzhnikov@google.com>
+
+ [BZ #17269]
+ * libio/wstrops.c (_IO_wstr_overflow): Guard against integer overflow
+ (enlarge_userbuf): Likewise.
+
2015-02-26 Andreas Schwab <schwab@suse.de>
[BZ #18032]
diff --git a/NEWS b/NEWS
index c017fa3..9e7316b 100644
--- a/NEWS
+++ b/NEWS
@@ -11,7 +11,7 @@ Version 2.19.1
15946, 16545, 16574, 16623, 16657, 16695, 16743, 16878, 16882, 16885,
16916, 16932, 16943, 16958, 17048, 17069, 17079, 17137, 17153, 17213,
- 17263, 17325, 17555, 18032, 18287.
+ 17263, 17269, 17325, 17555, 18032, 18287.
* A buffer overflow in gethostbyname_r and related functions performing DNS
requests has been fixed. If the NSS functions were called with a
diff --git a/libio/wstrops.c b/libio/wstrops.c
index 399a377..9218d4a 100644
--- a/libio/wstrops.c
+++ b/libio/wstrops.c
@@ -95,8 +95,11 @@ _IO_wstr_overflow (fp, c)
wchar_t *old_buf = fp->_wide_data->_IO_buf_base;
size_t old_wblen = _IO_wblen (fp);
_IO_size_t new_size = 2 * old_wblen + 100;
- if (new_size < old_wblen)
+
+ if (__glibc_unlikely (new_size < old_wblen)
+ || __glibc_unlikely (new_size > SIZE_MAX / sizeof (wchar_t)))
return EOF;
+
new_buf
= (wchar_t *) (*((_IO_strfile *) fp)->_s._allocate_buffer) (new_size
* sizeof (wchar_t));
@@ -186,6 +189,9 @@ enlarge_userbuf (_IO_FILE *fp, _IO_off64_t offset, int reading)
return 1;
_IO_size_t newsize = offset + 100;
+ if (__glibc_unlikely (newsize > SIZE_MAX / sizeof (wchar_t)))
+ return 1;
+
wchar_t *oldbuf = wd->_IO_buf_base;
wchar_t *newbuf
= (wchar_t *) (*((_IO_strfile *) fp)->_s._allocate_buffer) (newsize
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fc843f6e48737d3d6690c5cf355d9719274efee1
commit fc843f6e48737d3d6690c5cf355d9719274efee1
Author: Andreas Schwab <schwab@suse.de>
Date: Thu Feb 26 14:55:24 2015 +0100
Fix read past end of pattern in fnmatch (bug 18032)
(cherry picked from commit 4a28f4d55a6cc33474c0792fe93b5942d81bf185)
Conflicts:
ChangeLog
NEWS
diff --git a/ChangeLog b/ChangeLog
index 815acf0..a4f4e0d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2015-02-26 Andreas Schwab <schwab@suse.de>
+
+ [BZ #18032]
+ * posix/fnmatch_loop.c (FCT): Remove extra increment when skipping
+ over collating symbol inside a bracket expression. Minor cleanup.
+
2014-06-23 Andreas Schwab <schwab@suse.de>
[BZ #17079]
diff --git a/NEWS b/NEWS
index ed33f47..c017fa3 100644
--- a/NEWS
+++ b/NEWS
@@ -11,7 +11,7 @@ Version 2.19.1
15946, 16545, 16574, 16623, 16657, 16695, 16743, 16878, 16882, 16885,
16916, 16932, 16943, 16958, 17048, 17069, 17079, 17137, 17153, 17213,
- 17263, 17325, 17555, 18287.
+ 17263, 17325, 17555, 18032, 18287.
* A buffer overflow in gethostbyname_r and related functions performing DNS
requests has been fixed. If the NSS functions were called with a
diff --git a/posix/fnmatch_loop.c b/posix/fnmatch_loop.c
index f79d051..f11d0f1 100644
--- a/posix/fnmatch_loop.c
+++ b/posix/fnmatch_loop.c
@@ -951,14 +951,13 @@ FCT (pattern, string, string_end, no_leading_period, flags, ends, alloca_used)
}
else if (c == L('[') && *p == L('.'))
{
- ++p;
while (1)
{
c = *++p;
- if (c == '\0')
+ if (c == L('\0'))
return FNM_NOMATCH;
- if (*p == L('.') && p[1] == L(']'))
+ if (c == L('.') && p[1] == L(']'))
break;
}
p += 2;
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 12 ++++++++++++
NEWS | 2 +-
libio/wstrops.c | 8 +++++++-
posix/fnmatch_loop.c | 5 ++---
4 files changed, 22 insertions(+), 5 deletions(-)
hooks/post-receive
--
GNU C Library master sources