This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch release/2.22/master updated. glibc-2.22-89-g0d68957
- From: fw at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 19 Aug 2016 13:24:31 -0000
- Subject: GNU C Library master sources branch release/2.22/master updated. glibc-2.22-89-g0d68957
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, release/2.22/master has been updated
via 0d6895748bf4531b5e516c47409d35d104f51642 (commit)
from 240ceafed7a00af8571d56db67a6b8854e418106 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0d6895748bf4531b5e516c47409d35d104f51642
commit 0d6895748bf4531b5e516c47409d35d104f51642
Author: Florian Weimer <fweimer@redhat.com>
Date: Sat Jun 11 12:07:14 2016 +0200
fopencookie: Mangle function pointers stored on the heap [BZ #20222]
(cherry picked from commit 983fd5c41ab7e5a5c33922259ca1ac99b3b413f8)
diff --git a/ChangeLog b/ChangeLog
index 84d847e..1694de5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2016-06-11 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #20222]
+ * libio/iofopncook.c (_IO_cookie_read): Demangle callback pointer.
+ (_IO_cookie_write): Likewise.
+ (_IO_cookie_seek): Likewise.
+ (_IO_cookie_close): Likewise.
+ (_IO_old_cookie_seek): Likewise.
+ (set_callbacks): New function.
+ (_IO_cookie_init): Call set_callbacks to copy callbacks.
+
2016-03-29 Florian Weimer <fweimer@redhat.com>
[BZ #19837]
diff --git a/libio/iofopncook.c b/libio/iofopncook.c
index b845d29..3aad3d3 100644
--- a/libio/iofopncook.c
+++ b/libio/iofopncook.c
@@ -46,11 +46,13 @@ _IO_cookie_read (fp, buf, size)
_IO_ssize_t size;
{
struct _IO_cookie_file *cfile = (struct _IO_cookie_file *) fp;
+ cookie_read_function_t *read_cb = cfile->__io_functions.read;
+ PTR_DEMANGLE (read_cb);
- if (cfile->__io_functions.read == NULL)
+ if (read_cb == NULL)
return -1;
- return cfile->__io_functions.read (cfile->__cookie, buf, size);
+ return read_cb (cfile->__cookie, buf, size);
}
static _IO_ssize_t
@@ -60,14 +62,16 @@ _IO_cookie_write (fp, buf, size)
_IO_ssize_t size;
{
struct _IO_cookie_file *cfile = (struct _IO_cookie_file *) fp;
+ cookie_write_function_t *write_cb = cfile->__io_functions.write;
+ PTR_DEMANGLE (write_cb);
- if (cfile->__io_functions.write == NULL)
+ if (write_cb == NULL)
{
fp->_flags |= _IO_ERR_SEEN;
return 0;
}
- _IO_ssize_t n = cfile->__io_functions.write (cfile->__cookie, buf, size);
+ _IO_ssize_t n = write_cb (cfile->__cookie, buf, size);
if (n < size)
fp->_flags |= _IO_ERR_SEEN;
@@ -81,9 +85,11 @@ _IO_cookie_seek (fp, offset, dir)
int dir;
{
struct _IO_cookie_file *cfile = (struct _IO_cookie_file *) fp;
+ cookie_seek_function_t *seek_cb = cfile->__io_functions.seek;
+ PTR_DEMANGLE (seek_cb);
- return ((cfile->__io_functions.seek == NULL
- || (cfile->__io_functions.seek (cfile->__cookie, &offset, dir)
+ return ((seek_cb == NULL
+ || (seek_cb (cfile->__cookie, &offset, dir)
== -1)
|| offset == (_IO_off64_t) -1)
? _IO_pos_BAD : offset);
@@ -94,11 +100,13 @@ _IO_cookie_close (fp)
_IO_FILE *fp;
{
struct _IO_cookie_file *cfile = (struct _IO_cookie_file *) fp;
+ cookie_close_function_t *close_cb = cfile->__io_functions.close;
+ PTR_DEMANGLE (close_cb);
- if (cfile->__io_functions.close == NULL)
+ if (close_cb == NULL)
return 0;
- return cfile->__io_functions.close (cfile->__cookie);
+ return close_cb (cfile->__cookie);
}
@@ -140,6 +148,19 @@ static const struct _IO_jump_t _IO_cookie_jumps = {
};
+/* Copy the callbacks from SOURCE to *TARGET, with pointer
+ mangling. */
+static void
+set_callbacks (_IO_cookie_io_functions_t *target,
+ _IO_cookie_io_functions_t source)
+{
+ PTR_MANGLE (source.read);
+ PTR_MANGLE (source.write);
+ PTR_MANGLE (source.seek);
+ PTR_MANGLE (source.close);
+ *target = source;
+}
+
void
_IO_cookie_init (struct _IO_cookie_file *cfile, int read_write,
void *cookie, _IO_cookie_io_functions_t io_functions)
@@ -148,7 +169,7 @@ _IO_cookie_init (struct _IO_cookie_file *cfile, int read_write,
_IO_JUMPS (&cfile->__fp) = &_IO_cookie_jumps;
cfile->__cookie = cookie;
- cfile->__io_functions = io_functions;
+ set_callbacks (&cfile->__io_functions, io_functions);
_IO_file_init (&cfile->__fp);
@@ -223,14 +244,14 @@ _IO_old_cookie_seek (fp, offset, dir)
int dir;
{
struct _IO_cookie_file *cfile = (struct _IO_cookie_file *) fp;
- int (*seek) (_IO_FILE *, _IO_off_t, int);
- int ret;
+ int (*seek_cb) (_IO_FILE *, _IO_off_t, int)
+ = (int (*) (_IO_FILE *, _IO_off_t, int)) cfile->__io_functions.seek;;
+ PTR_DEMANGLE (seek_cb);
- seek = (int (*)(_IO_FILE *, _IO_off_t, int)) cfile->__io_functions.seek;
- if (seek == NULL)
+ if (seek_cb == NULL)
return _IO_pos_BAD;
- ret = seek (cfile->__cookie, offset, dir);
+ int ret = seek_cb (cfile->__cookie, offset, dir);
return (ret == -1) ? _IO_pos_BAD : ret;
}
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 11 +++++++++++
libio/iofopncook.c | 49 +++++++++++++++++++++++++++++++++++--------------
2 files changed, 46 insertions(+), 14 deletions(-)
hooks/post-receive
--
GNU C Library master sources