This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.
Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]
GNU C Library master sources branch master updated. glibc-2.26-202-g1cf1232

From: fw at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 29 Aug 2017 13:56:37 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.26-202-g1cf1232
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  1cf1232cd4721dc155a5cf7d571e5b1dae506430 (commit)
      from  f11f2f6e145d6fc6b52f6b0733599f8b96595733 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1cf1232cd4721dc155a5cf7d571e5b1dae506430

commit 1cf1232cd4721dc155a5cf7d571e5b1dae506430
Author: Patsy Franklin <pfrankli@redhat.com>
Date:   Tue Aug 29 15:53:28 2017 +0200

    gconv: Consistently mangle NULL function pointers [BZ #22025]
    
    Not mangling NULL pointers is not safe because with very low
    probability, a non-NULL function pointer can turn into a NULL pointer
    after mangling.

diff --git a/ChangeLog b/ChangeLog
index 8a58926..59646ac 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,23 @@
+2017-08-29  Patsy Franklin  <pfrankli@redhat.com>
+	    Jeff Law  <law@redhat.com>
+
+	[BZ #22025]
+	Mangle NULL pointers in iconv/gconv.
+	* iconv/gconv_cache.c (find_module): Demangle init_fct before
+	checking for NULL. Mangle __btowc_fct if init_fct is non-NULL.
+	* iconv/gconv_db.c (free_derivation): Check that __shlib_handle
+	is non-NULL before demangling the end_fct.  Check for NULL
+	end_fct after demangling.
+	(__gconv_release_step): Demangle the end_fct before checking
+	it for NULL.   Remove assert on __shlibc_handle != NULL.
+	(gen_steps): Don't check btowc_fct for NULL before mangling.
+	Demangle init_fct before checking for NULL.
+	(increment_counter): Likewise.
+	* gconv_dl.c (__gconv_find_shlib): Don't check init_fct or
+	end_fct for NULL before mangling.
+	* wcsmbs/btowc.c (__btowc): Demangle btowc_fct before checking
+	for NULL.
+
 2017-08-29  Akhilesh Kumar <akhilesh.k@samsung.com>
 
 	[BZ #21971]
diff --git a/iconv/gconv_cache.c b/iconv/gconv_cache.c
index d6a47de..7d2751a 100644
--- a/iconv/gconv_cache.c
+++ b/iconv/gconv_cache.c
@@ -207,17 +207,16 @@ find_module (const char *directory, const char *filename,
       result->__data = NULL;
 
       /* Call the init function.  */
-      if (result->__init_fct != NULL)
-	{
-	  __gconv_init_fct init_fct = result->__init_fct;
+      __gconv_init_fct init_fct = result->__init_fct;
 #ifdef PTR_DEMANGLE
-	  PTR_DEMANGLE (init_fct);
+      PTR_DEMANGLE (init_fct);
 #endif
+      if (init_fct != NULL)
+	{
 	  status = DL_CALL_FCT (init_fct, (result));
 
 #ifdef PTR_MANGLE
-	  if (result->__btowc_fct != NULL)
-	    PTR_MANGLE (result->__btowc_fct);
+	  PTR_MANGLE (result->__btowc_fct);
 #endif
 	}
     }
diff --git a/iconv/gconv_db.c b/iconv/gconv_db.c
index 7893fad..b748467 100644
--- a/iconv/gconv_db.c
+++ b/iconv/gconv_db.c
@@ -179,16 +179,15 @@ free_derivation (void *p)
   size_t cnt;
 
   for (cnt = 0; cnt < deriv->nsteps; ++cnt)
-    if (deriv->steps[cnt].__counter > 0
-	&& deriv->steps[cnt].__end_fct != NULL)
+    if ((deriv->steps[cnt].__counter > 0)
+	&& (deriv->steps[cnt].__shlib_handle != NULL))
       {
-	assert (deriv->steps[cnt].__shlib_handle != NULL);
-
 	__gconv_end_fct end_fct = deriv->steps[cnt].__end_fct;
 #ifdef PTR_DEMANGLE
 	PTR_DEMANGLE (end_fct);
 #endif
-	DL_CALL_FCT (end_fct, (&deriv->steps[cnt]));
+	if (end_fct != NULL)
+	  DL_CALL_FCT (end_fct, (&deriv->steps[cnt]));
       }
 
   /* Free the name strings.  */
@@ -212,16 +211,12 @@ __gconv_release_step (struct __gconv_step *step)
   if (step->__shlib_handle != NULL && --step->__counter == 0)
     {
       /* Call the destructor.  */
-      if (step->__end_fct != NULL)
-	{
-	  assert (step->__shlib_handle != NULL);
-
-	  __gconv_end_fct end_fct = step->__end_fct;
+	__gconv_end_fct end_fct = step->__end_fct;
 #ifdef PTR_DEMANGLE
-	  PTR_DEMANGLE (end_fct);
+	PTR_DEMANGLE (end_fct);
 #endif
-	  DL_CALL_FCT (end_fct, (step));
-	}
+      if (end_fct != NULL)
+	DL_CALL_FCT (end_fct, (step));
 
 #ifndef STATIC_GCONV
       /* Release the loaded module.  */
@@ -313,13 +308,11 @@ gen_steps (struct derivation_step *best, const char *toset,
 
 	      /* Call the init function.  */
 	      __gconv_init_fct init_fct = result[step_cnt].__init_fct;
-	      if (init_fct != NULL)
-		{
-		  assert (result[step_cnt].__shlib_handle != NULL);
-
 # ifdef PTR_DEMANGLE
-		  PTR_DEMANGLE (init_fct);
+	      PTR_DEMANGLE (init_fct);
 # endif
+	      if (init_fct != NULL)
+		{
 		  status = DL_CALL_FCT (init_fct, (&result[step_cnt]));
 
 		  if (__builtin_expect (status, __GCONV_OK) != __GCONV_OK)
@@ -332,8 +325,7 @@ gen_steps (struct derivation_step *best, const char *toset,
 		    }
 
 # ifdef PTR_MANGLE
-		  if (result[step_cnt].__btowc_fct != NULL)
-		    PTR_MANGLE (result[step_cnt].__btowc_fct);
+		  PTR_MANGLE (result[step_cnt].__btowc_fct);
 # endif
 		}
 	    }
@@ -415,16 +407,15 @@ increment_counter (struct __gconv_step *steps, size_t nsteps)
 
 	  /* Call the init function.  */
 	  __gconv_init_fct init_fct = step->__init_fct;
-	  if (init_fct != NULL)
-	    {
 #ifdef PTR_DEMANGLE
-	      PTR_DEMANGLE (init_fct);
+	  PTR_DEMANGLE (init_fct);
 #endif
+	  if (init_fct != NULL)
+	    {
 	      DL_CALL_FCT (init_fct, (step));
 
 #ifdef PTR_MANGLE
-	      if (step->__btowc_fct != NULL)
-		PTR_MANGLE (step->__btowc_fct);
+	      PTR_MANGLE (step->__btowc_fct);
 #endif
 	    }
 	}
diff --git a/iconv/gconv_dl.c b/iconv/gconv_dl.c
index 2418362..d7dbba9 100644
--- a/iconv/gconv_dl.c
+++ b/iconv/gconv_dl.c
@@ -131,10 +131,8 @@ __gconv_find_shlib (const char *name)
 
 #ifdef PTR_MANGLE
 		  PTR_MANGLE (found->fct);
-		  if (found->init_fct != NULL)
-		    PTR_MANGLE (found->init_fct);
-		  if (found->end_fct !=  NULL)
-		    PTR_MANGLE (found->end_fct);
+		  PTR_MANGLE (found->init_fct);
+		  PTR_MANGLE (found->end_fct);
 #endif
 
 		  /* We have succeeded in loading the shared object.  */
diff --git a/wcsmbs/btowc.c b/wcsmbs/btowc.c
index 22464dc..97fb717 100644
--- a/wcsmbs/btowc.c
+++ b/wcsmbs/btowc.c
@@ -46,15 +46,15 @@ __btowc (int c)
   /* Get the conversion functions.  */
   fcts = get_gconv_fcts (_NL_CURRENT_DATA (LC_CTYPE));
   __gconv_btowc_fct btowc_fct = fcts->towc->__btowc_fct;
+#ifdef PTR_DEMANGLE
+  if (fcts->towc->__shlib_handle != NULL)
+    PTR_DEMANGLE (btowc_fct);
+#endif
 
   if (__builtin_expect (fcts->towc_nsteps == 1, 1)
       && __builtin_expect (btowc_fct != NULL, 1))
     {
       /* Use the shortcut function.  */
-#ifdef PTR_DEMANGLE
-      if (fcts->towc->__shlib_handle != NULL)
-	PTR_DEMANGLE (btowc_fct);
-#endif
       return DL_CALL_FCT (btowc_fct, (fcts->towc, (unsigned char) c));
     }
   else

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog           |   20 ++++++++++++++++++++
 iconv/gconv_cache.c |   11 +++++------
 iconv/gconv_db.c    |   41 ++++++++++++++++-------------------------
 iconv/gconv_dl.c    |    6 ++----
 wcsmbs/btowc.c      |    8 ++++----
 5 files changed, 47 insertions(+), 39 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources
Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]