[ping][PATCH][BZ #13862] Reuse of cached stack can cause bounds overrun of thread DTV
Andreas Schwab
schwab@suse.de
Tue Nov 26 19:20:00 GMT 2013
MyungJoo Ham <myungjoo.ham@samsung.com> writes:
> @@ -387,6 +385,52 @@ _dl_allocate_tls_init (void *result)
> TLS. For those which are dynamically loaded we add the values
> indicating deferred allocation. */
> listp = GL(dl_tls_dtv_slotinfo_list);
> +
> + /* check if current dtv is big enough */
> + if (dtv[-1].counter < GL(dl_tls_max_dtv_idx))
> + {
> + dtv_t *newp;
> + size_t newsize = GL(dl_tls_max_dtv_idx) + DTV_SURPLUS;
> + size_t oldsize = dtv[-1].counter;
> +
> + if (
> +#ifdef SHARED
> + dtv == GL(dl_initial_dtv)
> +#else
> + 0
> +#endif
> + )
> + {
> + /* This is the initial dtv that was allocated
> + during rtld startup using the dl-minimal.c
> + malloc instead of the real malloc. We can't
> + free it, we have to abandon the old storage. */
> + newp = malloc ((2 + newsize) * sizeof (dtv_t));
> + if (newp == NULL)
> + oom ();
> + memcpy (newp, &dtv[-1], (2 + oldsize) * sizeof (dtv_t));
> + }
> + else
Please put the preprocessor condition around the whole first arm of the
condition statement.
Andreas.
--
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."
More information about the Libc-alpha
mailing list