[PATCH 1/1] nss: return early in DB reload-and-get if newfstatat fails (BZ #28752)
Sam James
sam@gentoo.org
Tue Mar 15 22:02:09 GMT 2022
> On 15 Mar 2022, at 21:48, Carlos O'Donell via Libc-alpha <libc-alpha@sourceware.org> wrote:
>
> On 3/14/22 12:54, Sam James via Libc-alpha wrote:
>> In some circumstances, the __stat64_time64() call in
>> nss_database_check_reload_and_get() might fail (via e.g. newfstatat
>> being filtered by seccomp in parent).
>>
>> We have to check its return value to avoid an out of bounds access later
>> on if the call failed.
>>
>> This manifests as Firefox crashing at runtime when e.g. glib is
>> compiled with FAM support, which ends up taking this NSS path.
>
> Fails CI/CD for i686:
> https://patchwork.sourceware.org/project/glibc/patch/20220314165414.3110670-2-sam@gentoo.org/
>
> Please review. If you need help please reach out.
>
Hi Carlos,
Thanks a lot!
I think v2 should be okay.
Best,
sam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 618 bytes
Desc: Message signed with OpenPGP
URL: <https://sourceware.org/pipermail/libc-alpha/attachments/20220315/9e57038d/attachment.sig>
More information about the Libc-alpha
mailing list