This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch, master, updated. glibc-2.10-347-gf8d7c1e
- From: drepper at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 29 Sep 2009 13:13:21 -0000
- Subject: GNU C Library master sources branch, master, updated. glibc-2.10-347-gf8d7c1e
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via f8d7c1eaddec2ab245dd4920107e273114a9b0e8 (commit)
via 199eb0de8d673fb23aa127721054b4f1803d61f3 (commit)
from ff2835318177dd4600d3aa03626f4b5748e3fbeb (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f8d7c1eaddec2ab245dd4920107e273114a9b0e8
commit f8d7c1eaddec2ab245dd4920107e273114a9b0e8
Merge: 199eb0d ff28353
Author: Ulrich Drepper <drepper@redhat.com>
Date: Tue Sep 29 06:13:11 2009 -0700
Merge branch 'master' of ssh://sources.redhat.com/git/glibc
Conflicts:
ChangeLog
diff --cc ChangeLog
index 6876b83,0e0fa20..be2f01a
--- a/ChangeLog
+++ b/ChangeLog
@@@ -1,8 -1,9 +1,14 @@@
+2009-09-28 Andreas Schwab <schwab@redhat.com>
+
+ * stdio-common/printf_fp.c: Check for and avoid integer overflows.
+ * stdio-common/vfprintf.c: Likewise.
+
+ 2009-09-27 Samuel Thibault <samuel.thibault@ens-lyon.org>
+
+ * sysdeps/mach/hurd/mkdirat.c: Include <hurd/fd.h>.
- (mkdirat): Call __directory_name_split_at instead of
- __directory_name_split.
++ (mkdirat): Call __directory_name_split_at instead of
++ __directory_name_split.
+
2009-09-28 Ulrich Drepper <drepper@redhat.com>
* locale/programs/locale-spec.c (locale_special): If nothing matches
http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=199eb0de8d673fb23aa127721054b4f1803d61f3
commit 199eb0de8d673fb23aa127721054b4f1803d61f3
Author: Andreas Schwab <schwab@redhat.com>
Date: Tue Sep 29 06:11:59 2009 -0700
Check for integer overflows in formatting functions
diff --git a/ChangeLog b/ChangeLog
index 25c528e..6876b83 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2009-09-28 Andreas Schwab <schwab@redhat.com>
+
+ * stdio-common/printf_fp.c: Check for and avoid integer overflows.
+ * stdio-common/vfprintf.c: Likewise.
+
2009-09-28 Ulrich Drepper <drepper@redhat.com>
* locale/programs/locale-spec.c (locale_special): If nothing matches
diff --git a/stdio-common/printf_fp.c b/stdio-common/printf_fp.c
index cd3ada6..b60ddec 100644
--- a/stdio-common/printf_fp.c
+++ b/stdio-common/printf_fp.c
@@ -891,8 +891,15 @@ ___printf_fp (FILE *fp,
it is possible that we need two more characters in front of all the
other output. If the amount of memory we have to allocate is too
large use `malloc' instead of `alloca'. */
- size_t wbuffer_to_alloc = (2 + (size_t) chars_needed) * sizeof (wchar_t);
- buffer_malloced = ! __libc_use_alloca (chars_needed * 2 * sizeof (wchar_t));
+ if (__builtin_expect (chars_needed >= (size_t) -1 / sizeof (wchar_t) - 2
+ || chars_needed < fracdig_max, 0))
+ {
+ /* Some overflow occurred. */
+ __set_errno (ERANGE);
+ return -1;
+ }
+ size_t wbuffer_to_alloc = (2 + chars_needed) * sizeof (wchar_t);
+ buffer_malloced = ! __libc_use_alloca (wbuffer_to_alloc);
if (__builtin_expect (buffer_malloced, 0))
{
wbuffer = (wchar_t *) malloc (wbuffer_to_alloc);
diff --git a/stdio-common/vfprintf.c b/stdio-common/vfprintf.c
index 38ba8ff..6e0e85c 100644
--- a/stdio-common/vfprintf.c
+++ b/stdio-common/vfprintf.c
@@ -1439,23 +1439,29 @@ vfprintf (FILE *s, const CHAR_T *format, va_list ap)
left = 1;
}
- if (width + 32 >= (int) (sizeof (work_buffer)
- / sizeof (work_buffer[0])))
+ if (__builtin_expect (width >= (size_t) -1 / sizeof (CHAR_T) - 32, 0))
+ {
+ __set_errno (ERANGE);
+ done = -1;
+ goto all_done;
+ }
+
+ if (width >= sizeof (work_buffer) / sizeof (work_buffer[0]) - 32)
{
/* We have to use a special buffer. The "32" is just a safe
bet for all the output which is not counted in the width. */
- if (__libc_use_alloca ((width + 32) * sizeof (CHAR_T)))
- workend = ((CHAR_T *) alloca ((width + 32) * sizeof (CHAR_T))
- + (width + 32));
+ size_t needed = ((size_t) width + 32) * sizeof (CHAR_T);
+ if (__libc_use_alloca (needed))
+ workend = (CHAR_T *) alloca (needed) + width + 32;
else
{
- workstart = (CHAR_T *) malloc ((width + 32) * sizeof (CHAR_T));
+ workstart = (CHAR_T *) malloc (needed);
if (workstart == NULL)
{
done = -1;
goto all_done;
}
- workend = workstart + (width + 32);
+ workend = workstart + width + 32;
}
}
}
@@ -1465,22 +1471,29 @@ vfprintf (FILE *s, const CHAR_T *format, va_list ap)
LABEL (width):
width = read_int (&f);
- if (width + 32 >= (int) (sizeof (work_buffer) / sizeof (work_buffer[0])))
+ if (__builtin_expect (width >= (size_t) -1 / sizeof (CHAR_T) - 32, 0))
+ {
+ __set_errno (ERANGE);
+ done = -1;
+ goto all_done;
+ }
+
+ if (width >= sizeof (work_buffer) / sizeof (work_buffer[0]) - 32)
{
/* We have to use a special buffer. The "32" is just a safe
bet for all the output which is not counted in the width. */
- if (__libc_use_alloca ((width + 32) * sizeof (CHAR_T)))
- workend = ((CHAR_T *) alloca ((width + 32) * sizeof (CHAR_T))
- + (width + 32));
+ size_t needed = ((size_t) width + 32) * sizeof (CHAR_T);
+ if (__libc_use_alloca (needed))
+ workend = (CHAR_T *) alloca (needed) + width + 32;
else
{
- workstart = (CHAR_T *) malloc ((width + 32) * sizeof (CHAR_T));
+ workstart = (CHAR_T *) malloc (needed);
if (workstart == NULL)
{
done = -1;
goto all_done;
}
- workend = workstart + (width + 32);
+ workend = workstart + width + 32;
}
}
if (*f == L_('$'))
@@ -1510,18 +1523,18 @@ vfprintf (FILE *s, const CHAR_T *format, va_list ap)
else
prec = 0;
if (prec > width
- && prec + 32 > (int)(sizeof (work_buffer) / sizeof (work_buffer[0])))
+ && prec > sizeof (work_buffer) / sizeof (work_buffer[0]) - 32)
{
- if (__builtin_expect (prec > ~((size_t) 0) / sizeof (CHAR_T) - 31,
- 0))
+ if (__builtin_expect (prec >= (size_t) -1 / sizeof (CHAR_T) - 32, 0))
{
+ __set_errno (ERANGE);
done = -1;
goto all_done;
}
size_t needed = ((size_t) prec + 32) * sizeof (CHAR_T);
if (__libc_use_alloca (needed))
- workend = (((CHAR_T *) alloca (needed)) + ((size_t) prec + 32));
+ workend = (CHAR_T *) alloca (needed) + prec + 32;
else
{
workstart = (CHAR_T *) malloc (needed);
@@ -1530,7 +1543,7 @@ vfprintf (FILE *s, const CHAR_T *format, va_list ap)
done = -1;
goto all_done;
}
- workend = workstart + ((size_t) prec + 32);
+ workend = workstart + prec + 32;
}
}
JUMP (*f, step2_jumps);
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 9 ++++++-
stdio-common/printf_fp.c | 11 ++++++++-
stdio-common/vfprintf.c | 49 +++++++++++++++++++++++++++++----------------
3 files changed, 47 insertions(+), 22 deletions(-)
hooks/post-receive
--
GNU C Library master sources