Fix memory leak after fdopen seek failure (RHEL-66253)

Resolves: RHEL-66253
2024-11-07 14:24:10 +01:00 · 2024-11-07 14:24:10 +01:00 · 0ce6757412
commit 0ce6757412
parent c6a316c547
4 changed files with 295 additions and 1 deletions
--- a/glibc-RHEL-66253-1.patch
+++ b/glibc-RHEL-66253-1.patch
@ -0,0 +1,140 @@
+commit ddf71c550a5940deca74cc676f1cae134a891717
+Author: H.J. Lu <hjl.tools@gmail.com>
+Date:   Tue Apr 30 09:21:16 2024 -0700
+
+    libio: Sort test variables in Makefile
+    
+    Sort test variables in libio/Makefile using scripts/sort-makefile-lines.py.
+    Reviewed-by: Sunil K Pandey <skpgkp2@gmail.com>
+
+Conflicts:
+	libio/Makefile
+	  (missing tst-bz28828 downstream)
+
+diff --git a/libio/Makefile b/libio/Makefile
+index 10c2ed140a855877..31e27b022c73669a 100644
+--- a/libio/Makefile
+++ b/libio/Makefile
+@@ -51,22 +51,75 @@ routines	:=							      \
+ 									      \
+ 	libc_fatal fmemopen oldfmemopen vtables
+ 
+-tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc tst_putwc   \
+-	tst_wprintf2 tst-widetext test-fmemopen tst-ext tst-ext2 \
+-	tst-fgetws tst-ungetwc1 tst-ungetwc2 tst-swscanf tst-sscanf	      \
+-	tst-mmap-setvbuf bug-ungetwc1 bug-ungetwc2 tst-atime tst-eof          \
+-	tst-freopen bug-rewind bug-rewind2 bug-ungetc bug-fseek \
+-	tst-mmap-eofsync tst-mmap-fflushsync bug-mmap-fflush \
+-	tst-mmap2-eofsync tst-mmap-offend bug-fopena+ bug-wfflush \
+-	bug-ungetc2 bug-ftell bug-ungetc3 bug-ungetc4 tst-fopenloc2 \
+-	tst-memstream1 tst-memstream2 tst-memstream3 tst-memstream4 \
+-	tst-wmemstream1 tst-wmemstream2 tst-wmemstream3 tst-wmemstream4 \
+-	tst-wmemstream5 bug-memstream1 bug-wmemstream1 \
+-	tst-setvbuf1 tst-popen1 tst-fgetwc bug-wsetpos tst-fseek \
+-	tst-fwrite-error tst-ftell-partial-wide tst-ftell-active-handler \
+-	tst-ftell-append tst-fputws tst-bz22415 tst-fgetc-after-eof \
+-	tst-sprintf-ub tst-sprintf-chk-ub tst-bz24051 tst-bz24153 \
+-	tst-wfile-sync tst-getdelim
+tests = \
+  bug-fopena+ \
+  bug-fseek \
+  bug-ftell \
+  bug-memstream1 \
+  bug-mmap-fflush \
+  bug-rewind \
+  bug-rewind2 \
+  bug-ungetc \
+  bug-ungetc2 \
+  bug-ungetc3 \
+  bug-ungetc4 \
+  bug-ungetwc1 \
+  bug-ungetwc2 \
+  bug-wfflush \
+  bug-wmemstream1 \
+  bug-wsetpos \
+  test-fmemopen \
+  tst-atime \
+  tst-bz22415 \
+  tst-bz24051 \
+  tst-bz24153 \
+  tst-eof \
+  tst-ext \
+  tst-ext2 \
+  tst-fgetc-after-eof \
+  tst-fgetwc \
+  tst-fgetws \
+  tst-fopenloc2 \
+  tst-fputws \
+  tst-freopen \
+  tst-fseek \
+  tst-ftell-active-handler \
+  tst-ftell-append \
+  tst-ftell-partial-wide \
+  tst-fwrite-error \
+  tst-getdelim \
+  tst-memstream1 \
+  tst-memstream2 \
+  tst-memstream3 \
+  tst-memstream4 \
+  tst-mmap-eofsync \
+  tst-mmap-fflushsync \
+  tst-mmap-offend \
+  tst-mmap-setvbuf \
+  tst-mmap2-eofsync \
+  tst-popen1 \
+  tst-setvbuf1 \
+  tst-sprintf-chk-ub \
+  tst-sprintf-ub \
+  tst-sscanf \
+  tst-swscanf \
+  tst-ungetwc1 \
+  tst-ungetwc2 \
+  tst-wfile-sync \
+  tst-widetext \
+  tst-wmemstream1 \
+  tst-wmemstream2 \
+  tst-wmemstream3 \
+  tst-wmemstream4 \
+  tst-wmemstream5 \
+  tst_getwc \
+  tst_putwc \
+  tst_swprintf \
+  tst_swscanf \
+  tst_wprintf \
+  tst_wprintf2 \
+  tst_wscanf \
+  # tests
+ 
+ tests-internal = tst-vtables tst-vtables-interposed
+ 
+@@ -200,16 +253,26 @@ tests-special += $(objpfx)tst-fopenloc-cmp.out $(objpfx)tst-fopenloc-mem.out \
+ 		 $(objpfx)tst-bz24228-mem.out
+ endif
+ 
+-tests += tst-cleanup-default tst-cleanup-default-static
+tests += \
+  tst-cleanup-default \
+  tst-cleanup-default-static \
+  # tests
+ tests-static += tst-cleanup-default-static
+ tests-special += $(objpfx)tst-cleanup-default-cmp.out $(objpfx)tst-cleanup-default-static-cmp.out
+ LDFLAGS-tst-cleanup-default = -Wl,--gc-sections
+ LDFLAGS-tst-cleanup-default-static = -Wl,--gc-sections
+ 
+ ifeq ($(have-gnu-retain)$(have-z-start-stop-gc),yesyes)
+-tests += tst-cleanup-start-stop-gc tst-cleanup-start-stop-gc-static \
+-		tst-cleanup-nostart-stop-gc tst-cleanup-nostart-stop-gc-static
+-tests-static += tst-cleanup-start-stop-gc-static tst-cleanup-nostart-stop-gc-static
+tests += \
+  tst-cleanup-nostart-stop-gc \
+  tst-cleanup-nostart-stop-gc-static \
+  tst-cleanup-start-stop-gc \
+  tst-cleanup-start-stop-gc-static \
+  # tests
+tests-static += \
+  tst-cleanup-nostart-stop-gc-static \
+  tst-cleanup-start-stop-gc-static \
+  # tests-static
+ tests-special += $(objpfx)tst-cleanup-start-stop-gc-cmp.out \
+ 		$(objpfx)tst-cleanup-start-stop-gc-static-cmp.out \
+ 		$(objpfx)tst-cleanup-nostart-stop-gc-cmp.out \
--- a/glibc-RHEL-66253-2.patch
+++ b/glibc-RHEL-66253-2.patch
@ -0,0 +1,28 @@
+commit b2c3ee3724900975deaf5eae57640bb0c2d7315e
+Author: Andreas Schwab <schwab@suse.de>
+Date:   Tue Jun 4 11:01:11 2024 +0200
+
+    Remove memory leak in fdopen (bug 31840)
+    
+    Deallocate the memory for the FILE structure when seeking to the end fails
+    in append mode.
+    
+    Fixes: ea33158c96 ("Fix offset caching for streams and use it for ftell (BZ #16680)")
+
+diff --git a/libio/iofdopen.c b/libio/iofdopen.c
+index 498791b2872f4b93..e3596fa4c91644b7 100644
+--- a/libio/iofdopen.c
+++ b/libio/iofdopen.c
+@@ -156,7 +156,11 @@ _IO_new_fdopen (int fd, const char *mode)
+     {
+       off64_t new_pos = _IO_SYSSEEK (&new_f->fp.file, 0, _IO_seek_end);
+       if (new_pos == _IO_pos_BAD && errno != ESPIPE)
+-	return NULL;
+	{
+	  _IO_un_link (&new_f->fp);
+	  free (new_f);
+	  return NULL;
+	}
+     }
+   return &new_f->fp.file;
+ }
--- a/glibc-RHEL-66253-3.patch
+++ b/glibc-RHEL-66253-3.patch
@ -0,0 +1,120 @@
+commit d0106b6ae26c8cc046269358a77188105c99d5e3
+Author: Florian Weimer <fweimer@redhat.com>
+Date:   Tue Jun 4 14:37:35 2024 +0200
+
+    libio: Test for fdopen memory leak without SEEK_END support (bug 31840)
+    
+    The bug report used /dev/mem, but /proc/self/mem works as well
+    (if available).
+
+diff --git a/libio/Makefile b/libio/Makefile
+index 31e27b022c73669a..418102c4c0d8c25a 100644
+--- a/libio/Makefile
+++ b/libio/Makefile
+@@ -76,6 +76,7 @@ tests = \
+   tst-eof \
+   tst-ext \
+   tst-ext2 \
+  tst-fdopen-seek-failure \
+   tst-fgetc-after-eof \
+   tst-fgetwc \
+   tst-fgetws \
+@@ -220,6 +221,9 @@ tst_wprintf2-ARGS = "Some Text"
+ 
+ test-fmemopen-ENV = MALLOC_TRACE=$(objpfx)test-fmemopen.mtrace \
+ 		    LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so
+tst-fdopen-seek-failure-ENV = \
+  MALLOC_TRACE=$(objpfx)tst-fdopen-seek-failure.mtrace \
+  LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so
+ tst-fopenloc-ENV = MALLOC_TRACE=$(objpfx)tst-fopenloc.mtrace \
+ 		   LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so
+ tst-bz22415-ENV = MALLOC_TRACE=$(objpfx)tst-bz22415.mtrace \
+@@ -228,6 +232,7 @@ tst-bz24228-ENV = MALLOC_TRACE=$(objpfx)tst-bz24228.mtrace \
+ 		  LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so
+ 
+ generated += test-fmemopen.mtrace test-fmemopen.check
+generated += tst-fdopen-seek-failure.mtrace tst-fdopen-seek-failure.check
+ generated += tst-fopenloc.mtrace tst-fopenloc.check
+ generated += tst-bz22415.mtrace tst-bz22415.check
+ 
+@@ -244,8 +249,12 @@ shared-only-routines = oldiofopen oldiofdopen oldiofclose oldfileops	\
+ 		       oldiofsetpos64
+ 
+ ifeq ($(run-built-tests),yes)
+-tests-special += $(objpfx)test-freopen.out $(objpfx)test-fmemopen-mem.out \
+-		 $(objpfx)tst-bz22415-mem.out
+tests-special += \
+  $(objpfx)test-fmemopen-mem.out \
+  $(objpfx)test-freopen.out \
+  $(objpfx)tst-bz22415-mem.out \
+  $(objpfx)tst-fdopen-seek-failure-mem.out \
+  # tests-special
+ ifeq (yes,$(build-shared))
+ # Run tst-fopenloc-cmp.out and tst-openloc-mem.out only if shared
+ # library is enabled since they depend on tst-fopenloc.out.
+@@ -333,6 +342,11 @@ $(objpfx)test-fmemopen-mem.out: $(objpfx)test-fmemopen.out
+ 	$(common-objpfx)malloc/mtrace $(objpfx)test-fmemopen.mtrace > $@; \
+ 	$(evaluate-test)
+ 
+$(objpfx)tst-fdopen-seek-failure-mem.out: $(objpfx)tst-fdopen-seek-failure.out
+	$(common-objpfx)malloc/mtrace \
+	  $(objpfx)tst-fdopen-seek-failure.mtrace > $@; \
+	$(evaluate-test)
+
+ $(objpfx)tst-fopenloc-mem.out: $(objpfx)tst-fopenloc.out
+ 	$(common-objpfx)malloc/mtrace $(objpfx)tst-fopenloc.mtrace > $@; \
+ 	$(evaluate-test)
+diff --git a/libio/tst-fdopen-seek-failure.c b/libio/tst-fdopen-seek-failure.c
+new file mode 100644
+index 0000000000000000..5c4d40ab34158571
+--- /dev/null
+++ b/libio/tst-fdopen-seek-failure.c
+@@ -0,0 +1,48 @@
+/* Test for fdopen memory leak without SEEK_END support (bug 31840).
+   Copyright (C) 2024 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+
+#include <errno.h>
+#include <fcntl.h>
+#include <mcheck.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <support/check.h>
+#include <support/xunistd.h>
+#include <unistd.h>
+
+static int
+do_test (void)
+{
+  mtrace ();
+
+  /* This file is special because it is seekable, but only
+     with SEEK_SET, not SEEK_END.  */
+  int fd = open ("/proc/self/mem", O_RDWR);
+  if (fd < 0)
+    FAIL_UNSUPPORTED ("/proc/self/mem not found: %m");
+  FILE *fp = fdopen (fd, "a");
+  /* The fdopen call should have failed because it tried to use
+     SEEK_END.  */
+  TEST_VERIFY (fp == NULL);
+  TEST_COMPARE (errno, EINVAL);
+  xclose (fd);
+  return 0;
+}
+
+#include <support/test-driver.c>
--- a/glibc.spec
+++ b/glibc.spec
@ -157,7 +157,7 @@ end \
 Summary: The GNU libc libraries
 Name: glibc
 Version: %{glibcversion}
-Release: 136%{?dist}
+Release: 137%{?dist}

 # In general, GPLv2+ is used by programs, LGPLv2+ is used for
 # libraries.
@ -910,6 +910,9 @@ Patch671: glibc-RHEL-50662-4.patch
 Patch672: glibc-RHEL-50662-5.patch
 Patch673: glibc-RHEL-50662-6.patch
 Patch674: glibc-RHEL-46724.patch
+Patch675: glibc-RHEL-66253-1.patch
+Patch676: glibc-RHEL-66253-2.patch
+Patch677: glibc-RHEL-66253-3.patch

 ##############################################################################
 # Continued list of core "glibc" package information:
@ -3069,6 +3072,9 @@ update_gconv_modules_cache ()
 %endif

 %changelog
+* Thu Nov  7 2024 Florian Weimer <fweimer@redhat.com> - 2.34-137
+- Fix memory leak after fdopen seek failure (RHEL-66253)
+
 * Thu Nov  7 2024 Florian Weimer <fweimer@redhat.com> - 2.34-136
 - Document rules for mixing stdio streams and file descriptors (RHEL-46724)