forked from rpms/glibc
Import glibc-2.34-42.fc35 from f35
* Tue Sep 06 2022 Arjun Shankar <arjun@redhat.com> - 2.34-42 - Co-Authored-By: Benjamin Herrenschmidt <benh@amazon.com> - Retain .gnu_debuglink section in libc.so.6 (#2090744) - Remove redundant ld.so debuginfo file (#2090744) * Tue Aug 23 2022 Arjun Shankar <arjun@redhat.com> - 2.34-41 - Sync with upstream branch release/2.34/master, commit 68507377f249d165f1f35502d96e9365edb07d9a: - socket: Check lengths before advancing pointer in CMSG_NXTHDR - alpha: Fix generic brk system call emulation in __brk_call (bug 29490) - stdlib: Fixup mbstowcs NULL __dst handling. [BZ #29279] - stdlib: Remove attr_write from mbstows if dst is NULL [BZ: 29265] - Update syscall lists for Linux 5.19 - dlfcn: Pass caller pointer to static dlopen implementation (bug 29446) Resolves: #2115831 Resolves: #2116960
This commit is contained in:
parent
668eaab0c7
commit
c3e41ff9aa
24
glibc-upstream-2.34-303.patch
Normal file
24
glibc-upstream-2.34-303.patch
Normal file
@ -0,0 +1,24 @@
|
||||
commit 875b2414cd68df64aeead651a9b05ae9bc3d88ef
|
||||
Author: Florian Weimer <fweimer@redhat.com>
|
||||
Date: Thu Aug 4 17:54:48 2022 +0200
|
||||
|
||||
dlfcn: Pass caller pointer to static dlopen implementation (bug 29446)
|
||||
|
||||
Fixes commit 0c1c3a771eceec46e66ce1183cf988e2303bd373 ("dlfcn: Move
|
||||
dlopen into libc").
|
||||
|
||||
(cherry picked from commit ed0185e4129130cbe081c221efb758fb400623ce)
|
||||
|
||||
diff --git a/dlfcn/dlopen.c b/dlfcn/dlopen.c
|
||||
index 9c59c751c4eaf7a7..739d17baafe928cc 100644
|
||||
--- a/dlfcn/dlopen.c
|
||||
+++ b/dlfcn/dlopen.c
|
||||
@@ -90,7 +90,7 @@ compat_symbol (libdl, ___dlopen, dlopen, GLIBC_2_1);
|
||||
void *
|
||||
__dlopen (const char *file, int mode, void *dl_caller)
|
||||
{
|
||||
- return dlopen_implementation (file, mode, RETURN_ADDRESS (0));
|
||||
+ return dlopen_implementation (file, mode, dl_caller);
|
||||
}
|
||||
|
||||
void *
|
54
glibc-upstream-2.34-304.patch
Normal file
54
glibc-upstream-2.34-304.patch
Normal file
@ -0,0 +1,54 @@
|
||||
commit 4ab59ce4e5195f98b01748127248fed2b2b77b21
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Tue Aug 2 21:05:07 2022 +0000
|
||||
|
||||
Update syscall lists for Linux 5.19
|
||||
|
||||
Linux 5.19 has no new syscalls, but enables memfd_secret in the uapi
|
||||
headers for RISC-V. Update the version number in syscall-names.list
|
||||
to reflect that it is still current for 5.19 and regenerate the
|
||||
arch-syscall.h headers with build-many-glibcs.py update-syscalls.
|
||||
|
||||
Tested with build-many-glibcs.py.
|
||||
|
||||
(cherry picked from commit fccadcdf5bed7ee67a6cef4714e0b477d6c8472c)
|
||||
|
||||
diff --git a/sysdeps/unix/sysv/linux/riscv/rv32/arch-syscall.h b/sysdeps/unix/sysv/linux/riscv/rv32/arch-syscall.h
|
||||
index bf4be80f8d380963..202520ee254ec02f 100644
|
||||
--- a/sysdeps/unix/sysv/linux/riscv/rv32/arch-syscall.h
|
||||
+++ b/sysdeps/unix/sysv/linux/riscv/rv32/arch-syscall.h
|
||||
@@ -122,6 +122,7 @@
|
||||
#define __NR_mbind 235
|
||||
#define __NR_membarrier 283
|
||||
#define __NR_memfd_create 279
|
||||
+#define __NR_memfd_secret 447
|
||||
#define __NR_migrate_pages 238
|
||||
#define __NR_mincore 232
|
||||
#define __NR_mkdirat 34
|
||||
diff --git a/sysdeps/unix/sysv/linux/riscv/rv64/arch-syscall.h b/sysdeps/unix/sysv/linux/riscv/rv64/arch-syscall.h
|
||||
index d656aedcc2be6009..4e65f337d486de1f 100644
|
||||
--- a/sysdeps/unix/sysv/linux/riscv/rv64/arch-syscall.h
|
||||
+++ b/sysdeps/unix/sysv/linux/riscv/rv64/arch-syscall.h
|
||||
@@ -127,6 +127,7 @@
|
||||
#define __NR_mbind 235
|
||||
#define __NR_membarrier 283
|
||||
#define __NR_memfd_create 279
|
||||
+#define __NR_memfd_secret 447
|
||||
#define __NR_migrate_pages 238
|
||||
#define __NR_mincore 232
|
||||
#define __NR_mkdirat 34
|
||||
diff --git a/sysdeps/unix/sysv/linux/syscall-names.list b/sysdeps/unix/sysv/linux/syscall-names.list
|
||||
index 95370e2ec5dbc4a7..9b285d898db9ab9e 100644
|
||||
--- a/sysdeps/unix/sysv/linux/syscall-names.list
|
||||
+++ b/sysdeps/unix/sysv/linux/syscall-names.list
|
||||
@@ -21,8 +21,8 @@
|
||||
# This file can list all potential system calls. The names are only
|
||||
# used if the installed kernel headers also provide them.
|
||||
|
||||
-# The list of system calls is current as of Linux 5.18.
|
||||
-kernel 5.18
|
||||
+# The list of system calls is current as of Linux 5.19.
|
||||
+kernel 5.19
|
||||
|
||||
FAST_atomic_update
|
||||
FAST_cmpxchg
|
85
glibc-upstream-2.34-305.patch
Normal file
85
glibc-upstream-2.34-305.patch
Normal file
@ -0,0 +1,85 @@
|
||||
commit a88f07f71f051021339682328103a8c75559fc5f
|
||||
Author: Noah Goldstein <goldstein.w.n@gmail.com>
|
||||
Date: Wed Jun 22 08:24:21 2022 -0700
|
||||
|
||||
stdlib: Remove attr_write from mbstows if dst is NULL [BZ: 29265]
|
||||
|
||||
mbstows is defined if dst is NULL and is defined to special cased if
|
||||
dst is NULL so the fortify objsize check if incorrect in that case.
|
||||
|
||||
Tested on x86-64 linux.
|
||||
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
||||
|
||||
(cherry picked from commit 464d189b9622932a75302290625de84931656ec0)
|
||||
|
||||
diff --git a/stdlib/Makefile b/stdlib/Makefile
|
||||
index a4ac30d1f6359561..e13f1ee33c410ae6 100644
|
||||
--- a/stdlib/Makefile
|
||||
+++ b/stdlib/Makefile
|
||||
@@ -217,6 +217,9 @@ CFLAGS-tst-qsort.c += $(stack-align-test-flags)
|
||||
CFLAGS-tst-makecontext.c += -funwind-tables
|
||||
CFLAGS-tst-makecontext2.c += $(stack-align-test-flags)
|
||||
|
||||
+CFLAGS-testmb.c += -D_FORTIFY_SOURCE=2 -Wall -Werror
|
||||
+
|
||||
+
|
||||
# Run a test on the header files we use.
|
||||
tests-special += $(objpfx)isomac.out
|
||||
|
||||
diff --git a/stdlib/bits/stdlib.h b/stdlib/bits/stdlib.h
|
||||
index ccacbdf76a08225a..f0918d5d798a6ac4 100644
|
||||
--- a/stdlib/bits/stdlib.h
|
||||
+++ b/stdlib/bits/stdlib.h
|
||||
@@ -96,6 +96,11 @@ extern size_t __mbstowcs_chk (wchar_t *__restrict __dst,
|
||||
const char *__restrict __src,
|
||||
size_t __len, size_t __dstlen) __THROW
|
||||
__attr_access ((__write_only__, 1, 3)) __attr_access ((__read_only__, 2));
|
||||
+extern size_t __REDIRECT_NTH (__mbstowcs_chk_nulldst,
|
||||
+ (wchar_t *__restrict __dst,
|
||||
+ const char *__restrict __src,
|
||||
+ size_t __len), mbstowcs_chk)
|
||||
+ __attr_access ((__read_only__, 2));
|
||||
extern size_t __REDIRECT_NTH (__mbstowcs_alias,
|
||||
(wchar_t *__restrict __dst,
|
||||
const char *__restrict __src,
|
||||
@@ -108,16 +113,17 @@ extern size_t __REDIRECT_NTH (__mbstowcs_chk_warn,
|
||||
__warnattr ("mbstowcs called with dst buffer smaller than len "
|
||||
"* sizeof (wchar_t)");
|
||||
|
||||
-__fortify_function size_t
|
||||
+__always_inline __fortify_function size_t
|
||||
__NTH (mbstowcs (wchar_t *__restrict __dst, const char *__restrict __src,
|
||||
size_t __len))
|
||||
{
|
||||
- return __glibc_fortify_n (mbstowcs, __len, sizeof (wchar_t),
|
||||
- __glibc_objsize (__dst),
|
||||
- __dst, __src, __len);
|
||||
+ if (__builtin_constant_p (__dst == NULL) && __dst == NULL)
|
||||
+ return __mbstowcs_chk_nulldst (__dst, __src, __len);
|
||||
+ else
|
||||
+ return __glibc_fortify_n (mbstowcs, __len, sizeof (wchar_t),
|
||||
+ __glibc_objsize (__dst), __dst, __src, __len);
|
||||
}
|
||||
|
||||
-
|
||||
extern size_t __wcstombs_chk (char *__restrict __dst,
|
||||
const wchar_t *__restrict __src,
|
||||
size_t __len, size_t __dstlen) __THROW
|
||||
diff --git a/stdlib/testmb.c b/stdlib/testmb.c
|
||||
index 45dae7db61fb3e7b..6ac4dfd21d2d33b8 100644
|
||||
--- a/stdlib/testmb.c
|
||||
+++ b/stdlib/testmb.c
|
||||
@@ -16,6 +16,13 @@ main (int argc, char *argv[])
|
||||
lose = 1;
|
||||
}
|
||||
|
||||
+ i = mbstowcs (NULL, "bar", 4);
|
||||
+ if (!(i == 3 && w[1] == 'a'))
|
||||
+ {
|
||||
+ puts ("mbstowcs FAILED2!");
|
||||
+ lose = 1;
|
||||
+ }
|
||||
+
|
||||
mbstowcs (w, "blah", 5);
|
||||
i = wcstombs (c, w, 10);
|
||||
if (i != 4)
|
54
glibc-upstream-2.34-306.patch
Normal file
54
glibc-upstream-2.34-306.patch
Normal file
@ -0,0 +1,54 @@
|
||||
commit 4bc889c01ce68475ce36f9c67b9a445a6c0218d9
|
||||
Author: Noah Goldstein <goldstein.w.n@gmail.com>
|
||||
Date: Wed Jun 22 16:34:42 2022 -0700
|
||||
|
||||
stdlib: Fixup mbstowcs NULL __dst handling. [BZ #29279]
|
||||
|
||||
commit 464d189b9622932a75302290625de84931656ec0 (origin/master, origin/HEAD)
|
||||
Author: Noah Goldstein <goldstein.w.n@gmail.com>
|
||||
Date: Wed Jun 22 08:24:21 2022 -0700
|
||||
|
||||
stdlib: Remove attr_write from mbstows if dst is NULL [BZ: 29265]
|
||||
|
||||
Incorrectly called `__mbstowcs_chk` in the NULL __dst case which is
|
||||
incorrect as in the NULL __dst case we are explicitly skipping
|
||||
the objsize checks.
|
||||
|
||||
As well, remove the `__always_inline` attribute which exists in
|
||||
`__fortify_function`.
|
||||
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
||||
|
||||
(cherry picked from commit 220b83d83d32aa9e6f5659e2fa2a63a0024c3e4a)
|
||||
|
||||
diff --git a/stdlib/bits/stdlib.h b/stdlib/bits/stdlib.h
|
||||
index f0918d5d798a6ac4..ac9badc81f3990c5 100644
|
||||
--- a/stdlib/bits/stdlib.h
|
||||
+++ b/stdlib/bits/stdlib.h
|
||||
@@ -96,10 +96,10 @@ extern size_t __mbstowcs_chk (wchar_t *__restrict __dst,
|
||||
const char *__restrict __src,
|
||||
size_t __len, size_t __dstlen) __THROW
|
||||
__attr_access ((__write_only__, 1, 3)) __attr_access ((__read_only__, 2));
|
||||
-extern size_t __REDIRECT_NTH (__mbstowcs_chk_nulldst,
|
||||
+extern size_t __REDIRECT_NTH (__mbstowcs_nulldst,
|
||||
(wchar_t *__restrict __dst,
|
||||
const char *__restrict __src,
|
||||
- size_t __len), mbstowcs_chk)
|
||||
+ size_t __len), mbstowcs)
|
||||
__attr_access ((__read_only__, 2));
|
||||
extern size_t __REDIRECT_NTH (__mbstowcs_alias,
|
||||
(wchar_t *__restrict __dst,
|
||||
@@ -113,12 +113,12 @@ extern size_t __REDIRECT_NTH (__mbstowcs_chk_warn,
|
||||
__warnattr ("mbstowcs called with dst buffer smaller than len "
|
||||
"* sizeof (wchar_t)");
|
||||
|
||||
-__always_inline __fortify_function size_t
|
||||
+__fortify_function size_t
|
||||
__NTH (mbstowcs (wchar_t *__restrict __dst, const char *__restrict __src,
|
||||
size_t __len))
|
||||
{
|
||||
if (__builtin_constant_p (__dst == NULL) && __dst == NULL)
|
||||
- return __mbstowcs_chk_nulldst (__dst, __src, __len);
|
||||
+ return __mbstowcs_nulldst (__dst, __src, __len);
|
||||
else
|
||||
return __glibc_fortify_n (mbstowcs, __len, sizeof (wchar_t),
|
||||
__glibc_objsize (__dst), __dst, __src, __len);
|
30
glibc-upstream-2.34-307.patch
Normal file
30
glibc-upstream-2.34-307.patch
Normal file
@ -0,0 +1,30 @@
|
||||
commit 1fcc7bfee22a07064508b6729cdaa6289851a2b4
|
||||
Author: Florian Weimer <fweimer@redhat.com>
|
||||
Date: Mon Aug 22 11:04:47 2022 +0200
|
||||
|
||||
alpha: Fix generic brk system call emulation in __brk_call (bug 29490)
|
||||
|
||||
The kernel special-cases the zero argument for alpha brk, and we can
|
||||
use that to restore the generic Linux error handling behavior.
|
||||
|
||||
Fixes commit b57ab258c1140bc45464b4b9908713e3e0ee35aa ("Linux:
|
||||
Introduce __brk_call for invoking the brk system call").
|
||||
|
||||
(cherry picked from commit e7ad26ee3cb74e61d0637c888f24dd478d77af58)
|
||||
|
||||
diff --git a/sysdeps/unix/sysv/linux/alpha/brk_call.h b/sysdeps/unix/sysv/linux/alpha/brk_call.h
|
||||
index b8088cf13f938c88..0b851b6c8664e8d5 100644
|
||||
--- a/sysdeps/unix/sysv/linux/alpha/brk_call.h
|
||||
+++ b/sysdeps/unix/sysv/linux/alpha/brk_call.h
|
||||
@@ -21,8 +21,7 @@ __brk_call (void *addr)
|
||||
{
|
||||
unsigned long int result = INTERNAL_SYSCALL_CALL (brk, addr);
|
||||
if (result == -ENOMEM)
|
||||
- /* Mimic the default error reporting behavior. */
|
||||
- return addr;
|
||||
- else
|
||||
- return (void *) result;
|
||||
+ /* Mimic the generic error reporting behavior. */
|
||||
+ result = INTERNAL_SYSCALL_CALL (brk, 0);
|
||||
+ return (void *) result;
|
||||
}
|
435
glibc-upstream-2.34-308.patch
Normal file
435
glibc-upstream-2.34-308.patch
Normal file
@ -0,0 +1,435 @@
|
||||
commit 68507377f249d165f1f35502d96e9365edb07d9a
|
||||
Author: Arjun Shankar <arjun@redhat.com>
|
||||
Date: Tue Aug 2 11:10:25 2022 +0200
|
||||
|
||||
socket: Check lengths before advancing pointer in CMSG_NXTHDR
|
||||
|
||||
The inline and library functions that the CMSG_NXTHDR macro may expand
|
||||
to increment the pointer to the header before checking the stride of
|
||||
the increment against available space. Since C only allows incrementing
|
||||
pointers to one past the end of an array, the increment must be done
|
||||
after a length check. This commit fixes that and includes a regression
|
||||
test for CMSG_FIRSTHDR and CMSG_NXTHDR.
|
||||
|
||||
The Linux, Hurd, and generic headers are all changed.
|
||||
|
||||
Tested on Linux on armv7hl, i686, x86_64, aarch64, ppc64le, and s390x.
|
||||
|
||||
[BZ #28846]
|
||||
|
||||
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
||||
(cherry picked from commit 9c443ac4559a47ed99859bd80d14dc4b6dd220a1)
|
||||
|
||||
diff --git a/bits/socket.h b/bits/socket.h
|
||||
index 05ac0249c7da7218..781b1b2d1e0632a8 100644
|
||||
--- a/bits/socket.h
|
||||
+++ b/bits/socket.h
|
||||
@@ -245,6 +245,12 @@ struct cmsghdr
|
||||
+ CMSG_ALIGN (sizeof (struct cmsghdr)))
|
||||
#define CMSG_LEN(len) (CMSG_ALIGN (sizeof (struct cmsghdr)) + (len))
|
||||
|
||||
+/* Given a length, return the additional padding necessary such that
|
||||
+ len + __CMSG_PADDING(len) == CMSG_ALIGN (len). */
|
||||
+#define __CMSG_PADDING(len) ((sizeof (size_t) \
|
||||
+ - ((len) & (sizeof (size_t) - 1))) \
|
||||
+ & (sizeof (size_t) - 1))
|
||||
+
|
||||
extern struct cmsghdr *__cmsg_nxthdr (struct msghdr *__mhdr,
|
||||
struct cmsghdr *__cmsg) __THROW;
|
||||
#ifdef __USE_EXTERN_INLINES
|
||||
@@ -254,18 +260,38 @@ extern struct cmsghdr *__cmsg_nxthdr (struct msghdr *__mhdr,
|
||||
_EXTERN_INLINE struct cmsghdr *
|
||||
__NTH (__cmsg_nxthdr (struct msghdr *__mhdr, struct cmsghdr *__cmsg))
|
||||
{
|
||||
+ /* We may safely assume that __cmsg lies between __mhdr->msg_control and
|
||||
+ __mhdr->msg_controllen because the user is required to obtain the first
|
||||
+ cmsg via CMSG_FIRSTHDR, set its length, then obtain subsequent cmsgs
|
||||
+ via CMSG_NXTHDR, setting lengths along the way. However, we don't yet
|
||||
+ trust the value of __cmsg->cmsg_len and therefore do not use it in any
|
||||
+ pointer arithmetic until we check its value. */
|
||||
+
|
||||
+ unsigned char * __msg_control_ptr = (unsigned char *) __mhdr->msg_control;
|
||||
+ unsigned char * __cmsg_ptr = (unsigned char *) __cmsg;
|
||||
+
|
||||
+ size_t __size_needed = sizeof (struct cmsghdr)
|
||||
+ + __CMSG_PADDING (__cmsg->cmsg_len);
|
||||
+
|
||||
+ /* The current header is malformed, too small to be a full header. */
|
||||
if ((size_t) __cmsg->cmsg_len < sizeof (struct cmsghdr))
|
||||
- /* The kernel header does this so there may be a reason. */
|
||||
return (struct cmsghdr *) 0;
|
||||
|
||||
+ /* There isn't enough space between __cmsg and the end of the buffer to
|
||||
+ hold the current cmsg *and* the next one. */
|
||||
+ if (((size_t)
|
||||
+ (__msg_control_ptr + __mhdr->msg_controllen - __cmsg_ptr)
|
||||
+ < __size_needed)
|
||||
+ || ((size_t)
|
||||
+ (__msg_control_ptr + __mhdr->msg_controllen - __cmsg_ptr
|
||||
+ - __size_needed)
|
||||
+ < __cmsg->cmsg_len))
|
||||
+
|
||||
+ return (struct cmsghdr *) 0;
|
||||
+
|
||||
+ /* Now, we trust cmsg_len and can use it to find the next header. */
|
||||
__cmsg = (struct cmsghdr *) ((unsigned char *) __cmsg
|
||||
+ CMSG_ALIGN (__cmsg->cmsg_len));
|
||||
- if ((unsigned char *) (__cmsg + 1) > ((unsigned char *) __mhdr->msg_control
|
||||
- + __mhdr->msg_controllen)
|
||||
- || ((unsigned char *) __cmsg + CMSG_ALIGN (__cmsg->cmsg_len)
|
||||
- > ((unsigned char *) __mhdr->msg_control + __mhdr->msg_controllen)))
|
||||
- /* No more entries. */
|
||||
- return (struct cmsghdr *) 0;
|
||||
return __cmsg;
|
||||
}
|
||||
#endif /* Use `extern inline'. */
|
||||
diff --git a/socket/Makefile b/socket/Makefile
|
||||
index c2de11d73ca1e324..2fdf441bb44bf142 100644
|
||||
--- a/socket/Makefile
|
||||
+++ b/socket/Makefile
|
||||
@@ -34,6 +34,7 @@ routines := accept bind connect getpeername getsockname getsockopt \
|
||||
tests := \
|
||||
tst-accept4 \
|
||||
tst-sockopt \
|
||||
+ tst-cmsghdr \
|
||||
# tests
|
||||
|
||||
tests-internal := \
|
||||
diff --git a/socket/tst-cmsghdr-skeleton.c b/socket/tst-cmsghdr-skeleton.c
|
||||
new file mode 100644
|
||||
index 0000000000000000..7accfa6e54708e2a
|
||||
--- /dev/null
|
||||
+++ b/socket/tst-cmsghdr-skeleton.c
|
||||
@@ -0,0 +1,93 @@
|
||||
+/* Test ancillary data header creation.
|
||||
+ Copyright (C) 2022 Free Software Foundation, Inc.
|
||||
+ This file is part of the GNU C Library.
|
||||
+
|
||||
+ The GNU C Library is free software; you can redistribute it and/or
|
||||
+ modify it under the terms of the GNU Lesser General Public
|
||||
+ License as published by the Free Software Foundation; either
|
||||
+ version 2.1 of the License, or (at your option) any later version.
|
||||
+
|
||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ Lesser General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU Lesser General Public
|
||||
+ License along with the GNU C Library; if not, see
|
||||
+ <https://www.gnu.org/licenses/>. */
|
||||
+
|
||||
+/* We use the preprocessor to generate the function/macro tests instead of
|
||||
+ using indirection because having all the macro expansions alongside
|
||||
+ each other lets the compiler warn us about suspicious pointer
|
||||
+ arithmetic across subsequent CMSG_{FIRST,NXT}HDR expansions. */
|
||||
+
|
||||
+#include <stdint.h>
|
||||
+#include <stddef.h>
|
||||
+
|
||||
+#define RUN_TEST_CONCAT(suffix) run_test_##suffix
|
||||
+#define RUN_TEST_FUNCNAME(suffix) RUN_TEST_CONCAT (suffix)
|
||||
+
|
||||
+static void
|
||||
+RUN_TEST_FUNCNAME (CMSG_NXTHDR_IMPL) (void)
|
||||
+{
|
||||
+ struct msghdr m = {0};
|
||||
+ struct cmsghdr *cmsg;
|
||||
+ char cmsgbuf[3 * CMSG_SPACE (sizeof (PAYLOAD))] = {0};
|
||||
+
|
||||
+ m.msg_control = cmsgbuf;
|
||||
+ m.msg_controllen = sizeof (cmsgbuf);
|
||||
+
|
||||
+ /* First header should point to the start of the buffer. */
|
||||
+ cmsg = CMSG_FIRSTHDR (&m);
|
||||
+ TEST_VERIFY_EXIT ((char *) cmsg == cmsgbuf);
|
||||
+
|
||||
+ /* If the first header length consumes the entire buffer, there is no
|
||||
+ space remaining for additional headers. */
|
||||
+ cmsg->cmsg_len = sizeof (cmsgbuf);
|
||||
+ cmsg = CMSG_NXTHDR_IMPL (&m, cmsg);
|
||||
+ TEST_VERIFY_EXIT (cmsg == NULL);
|
||||
+
|
||||
+ /* The first header length is so big, using it would cause an overflow. */
|
||||
+ cmsg = CMSG_FIRSTHDR (&m);
|
||||
+ TEST_VERIFY_EXIT ((char *) cmsg == cmsgbuf);
|
||||
+ cmsg->cmsg_len = SIZE_MAX;
|
||||
+ cmsg = CMSG_NXTHDR_IMPL (&m, cmsg);
|
||||
+ TEST_VERIFY_EXIT (cmsg == NULL);
|
||||
+
|
||||
+ /* The first header leaves just enough space to hold another header. */
|
||||
+ cmsg = CMSG_FIRSTHDR (&m);
|
||||
+ TEST_VERIFY_EXIT ((char *) cmsg == cmsgbuf);
|
||||
+ cmsg->cmsg_len = sizeof (cmsgbuf) - sizeof (struct cmsghdr);
|
||||
+ cmsg = CMSG_NXTHDR_IMPL (&m, cmsg);
|
||||
+ TEST_VERIFY_EXIT (cmsg != NULL);
|
||||
+
|
||||
+ /* The first header leaves space but not enough for another header. */
|
||||
+ cmsg = CMSG_FIRSTHDR (&m);
|
||||
+ TEST_VERIFY_EXIT ((char *) cmsg == cmsgbuf);
|
||||
+ cmsg->cmsg_len ++;
|
||||
+ cmsg = CMSG_NXTHDR_IMPL (&m, cmsg);
|
||||
+ TEST_VERIFY_EXIT (cmsg == NULL);
|
||||
+
|
||||
+ /* The second header leaves just enough space to hold another header. */
|
||||
+ cmsg = CMSG_FIRSTHDR (&m);
|
||||
+ TEST_VERIFY_EXIT ((char *) cmsg == cmsgbuf);
|
||||
+ cmsg->cmsg_len = CMSG_LEN (sizeof (PAYLOAD));
|
||||
+ cmsg = CMSG_NXTHDR_IMPL (&m, cmsg);
|
||||
+ TEST_VERIFY_EXIT (cmsg != NULL);
|
||||
+ cmsg->cmsg_len = sizeof (cmsgbuf)
|
||||
+ - CMSG_SPACE (sizeof (PAYLOAD)) /* First header. */
|
||||
+ - sizeof (struct cmsghdr);
|
||||
+ cmsg = CMSG_NXTHDR_IMPL (&m, cmsg);
|
||||
+ TEST_VERIFY_EXIT (cmsg != NULL);
|
||||
+
|
||||
+ /* The second header leaves space but not enough for another header. */
|
||||
+ cmsg = CMSG_FIRSTHDR (&m);
|
||||
+ TEST_VERIFY_EXIT ((char *) cmsg == cmsgbuf);
|
||||
+ cmsg = CMSG_NXTHDR_IMPL (&m, cmsg);
|
||||
+ TEST_VERIFY_EXIT (cmsg != NULL);
|
||||
+ cmsg->cmsg_len ++;
|
||||
+ cmsg = CMSG_NXTHDR_IMPL (&m, cmsg);
|
||||
+ TEST_VERIFY_EXIT (cmsg == NULL);
|
||||
+
|
||||
+ return;
|
||||
+}
|
||||
diff --git a/socket/tst-cmsghdr.c b/socket/tst-cmsghdr.c
|
||||
new file mode 100644
|
||||
index 0000000000000000..68c96d3c9dd2bce8
|
||||
--- /dev/null
|
||||
+++ b/socket/tst-cmsghdr.c
|
||||
@@ -0,0 +1,56 @@
|
||||
+/* Test ancillary data header creation.
|
||||
+ Copyright (C) 2022 Free Software Foundation, Inc.
|
||||
+ This file is part of the GNU C Library.
|
||||
+
|
||||
+ The GNU C Library is free software; you can redistribute it and/or
|
||||
+ modify it under the terms of the GNU Lesser General Public
|
||||
+ License as published by the Free Software Foundation; either
|
||||
+ version 2.1 of the License, or (at your option) any later version.
|
||||
+
|
||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ Lesser General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU Lesser General Public
|
||||
+ License along with the GNU C Library; if not, see
|
||||
+ <https://www.gnu.org/licenses/>. */
|
||||
+
|
||||
+#include <sys/socket.h>
|
||||
+#include <gnu/lib-names.h>
|
||||
+#include <support/xdlfcn.h>
|
||||
+#include <support/check.h>
|
||||
+
|
||||
+#define PAYLOAD "Hello, World!"
|
||||
+
|
||||
+/* CMSG_NXTHDR is a macro that calls an inline function defined in
|
||||
+ bits/socket.h. In case the function cannot be inlined, libc.so carries
|
||||
+ a copy. Both versions need to be tested. */
|
||||
+
|
||||
+#define CMSG_NXTHDR_IMPL CMSG_NXTHDR
|
||||
+#include "tst-cmsghdr-skeleton.c"
|
||||
+#undef CMSG_NXTHDR_IMPL
|
||||
+
|
||||
+static struct cmsghdr * (* cmsg_nxthdr) (struct msghdr *, struct cmsghdr *);
|
||||
+
|
||||
+#define CMSG_NXTHDR_IMPL cmsg_nxthdr
|
||||
+#include "tst-cmsghdr-skeleton.c"
|
||||
+#undef CMSG_NXTHDR_IMPL
|
||||
+
|
||||
+static int
|
||||
+do_test (void)
|
||||
+{
|
||||
+ static void *handle;
|
||||
+
|
||||
+ run_test_CMSG_NXTHDR ();
|
||||
+
|
||||
+ handle = xdlopen (LIBC_SO, RTLD_LAZY);
|
||||
+ cmsg_nxthdr = (struct cmsghdr * (*) (struct msghdr *, struct cmsghdr *))
|
||||
+ xdlsym (handle, "__cmsg_nxthdr");
|
||||
+
|
||||
+ run_test_cmsg_nxthdr ();
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+#include <support/test-driver.c>
|
||||
diff --git a/sysdeps/mach/hurd/bits/socket.h b/sysdeps/mach/hurd/bits/socket.h
|
||||
index 5210a7b44950e957..423eb2df09c3eef9 100644
|
||||
--- a/sysdeps/mach/hurd/bits/socket.h
|
||||
+++ b/sysdeps/mach/hurd/bits/socket.h
|
||||
@@ -249,6 +249,12 @@ struct cmsghdr
|
||||
+ CMSG_ALIGN (sizeof (struct cmsghdr)))
|
||||
#define CMSG_LEN(len) (CMSG_ALIGN (sizeof (struct cmsghdr)) + (len))
|
||||
|
||||
+/* Given a length, return the additional padding necessary such that
|
||||
+ len + __CMSG_PADDING(len) == CMSG_ALIGN (len). */
|
||||
+#define __CMSG_PADDING(len) ((sizeof (size_t) \
|
||||
+ - ((len) & (sizeof (size_t) - 1))) \
|
||||
+ & (sizeof (size_t) - 1))
|
||||
+
|
||||
extern struct cmsghdr *__cmsg_nxthdr (struct msghdr *__mhdr,
|
||||
struct cmsghdr *__cmsg) __THROW;
|
||||
#ifdef __USE_EXTERN_INLINES
|
||||
@@ -258,18 +264,38 @@ extern struct cmsghdr *__cmsg_nxthdr (struct msghdr *__mhdr,
|
||||
_EXTERN_INLINE struct cmsghdr *
|
||||
__NTH (__cmsg_nxthdr (struct msghdr *__mhdr, struct cmsghdr *__cmsg))
|
||||
{
|
||||
+ /* We may safely assume that __cmsg lies between __mhdr->msg_control and
|
||||
+ __mhdr->msg_controllen because the user is required to obtain the first
|
||||
+ cmsg via CMSG_FIRSTHDR, set its length, then obtain subsequent cmsgs
|
||||
+ via CMSG_NXTHDR, setting lengths along the way. However, we don't yet
|
||||
+ trust the value of __cmsg->cmsg_len and therefore do not use it in any
|
||||
+ pointer arithmetic until we check its value. */
|
||||
+
|
||||
+ unsigned char * __msg_control_ptr = (unsigned char *) __mhdr->msg_control;
|
||||
+ unsigned char * __cmsg_ptr = (unsigned char *) __cmsg;
|
||||
+
|
||||
+ size_t __size_needed = sizeof (struct cmsghdr)
|
||||
+ + __CMSG_PADDING (__cmsg->cmsg_len);
|
||||
+
|
||||
+ /* The current header is malformed, too small to be a full header. */
|
||||
if ((size_t) __cmsg->cmsg_len < sizeof (struct cmsghdr))
|
||||
- /* The kernel header does this so there may be a reason. */
|
||||
return (struct cmsghdr *) 0;
|
||||
|
||||
+ /* There isn't enough space between __cmsg and the end of the buffer to
|
||||
+ hold the current cmsg *and* the next one. */
|
||||
+ if (((size_t)
|
||||
+ (__msg_control_ptr + __mhdr->msg_controllen - __cmsg_ptr)
|
||||
+ < __size_needed)
|
||||
+ || ((size_t)
|
||||
+ (__msg_control_ptr + __mhdr->msg_controllen - __cmsg_ptr
|
||||
+ - __size_needed)
|
||||
+ < __cmsg->cmsg_len))
|
||||
+
|
||||
+ return (struct cmsghdr *) 0;
|
||||
+
|
||||
+ /* Now, we trust cmsg_len and can use it to find the next header. */
|
||||
__cmsg = (struct cmsghdr *) ((unsigned char *) __cmsg
|
||||
+ CMSG_ALIGN (__cmsg->cmsg_len));
|
||||
- if ((unsigned char *) (__cmsg + 1) > ((unsigned char *) __mhdr->msg_control
|
||||
- + __mhdr->msg_controllen)
|
||||
- || ((unsigned char *) __cmsg + CMSG_ALIGN (__cmsg->cmsg_len)
|
||||
- > ((unsigned char *) __mhdr->msg_control + __mhdr->msg_controllen)))
|
||||
- /* No more entries. */
|
||||
- return (struct cmsghdr *) 0;
|
||||
return __cmsg;
|
||||
}
|
||||
#endif /* Use `extern inline'. */
|
||||
diff --git a/sysdeps/unix/sysv/linux/bits/socket.h b/sysdeps/unix/sysv/linux/bits/socket.h
|
||||
index c81fab840918924e..7d56f877e0a73acb 100644
|
||||
--- a/sysdeps/unix/sysv/linux/bits/socket.h
|
||||
+++ b/sysdeps/unix/sysv/linux/bits/socket.h
|
||||
@@ -306,6 +306,12 @@ struct cmsghdr
|
||||
+ CMSG_ALIGN (sizeof (struct cmsghdr)))
|
||||
#define CMSG_LEN(len) (CMSG_ALIGN (sizeof (struct cmsghdr)) + (len))
|
||||
|
||||
+/* Given a length, return the additional padding necessary such that
|
||||
+ len + __CMSG_PADDING(len) == CMSG_ALIGN (len). */
|
||||
+#define __CMSG_PADDING(len) ((sizeof (size_t) \
|
||||
+ - ((len) & (sizeof (size_t) - 1))) \
|
||||
+ & (sizeof (size_t) - 1))
|
||||
+
|
||||
extern struct cmsghdr *__cmsg_nxthdr (struct msghdr *__mhdr,
|
||||
struct cmsghdr *__cmsg) __THROW;
|
||||
#ifdef __USE_EXTERN_INLINES
|
||||
@@ -315,18 +321,38 @@ extern struct cmsghdr *__cmsg_nxthdr (struct msghdr *__mhdr,
|
||||
_EXTERN_INLINE struct cmsghdr *
|
||||
__NTH (__cmsg_nxthdr (struct msghdr *__mhdr, struct cmsghdr *__cmsg))
|
||||
{
|
||||
+ /* We may safely assume that __cmsg lies between __mhdr->msg_control and
|
||||
+ __mhdr->msg_controllen because the user is required to obtain the first
|
||||
+ cmsg via CMSG_FIRSTHDR, set its length, then obtain subsequent cmsgs
|
||||
+ via CMSG_NXTHDR, setting lengths along the way. However, we don't yet
|
||||
+ trust the value of __cmsg->cmsg_len and therefore do not use it in any
|
||||
+ pointer arithmetic until we check its value. */
|
||||
+
|
||||
+ unsigned char * __msg_control_ptr = (unsigned char *) __mhdr->msg_control;
|
||||
+ unsigned char * __cmsg_ptr = (unsigned char *) __cmsg;
|
||||
+
|
||||
+ size_t __size_needed = sizeof (struct cmsghdr)
|
||||
+ + __CMSG_PADDING (__cmsg->cmsg_len);
|
||||
+
|
||||
+ /* The current header is malformed, too small to be a full header. */
|
||||
if ((size_t) __cmsg->cmsg_len < sizeof (struct cmsghdr))
|
||||
- /* The kernel header does this so there may be a reason. */
|
||||
return (struct cmsghdr *) 0;
|
||||
|
||||
+ /* There isn't enough space between __cmsg and the end of the buffer to
|
||||
+ hold the current cmsg *and* the next one. */
|
||||
+ if (((size_t)
|
||||
+ (__msg_control_ptr + __mhdr->msg_controllen - __cmsg_ptr)
|
||||
+ < __size_needed)
|
||||
+ || ((size_t)
|
||||
+ (__msg_control_ptr + __mhdr->msg_controllen - __cmsg_ptr
|
||||
+ - __size_needed)
|
||||
+ < __cmsg->cmsg_len))
|
||||
+
|
||||
+ return (struct cmsghdr *) 0;
|
||||
+
|
||||
+ /* Now, we trust cmsg_len and can use it to find the next header. */
|
||||
__cmsg = (struct cmsghdr *) ((unsigned char *) __cmsg
|
||||
+ CMSG_ALIGN (__cmsg->cmsg_len));
|
||||
- if ((unsigned char *) (__cmsg + 1) > ((unsigned char *) __mhdr->msg_control
|
||||
- + __mhdr->msg_controllen)
|
||||
- || ((unsigned char *) __cmsg + CMSG_ALIGN (__cmsg->cmsg_len)
|
||||
- > ((unsigned char *) __mhdr->msg_control + __mhdr->msg_controllen)))
|
||||
- /* No more entries. */
|
||||
- return (struct cmsghdr *) 0;
|
||||
return __cmsg;
|
||||
}
|
||||
#endif /* Use `extern inline'. */
|
||||
diff --git a/sysdeps/unix/sysv/linux/cmsg_nxthdr.c b/sysdeps/unix/sysv/linux/cmsg_nxthdr.c
|
||||
index a0fe49f28563d030..535d22e9a037b9a9 100644
|
||||
--- a/sysdeps/unix/sysv/linux/cmsg_nxthdr.c
|
||||
+++ b/sysdeps/unix/sysv/linux/cmsg_nxthdr.c
|
||||
@@ -23,18 +23,38 @@
|
||||
struct cmsghdr *
|
||||
__cmsg_nxthdr (struct msghdr *mhdr, struct cmsghdr *cmsg)
|
||||
{
|
||||
+ /* We may safely assume that cmsg lies between mhdr->msg_control and
|
||||
+ mhdr->msg_controllen because the user is required to obtain the first
|
||||
+ cmsg via CMSG_FIRSTHDR, set its length, then obtain subsequent cmsgs
|
||||
+ via CMSG_NXTHDR, setting lengths along the way. However, we don't yet
|
||||
+ trust the value of cmsg->cmsg_len and therefore do not use it in any
|
||||
+ pointer arithmetic until we check its value. */
|
||||
+
|
||||
+ unsigned char * msg_control_ptr = (unsigned char *) mhdr->msg_control;
|
||||
+ unsigned char * cmsg_ptr = (unsigned char *) cmsg;
|
||||
+
|
||||
+ size_t size_needed = sizeof (struct cmsghdr)
|
||||
+ + __CMSG_PADDING (cmsg->cmsg_len);
|
||||
+
|
||||
+ /* The current header is malformed, too small to be a full header. */
|
||||
if ((size_t) cmsg->cmsg_len < sizeof (struct cmsghdr))
|
||||
- /* The kernel header does this so there may be a reason. */
|
||||
- return NULL;
|
||||
+ return (struct cmsghdr *) 0;
|
||||
+
|
||||
+ /* There isn't enough space between cmsg and the end of the buffer to
|
||||
+ hold the current cmsg *and* the next one. */
|
||||
+ if (((size_t)
|
||||
+ (msg_control_ptr + mhdr->msg_controllen - cmsg_ptr)
|
||||
+ < size_needed)
|
||||
+ || ((size_t)
|
||||
+ (msg_control_ptr + mhdr->msg_controllen - cmsg_ptr
|
||||
+ - size_needed)
|
||||
+ < cmsg->cmsg_len))
|
||||
+
|
||||
+ return (struct cmsghdr *) 0;
|
||||
|
||||
+ /* Now, we trust cmsg_len and can use it to find the next header. */
|
||||
cmsg = (struct cmsghdr *) ((unsigned char *) cmsg
|
||||
+ CMSG_ALIGN (cmsg->cmsg_len));
|
||||
- if ((unsigned char *) (cmsg + 1) > ((unsigned char *) mhdr->msg_control
|
||||
- + mhdr->msg_controllen)
|
||||
- || ((unsigned char *) cmsg + CMSG_ALIGN (cmsg->cmsg_len)
|
||||
- > ((unsigned char *) mhdr->msg_control + mhdr->msg_controllen)))
|
||||
- /* No more entries. */
|
||||
- return NULL;
|
||||
return cmsg;
|
||||
}
|
||||
libc_hidden_def (__cmsg_nxthdr)
|
23
glibc.spec
23
glibc.spec
@ -148,7 +148,7 @@ end \
|
||||
Summary: The GNU libc libraries
|
||||
Name: glibc
|
||||
Version: %{glibcversion}
|
||||
Release: 40%{?dist}
|
||||
Release: 42%{?dist}
|
||||
|
||||
# In general, GPLv2+ is used by programs, LGPLv2+ is used for
|
||||
# libraries.
|
||||
@ -579,6 +579,12 @@ Patch371: glibc-upstream-2.34-299.patch
|
||||
Patch372: glibc-upstream-2.34-300.patch
|
||||
Patch373: glibc-upstream-2.34-301.patch
|
||||
Patch374: glibc-upstream-2.34-302.patch
|
||||
Patch375: glibc-upstream-2.34-303.patch
|
||||
Patch376: glibc-upstream-2.34-304.patch
|
||||
Patch377: glibc-upstream-2.34-305.patch
|
||||
Patch378: glibc-upstream-2.34-306.patch
|
||||
Patch379: glibc-upstream-2.34-307.patch
|
||||
Patch380: glibc-upstream-2.34-308.patch
|
||||
|
||||
##############################################################################
|
||||
# Continued list of core "glibc" package information:
|
||||
@ -2635,6 +2641,21 @@ fi
|
||||
%files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared
|
||||
|
||||
%changelog
|
||||
* Tue Sep 06 2022 Arjun Shankar <arjun@redhat.com> - 2.34-42
|
||||
- Co-Authored-By: Benjamin Herrenschmidt <benh@amazon.com>
|
||||
- Retain .gnu_debuglink section in libc.so.6 (#2090744)
|
||||
- Remove redundant ld.so debuginfo file (#2090744)
|
||||
|
||||
* Tue Aug 23 2022 Arjun Shankar <arjun@redhat.com> - 2.34-41
|
||||
- Sync with upstream branch release/2.34/master,
|
||||
commit 68507377f249d165f1f35502d96e9365edb07d9a:
|
||||
- socket: Check lengths before advancing pointer in CMSG_NXTHDR
|
||||
- alpha: Fix generic brk system call emulation in __brk_call (bug 29490)
|
||||
- stdlib: Fixup mbstowcs NULL __dst handling. [BZ #29279]
|
||||
- stdlib: Remove attr_write from mbstows if dst is NULL [BZ: 29265]
|
||||
- Update syscall lists for Linux 5.19
|
||||
- dlfcn: Pass caller pointer to static dlopen implementation (bug 29446)
|
||||
|
||||
* Fri Jul 22 2022 Arjun Shankar <arjun@redhat.com> - 2.34-40
|
||||
- Sync with upstream branch release/2.34/master,
|
||||
commit b2f32e746492615a6eb3e66fac1e766e32e8deb1:
|
||||
|
@ -17,6 +17,7 @@ set -ex
|
||||
|
||||
ldso_tmp="$(mktemp)"
|
||||
libc_tmp="$(mktemp)"
|
||||
libc_dlink_tmp="$(mktemp)"
|
||||
|
||||
# Prefer a separately installed debugedit over the RPM-integrated one.
|
||||
if command -v debugedit >/dev/null ; then
|
||||
@ -26,7 +27,7 @@ else
|
||||
fi
|
||||
|
||||
cleanup () {
|
||||
rm -f "$ldso_tmp" "$libc_tmp"
|
||||
rm -f "$ldso_tmp" "$libc_tmp" "$libc_dlink_tmp"
|
||||
}
|
||||
trap cleanup 0
|
||||
|
||||
@ -66,6 +67,10 @@ cp "$libc_path" "$libc_tmp"
|
||||
# Run the debuginfo extraction.
|
||||
"$script_path" "$@"
|
||||
|
||||
# libc.so.6: Extract the .gnu_debuglink section
|
||||
objcopy -j.gnu_debuglink --set-section-flags .gnu_debuglink=alloc \
|
||||
-O binary "$libc_path" "$libc_dlink_tmp"
|
||||
|
||||
# Restore the original files.
|
||||
cp "$ldso_tmp" "$ldso_path"
|
||||
cp "$libc_tmp" "$libc_path"
|
||||
@ -74,6 +79,23 @@ cp "$libc_tmp" "$libc_path"
|
||||
objcopy --merge-notes "$ldso_path"
|
||||
objcopy --merge-notes "$libc_path"
|
||||
|
||||
# libc.so.6: Restore the .gnu_debuglink section
|
||||
objcopy --add-section .gnu_debuglink="$libc_dlink_tmp" "$libc_path"
|
||||
|
||||
# ld.so does not have separated debuginfo and so the debuginfo file
|
||||
# generated by find-debuginfo is redundant. Therefore, remove it.
|
||||
ldso_debug=
|
||||
for ldso_debug_candidate in `find "$sysroot_path" -regextype posix-extended \
|
||||
-regex '.*/ld(-.*|64|)\.so\.[0-9]+.*debug$' -type f` ; do
|
||||
if test -z "$ldso_debug" ; then
|
||||
ldso_debug="$ldso_debug_candidate"
|
||||
else
|
||||
echo "error: multiple ld.so debug candidates: $ldso_debug, $ldso_debug_candidate"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
rm -f "$ldso_debug"
|
||||
|
||||
# libc.so.6: Reduce to valuable symbols. Eliminate file symbols,
|
||||
# annobin symbols, and symbols used by the glibc build to implement
|
||||
# hidden aliases (__EI_*). We would also like to remove __GI_*
|
||||
|
Loading…
Reference in New Issue
Block a user