rpms/glibc
5
0
Fork 2
Code Issues Pull Requests Releases Activity

Add tests extracted from upstream printf regression tests (RHEL-46761)

Browse Source 
Resolves: RHEL-46761
This commit is contained in:
Florian Weimer 2025-01-23 23:18:58 +01:00
parent 53bdedaafc
commit 14e4554e30
5 changed files with 386 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
glibc-RHEL-46761-1.patch Normal file
View File

@ -0,0 +1,76 @@
commit ca6466e8be32369a658035d69542d47603e58a99
Author: Andreas Schwab <schwab@suse.de>
Date: Mon Aug 29 15:05:40 2022 +0200
Add test for bug 29530
This tests for a bug that was introduced in commit edc1686af0 ("vfprintf:
Reuse work_buffer in group_number") and fixed as a side effect of commit
6caddd34bd ("Remove most vfprintf width/precision-dependent allocations
(bug 14231, bug 26211).").
diff --git a/stdio-common/Makefile b/stdio-common/Makefile
index 826823a68dd36a8a..e3939b112ca2037f 100644
--- a/stdio-common/Makefile
+++ b/stdio-common/Makefile
@@ -221,6 +221,7 @@ tests := \
tst-getline-enomem \
tst-gets \
tst-grouping \
+ tst-grouping2 \
tst-long-dbl-fphex \
tst-obprintf \
tst-perror \
@@ -369,6 +370,7 @@ $(objpfx)bug14.out: $(gen-locales)
$(objpfx)scanf13.out: $(gen-locales)
$(objpfx)test-vfprintf.out: $(gen-locales)
$(objpfx)tst-grouping.out: $(gen-locales)
+$(objpfx)tst-grouping2.out: $(gen-locales)
$(objpfx)tst-sprintf.out: $(gen-locales)
$(objpfx)tst-sscanf.out: $(gen-locales)
$(objpfx)tst-swprintf.out: $(gen-locales)
diff --git a/stdio-common/tst-grouping2.c b/stdio-common/tst-grouping2.c
new file mode 100644
index 0000000000000000..3024c942a60e51bf
--- /dev/null
+++ b/stdio-common/tst-grouping2.c
@@ -0,0 +1,39 @@
+/* Test printf with grouping and large width (bug 29530)
+ Copyright (C) 2022 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <locale.h>
+#include <stdio.h>
+#include <support/check.h>
+#include <support/support.h>
+
+static int
+do_test (void)
+{
+ const int field_width = 1000;
+ char buf[field_width + 1];
+
+ xsetlocale (LC_NUMERIC, "de_DE.UTF-8");
+
+ /* This used to crash in group_number. */
+ TEST_COMPARE (sprintf (buf, "%'*d", field_width, 1000), field_width);
+ TEST_COMPARE_STRING (buf + field_width - 6, " 1.000");
+
+ return 0;
+}
+
+#include <support/test-driver.c>

183
glibc-RHEL-46761-2.patch Normal file
View File

@ -0,0 +1,183 @@
Backport of the test case from this commit:
commit 0d50f477f47ba637b54fb03ac48d769ec4543e8d
Author: Florian Weimer <fweimer@redhat.com>
Date: Wed Jan 25 08:01:00 2023 +0100
stdio-common: Handle -1 buffer size in __sprintf_chk & co (bug 30039)
This shows up as an assertion failure when sprintf is called with
a specifier like "%.8g" and libquadmath is linked in:
Fatal glibc error: printf_buffer_as_file.c:31
(__printf_buffer_as_file_commit): assertion failed:
file->stream._IO_write_ptr <= file->next->write_end
Fix this by detecting pointer wraparound in __vsprintf_internal
and saturate the addition to the end of the address space instead.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
Conflicts:
debug/Makefile
(missing time64 tests downstream)
include/printf_buffer.h
libio/iovsprintf.c
(not included in test-only backport)
diff --git a/debug/Makefile b/debug/Makefile
index ddae3817aef9afad..563e6249121e8bc9 100644
--- a/debug/Makefile
+++ b/debug/Makefile
@@ -187,6 +187,10 @@ LDFLAGS-tst-backtrace6 = -rdynamic
CFLAGS-tst-ssp-1.c += -fstack-protector-all
+# Disable compiler optimizations around vsprintf (the function under test).
+CFLAGS-tst-sprintf-fortify-unchecked.c = \
+ -fno-builtin-vsprintf -fno-builtin-__vsprintf_chk
+
tests = backtrace-tst \
tst-longjmp_chk \
test-strcpy_chk \
@@ -199,6 +203,7 @@ tests = backtrace-tst \
tst-backtrace5 \
tst-backtrace6 \
tst-realpath-chk \
+ tst-sprintf-fortify-unchecked \
$(tests-all-chk) \
ifeq ($(have-ssp),yes)
diff --git a/debug/tst-sprintf-fortify-unchecked.c b/debug/tst-sprintf-fortify-unchecked.c
new file mode 100644
index 0000000000000000..7c7bd1b5e4fe12e8
--- /dev/null
+++ b/debug/tst-sprintf-fortify-unchecked.c
@@ -0,0 +1,126 @@
+/* Tests for fortified sprintf with unknown buffer bounds (bug 30039).
+ Copyright (C) 2023 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <printf.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <support/check.h>
+
+/* This test is not built with _FORTIFY_SOURCE. Instead it calls the
+ appropriate implementation directly. The fortify mode is specified
+ in this variable. */
+static int fortify_mode;
+
+/* This does not handle long-double redirects etc., but we test only
+ format strings that stay within the confines of the base
+ implementation. */
+int __vsprintf_chk (char *s, int flag, size_t slen, const char *format,
+ va_list ap);
+
+/* Invoke vsprintf or __vsprintf_chk according to fortify_mode. */
+static int
+my_vsprintf (char *buf, const char *format, va_list ap)
+{
+ int result;
+ if (fortify_mode == 0)
+ result = vsprintf (buf, format, ap);
+ else
+ /* Call the fortified version with an unspecified length. */
+ result = __vsprintf_chk (buf, fortify_mode - 1, -1, format, ap);
+ return result;
+}
+
+/* Run one test, with the specified expected output. */
+static void __attribute ((format (printf, 2, 3)))
+do_check (const char *expected, const char *format, ...)
+{
+ va_list ap;
+ va_start (ap, format);
+
+ char buf_expected[24];
+ memset (buf_expected, '@', sizeof (buf_expected));
+ TEST_VERIFY (strlen (expected) < sizeof (buf_expected));
+ strcpy (buf_expected, expected);
+
+ char buf[sizeof (buf_expected)];
+ memset (buf, '@', sizeof (buf));
+
+ int ret = my_vsprintf (buf, format, ap);
+ TEST_COMPARE_BLOB (buf_expected, sizeof (buf_expected), buf, sizeof (buf));
+ TEST_COMPARE (ret, strlen (expected));
+
+ va_end (ap);
+}
+
+/* Run the tests in all fortify modes. */
+static void
+do_tests (void)
+{
+ for (fortify_mode = 0; fortify_mode <= 3; ++fortify_mode)
+ {
+ do_check ("0", "%d", 0);
+ do_check ("-2147483648", "%d", -2147483647 - 1);
+ do_check ("-9223372036854775808", "%lld", -9223372036854775807LL - 1);
+ do_check ("", "%s", "");
+ do_check (" ", "%22s", "");
+ do_check ("XXXXXXXXXXXXXXXXXXXXXX", "%s", "XXXXXXXXXXXXXXXXXXXXXX");
+ do_check ("1.125000", "%f", 1.125);
+ do_check ("1.125", "%g", 1.125);
+ do_check ("1.125", "%.8g", 1.125);
+ }
+}
+
+/* printf callback that falls back to the glibc-supplied
+ implementation. */
+static int
+dummy_printf_function (FILE *__stream,
+ const struct printf_info *__info,
+ const void *const *__args)
+{
+ return -2; /* Request fallback. */
+}
+
+/* Likewise for the type information. */
+static int
+dummy_arginfo_function (const struct printf_info *info,
+ size_t n, int *argtypes, int *size)
+{
+ return -1; /* Request fallback. */
+}
+
+static int
+do_test (void)
+{
+ do_tests ();
+
+ /* Activate __printf_function_invoke mode. */
+ register_printf_specifier ('d', dummy_printf_function,
+ dummy_arginfo_function);
+ register_printf_specifier ('g', dummy_printf_function,
+ dummy_arginfo_function);
+ register_printf_specifier ('s', dummy_printf_function,
+ dummy_arginfo_function);
+
+ /* Rerun the tests with callback functions. */
+ do_tests ();
+
+ return 0;
+}
+
+#include <support/test-driver.c>

102
glibc-RHEL-46761-3.patch Normal file
View File

@ -0,0 +1,102 @@
Backport of the test case from the upstream commit. Note
that the test fails in the version included here.
commit c980549cc6a1c03c23cc2fe3e7b0fe626a0364b0
Author: Carlos O'Donell <carlos@redhat.com>
Date: Thu Jan 19 12:50:20 2023 +0100
Account for grouping in printf width (bug 30068)
This is a partial fix for mishandling of grouping when formatting
integers. It properly computes the width in the presence of grouping
characters when the width is larger than the number of significant
digits. The precision related issue is documented in bug 23432.
Co-authored-by: Andreas Schwab <schwab@suse.de>
Conflicts:
stdio-common/Makefile
(missing tests downstream)
stdio-common/vfprintf-process-arg.c
(not included in backport)
diff --git a/stdio-common/Makefile b/stdio-common/Makefile
index e3939b112ca2037f..74e0edff73a9e468 100644
--- a/stdio-common/Makefile
+++ b/stdio-common/Makefile
@@ -222,6 +222,7 @@ tests := \
tst-gets \
tst-grouping \
tst-grouping2 \
+ tst-grouping3 \
tst-long-dbl-fphex \
tst-obprintf \
tst-perror \
@@ -375,6 +376,7 @@ $(objpfx)tst-sprintf.out: $(gen-locales)
$(objpfx)tst-sscanf.out: $(gen-locales)
$(objpfx)tst-swprintf.out: $(gen-locales)
$(objpfx)tst-vfprintf-mbs-prec.out: $(gen-locales)
+$(objpfx)tst-grouping3.out: $(gen-locales)
endif
tst-printf-bz18872-ENV = MALLOC_TRACE=$(objpfx)tst-printf-bz18872.mtrace \
diff --git a/stdio-common/tst-grouping3.c b/stdio-common/tst-grouping3.c
new file mode 100644
index 0000000000000000..e9e39218e25a2720
--- /dev/null
+++ b/stdio-common/tst-grouping3.c
@@ -0,0 +1,54 @@
+/* Test printf with grouping and padding (bug 30068)
+ Copyright (C) 2023 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <locale.h>
+#include <stdio.h>
+#include <support/check.h>
+#include <support/support.h>
+
+static int
+do_test (void)
+{
+ char buf[80];
+
+ xsetlocale (LC_NUMERIC, "de_DE.UTF-8");
+
+ /* The format string has the following conversion specifier:
+ ' - Use thousands grouping.
+ + - The result of a signed conversion shall begin with a sign.
+ - - Left justified.
+ 13 - Minimum 13 bytes of width.
+ 9 - Minimum 9 digits of precision.
+
+ In bug 30068 the grouping characters were not accounted for in
+ the width, and were added after the fact resulting in a 15-byte
+ output instead of a 13-byte output. The two additional bytes
+ come from the locale-specific thousands separator. This increase
+ in size could result in a buffer overflow if a reasonable caller
+ calculated the size of the expected buffer using nl_langinfo to
+ determine the sie of THOUSEP in bytes.
+
+ This bug is distinct from bug 23432 which has to do with the
+ minimum precision calculation (digit based). */
+ sprintf (buf, "%+-'13.9d", 1234567);
+ TEST_COMPARE_STRING (buf, "+001.234.567 ");
+
+ return 0;
+}
+
+#include <support/test-driver.c>

17
glibc-RHEL-46761-4.patch Normal file
View File

@ -0,0 +1,17 @@
Adjust the test expectation for stdio-common/tst-grouping3 to match
the state of the RHEL 9 printf implementation, which does not add
zero padding when grouping integers.
diff --git a/stdio-common/tst-grouping3.c b/stdio-common/tst-grouping3.c
index e9e39218e25a2720..5a247cfe3fb8564f 100644
--- a/stdio-common/tst-grouping3.c
+++ b/stdio-common/tst-grouping3.c
@@ -46,7 +46,7 @@ do_test (void)
This bug is distinct from bug 23432 which has to do with the
minimum precision calculation (digit based). */
sprintf (buf, "%+-'13.9d", 1234567);
- TEST_COMPARE_STRING (buf, "+001.234.567 ");
+ TEST_COMPARE_STRING (buf, "+1.234.567 ");
return 0;
}

9
glibc.spec
View File

@ -157,7 +157,7 @@ end \
Summary: The GNU libc libraries
Name: glibc
Version: %{glibcversion}
Release: 157%{?dist}
Release: 158%{?dist}
# In general, GPLv2+ is used by programs, LGPLv2+ is used for
# libraries.
@ -1086,6 +1086,10 @@ Patch778: glibc-RHEL-65359-2.patch
Patch779: glibc-RHEL-65359-3.patch
Patch780: glibc-RHEL-65359-4.patch
Patch781: glibc-RHEL-75810.patch
Patch782: glibc-RHEL-46761-1.patch
Patch783: glibc-RHEL-46761-2.patch
Patch784: glibc-RHEL-46761-3.patch
Patch785: glibc-RHEL-46761-4.patch
##############################################################################
# Continued list of core "glibc" package information:
@ -3079,6 +3083,9 @@ update_gconv_modules_cache ()
%endif
%changelog
* Thu Jan 23 2025 Florian Weimer <fweimer@redhat.com> - 2.34-158
- Add tests extracted from upstream printf regression tests (RHEL-46761)
* Thu Jan 23 2025 Florian Weimer <fweimer@redhat.com> - 2.34-157
- Restore compatibility with environ/malloc usage pattern (RHEL-75810)