rpms/glibc
7
0
Fork 1
Code Issues Pull Requests Releases Activity

- Resync with upstream sources (#834447).

Browse Source 
- Fix use-after-free in dcigettext.c (#816647).
This commit is contained in:
Jeff Law 2012-06-21 17:28:16 -06:00
parent fd26ca323d
commit 5176c4e7b5
6 changed files with 9 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -26,3 +26,6 @@ glibc-2.14-394-g8f3b1ff
/glibc-2.15.90-6043738b.tar.gz
/glibc-2.15.90-f8308a72-fedora.tar.gz
/glibc-2.15.90-f8308a72.tar.gz
/glibc-2.15.90-116a106a-fedora.tar.gz
/glibc-2.15.90-116a106a.tar.gz
/glibc-ports-2.15.90-a20c2b3c.tar.gz

56
glibc-rh729661.patch
View File

@ -1,56 +0,0 @@
diff -rup a/elf/dl-deps.c b/elf/dl-deps.c
--- a/elf/dl-deps.c 2012-01-23 14:28:15.888185967 -0700
+++ b/elf/dl-deps.c 2012-01-23 14:29:11.620197431 -0700
@@ -634,7 +634,7 @@ Filters not supported with LD_TRACE_PREL
/* We can skip looking for the binary itself which is at the front
of the search list. */
i = 1;
- char seen[nlist];
+ uint16_t seen[nlist];
memset (seen, 0, nlist * sizeof (seen[0]));
while (1)
{
@@ -660,13 +660,13 @@ Filters not supported with LD_TRACE_PREL
(k - i) * sizeof (l_initfini[0]));
l_initfini[k] = thisp;
- if (seen[i + 1] > 1)
+ if (seen[i + 1] > nlist - i)
{
++i;
goto next_clear;
}
- char this_seen = seen[i];
+ uint16_t this_seen = seen[i];
memmove (&seen[i], &seen[i + 1],
(k - i) * sizeof (seen[0]));
seen[k] = this_seen;
diff -rup a/elf/dl-fini.c b/elf/dl-fini.c
--- a/elf/dl-fini.c 2012-01-01 05:16:32.000000000 -0700
+++ b/elf/dl-fini.c 2012-01-23 14:29:39.661203226 -0700
@@ -39,7 +39,7 @@ _dl_sort_fini (struct link_map **maps, s
/* We can skip looking for the binary itself which is at the front
of the search list for the main namespace. */
unsigned int i = ns == LM_ID_BASE;
- char seen[nmaps];
+ uint16_t seen[nmaps];
memset (seen, 0, nmaps * sizeof (seen[0]));
while (1)
{
@@ -79,13 +79,13 @@ _dl_sort_fini (struct link_map **maps, s
used[k] = here_used;
}
- if (seen[i + 1] > 1)
+ if (seen[i + 1] > nmaps - i)
{
++i;
goto next_clear;
}
- char this_seen = seen[i];
+ uint16_t this_seen = seen[i];
memmove (&seen[i], &seen[i + 1], (k - i) * sizeof (seen[0]));
seen[k] = this_seen;

25
glibc-rh816647.patch
View File

@ -1,25 +0,0 @@
2012-06-21 Jeff Law <law@redhat.com>
* intl/dcigettext.c (_nl_find_msg): Do not dereference memory
that may have just been free'd.
diff --git a/intl/dcigettext.c b/intl/dcigettext.c
index f6b7573..9c673d4 100644
--- a/intl/dcigettext.c
+++ b/intl/dcigettext.c
@@ -1149,13 +1149,14 @@ _nl_find_msg (domain_file, domainbinding, msgid, convert, lengthp)
/* We must allocate a new buffer or resize the old one. */
if (malloc_count > 0)
{
+ struct transmem_list *next = transmem_list->next;
++malloc_count;
freemem_size = malloc_count * INITIAL_BLOCK_SIZE;
newmem = (transmem_block_t *) realloc (transmem_list,
freemem_size);
# ifdef _LIBC
if (newmem != NULL)
- transmem_list = transmem_list->next;
+ transmem_list = next;
else
{
struct transmem_list *old = transmem_list;

28
glibc-sw13618-2.patch
View File

@ -1,28 +0,0 @@
diff -Nrup a/elf/dl-open.c b/elf/dl-open.c
--- a/elf/dl-open.c 2012-01-29 21:57:36.251660367 -0700
+++ b/elf/dl-open.c 2012-01-29 21:58:55.762694069 -0700
@@ -328,7 +328,7 @@ dl_open_worker (void *a)
while (l != NULL);
if (nmaps > 1)
{
- char seen[nmaps];
+ uint16_t seen[nmaps];
memset (seen, '\0', nmaps);
size_t i = 0;
while (1)
@@ -354,13 +354,13 @@ dl_open_worker (void *a)
(k - i) * sizeof (maps[0]));
maps[k] = thisp;
- if (seen[i + 1] > 1)
+ if (seen[i + 1] > nmaps - i)
{
++i;
goto next_clear;
}
- char this_seen = seen[i];
+ uint16_t this_seen = seen[i];
memmove (&seen[i], &seen[i + 1],
(k - i) * sizeof (seen[0]));
seen[k] = this_seen;

16
glibc.spec
View File

@ -1,6 +1,6 @@
%define glibcsrcdir glibc-2.15.90-f8308a72
%define glibcsrcdir glibc-2.15.90-116a106a
%define glibcversion 2.15.90
%define glibcportsdir glibc-ports-2.15.90-36d173fb
%define glibcportsdir glibc-ports-2.15.90-a20c2b3c
### glibc.spec.in follows:
%define run_glibc_tests 1
%define auxarches athlon alphaev6
@ -121,11 +121,6 @@ Patch2003: %{name}-rh757881.patch
# Upstream BZ 13013
Patch2004: %{name}-rh730856.patch
Patch2006: %{name}-rh729661.patch
# Upstream BZ 13618
Patch2010: %{name}-sw13618-2.patch
Patch2013: %{name}-rh741105.patch
Patch2014: %{name}-rh770869.patch
Patch2015: %{name}-rh691912.patch
@ -174,9 +169,6 @@ Patch2034: %{name}-rh767693-2.patch
# Upstream BZ 14247
Patch2036: %{name}-rh827510.patch
# Upstream BZ 14277
Patch2037: %{name}-rh816647.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Obsoletes: glibc-profile < 2.4
Obsoletes: nss_db
@ -404,11 +396,9 @@ rm -rf %{glibcportsdir}
%patch2003 -p1
%patch2004 -p1
%patch0005 -p1
%patch2006 -p1
%patch0007 -p1
%patch0008 -p1
%patch0009 -p1
%patch2010 -p1
%patch0011 -p1
%patch0012 -p1
%patch2013 -p1
@ -435,7 +425,6 @@ rm -rf %{glibcportsdir}
%patch2034 -p1
%patch0035 -p1
%patch2036 -p1
%patch2037 -p1
# On powerpc32, hp timing is only available in power4/power6
# libs, not in base, so pre-power4 dynamic linker is incompatible
@ -1319,6 +1308,7 @@ rm -f *.filelist*
%changelog
* Thu Jun 21 2012 Jeff Law <law@redhat.com> - 2.15.90-15
- Resync with upstream sources (#834447).
- Fix use-after-free in dcigettext.c (#816647).
* Fri Jun 15 2012 Jeff Law <law@redhat.com> - 2.15.90-14

6
sources
View File

@ -1,3 +1,3 @@
1a684f60874718dbfb3dd5556fd9bc77 glibc-2.15.90-f8308a72-fedora.tar.gz
9d03c29eacc9a7b842825bc220b4ec36 glibc-2.15.90-f8308a72.tar.gz
8502eb8b2c3abccaabaa45ce45808d48 glibc-ports-2.15.90-36d173fb.tar.gz
281f4fd07d6f28c3463ceb3178bff664 glibc-2.15.90-116a106a-fedora.tar.gz
4057fc6c44b80ac29a709d839ddb9b89 glibc-2.15.90-116a106a.tar.gz
f29d9ebfdc591ebfbfbb14e24855b9c0 glibc-ports-2.15.90-a20c2b3c.tar.gz