Fix use-after-free in dcigettext.c (#816647).
This commit is contained in:
Jeff Law
parent
e949173fe2
commit
fd26ca323d
25
glibc-rh816647.patch
Normal file
25
glibc-rh816647.patch
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
2012-06-21 Jeff Law <law@redhat.com>
|
||||||
|
|
||||||
|
* intl/dcigettext.c (_nl_find_msg): Do not dereference memory
|
||||||
|
that may have just been free'd.
|
||||||
|
|
||||||
|
diff --git a/intl/dcigettext.c b/intl/dcigettext.c
|
||||||
|
index f6b7573..9c673d4 100644
|
||||||
|
--- a/intl/dcigettext.c
|
||||||
|
+++ b/intl/dcigettext.c
|
||||||
|
@@ -1149,13 +1149,14 @@ _nl_find_msg (domain_file, domainbinding, msgid, convert, lengthp)
|
||||||
|
/* We must allocate a new buffer or resize the old one. */
|
||||||
|
if (malloc_count > 0)
|
||||||
|
{
|
||||||
|
+ struct transmem_list *next = transmem_list->next;
|
||||||
|
++malloc_count;
|
||||||
|
freemem_size = malloc_count * INITIAL_BLOCK_SIZE;
|
||||||
|
newmem = (transmem_block_t *) realloc (transmem_list,
|
||||||
|
freemem_size);
|
||||||
|
# ifdef _LIBC
|
||||||
|
if (newmem != NULL)
|
||||||
|
- transmem_list = transmem_list->next;
|
||||||
|
+ transmem_list = next;
|
||||||
|
else
|
||||||
|
{
|
||||||
|
struct transmem_list *old = transmem_list;
|
||||||
@ -28,7 +28,7 @@
|
|||||||
Summary: The GNU libc libraries
|
Summary: The GNU libc libraries
|
||||||
Name: glibc
|
Name: glibc
|
||||||
Version: %{glibcversion}
|
Version: %{glibcversion}
|
||||||
Release: 14%{?dist}
|
Release: 15%{?dist}
|
||||||
# GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
|
# GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
|
||||||
# Things that are linked directly into dynamically linked programs
|
# Things that are linked directly into dynamically linked programs
|
||||||
# and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional
|
# and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional
|
||||||
@ -174,6 +174,9 @@ Patch2034: %{name}-rh767693-2.patch
|
|||||||
# Upstream BZ 14247
|
# Upstream BZ 14247
|
||||||
Patch2036: %{name}-rh827510.patch
|
Patch2036: %{name}-rh827510.patch
|
||||||
|
|
||||||
|
# Upstream BZ 14277
|
||||||
|
Patch2037: %{name}-rh816647.patch
|
||||||
|
|
||||||
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
Obsoletes: glibc-profile < 2.4
|
Obsoletes: glibc-profile < 2.4
|
||||||
Obsoletes: nss_db
|
Obsoletes: nss_db
|
||||||
@ -432,6 +435,7 @@ rm -rf %{glibcportsdir}
|
|||||||
%patch2034 -p1
|
%patch2034 -p1
|
||||||
%patch0035 -p1
|
%patch0035 -p1
|
||||||
%patch2036 -p1
|
%patch2036 -p1
|
||||||
|
%patch2037 -p1
|
||||||
|
|
||||||
# On powerpc32, hp timing is only available in power4/power6
|
# On powerpc32, hp timing is only available in power4/power6
|
||||||
# libs, not in base, so pre-power4 dynamic linker is incompatible
|
# libs, not in base, so pre-power4 dynamic linker is incompatible
|
||||||
@ -1314,6 +1318,9 @@ rm -f *.filelist*
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jun 21 2012 Jeff Law <law@redhat.com> - 2.15.90-15
|
||||||
|
- Fix use-after-free in dcigettext.c (#816647).
|
||||||
|
|
||||||
* Fri Jun 15 2012 Jeff Law <law@redhat.com> - 2.15.90-14
|
* Fri Jun 15 2012 Jeff Law <law@redhat.com> - 2.15.90-14
|
||||||
- Resync with master.
|
- Resync with master.
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user