Fix cycle detection & overflows (729661)

This commit is contained in:
Jeff Law 2012-01-23 14:41:49 -07:00
parent d9d4748f79
commit 4dc232f59d
2 changed files with 62 additions and 1 deletions

56
glibc-rh729661.patch Normal file
View File

@ -0,0 +1,56 @@
diff -rup a/elf/dl-deps.c b/elf/dl-deps.c
--- a/elf/dl-deps.c 2012-01-23 14:28:15.888185967 -0700
+++ b/elf/dl-deps.c 2012-01-23 14:29:11.620197431 -0700
@@ -634,7 +634,7 @@ Filters not supported with LD_TRACE_PREL
/* We can skip looking for the binary itself which is at the front
of the search list. */
i = 1;
- char seen[nlist];
+ unsigned short seen[nlist];
memset (seen, 0, nlist * sizeof (seen[0]));
while (1)
{
@@ -660,13 +660,13 @@ Filters not supported with LD_TRACE_PREL
(k - i) * sizeof (l_initfini[0]));
l_initfini[k] = thisp;
- if (seen[i + 1] > 1)
+ if (seen[i + 1] > nlist - i)
{
++i;
goto next_clear;
}
- char this_seen = seen[i];
+ unsigned short this_seen = seen[i];
memmove (&seen[i], &seen[i + 1],
(k - i) * sizeof (seen[0]));
seen[k] = this_seen;
diff -rup a/elf/dl-fini.c b/elf/dl-fini.c
--- a/elf/dl-fini.c 2012-01-01 05:16:32.000000000 -0700
+++ b/elf/dl-fini.c 2012-01-23 14:29:39.661203226 -0700
@@ -39,7 +39,7 @@ _dl_sort_fini (struct link_map **maps, s
/* We can skip looking for the binary itself which is at the front
of the search list for the main namespace. */
unsigned int i = ns == LM_ID_BASE;
- char seen[nmaps];
+ unsigned short seen[nmaps];
memset (seen, 0, nmaps * sizeof (seen[0]));
while (1)
{
@@ -79,13 +79,13 @@ _dl_sort_fini (struct link_map **maps, s
used[k] = here_used;
}
- if (seen[i + 1] > 1)
+ if (seen[i + 1] > nmaps - i)
{
++i;
goto next_clear;
}
- char this_seen = seen[i];
+ unsigned short this_seen = seen[i];
memmove (&seen[i], &seen[i + 1], (k - i) * sizeof (seen[0]));
seen[k] = this_seen;

View File

@ -28,7 +28,7 @@
Summary: The GNU libc libraries
Name: glibc
Version: %{glibcversion}
Release: 2%{?dist}
Release: 3%{?dist}
# GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
# Things that are linked directly into dynamically linked programs
# and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional
@ -53,6 +53,7 @@ Patch4: %{name}-rh730856.patch
# Reverting an upstream patch. I don't think this has been discussed upstream yet.
# Caused a variety of problems for Fedora & Debian
Patch5: %{name}-rh769421.patch
Patch6: %{name}-rh729661.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Obsoletes: glibc-profile < 2.4
@ -276,6 +277,7 @@ rm -rf %{glibcportsdir}
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
# A lot of programs still misuse memcpy when they have to use
# memmove. The memcpy implementation below is not tolerant at
@ -1128,6 +1130,9 @@ rm -f *.filelist*
%endif
%changelog
* Mon Jan 23 2012 Jeff Law <law@redhat.com> - 2.15-3
- Fix cycle detection (#729661)
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.15-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild