From b8fef868f39b5e46ae4eb2440320b9e50461002e Mon Sep 17 00:00:00 2001 From: Jeff Law Date: Mar 07 2012 19:20:16 +0000 Subject: - Set errno properly in vfprintf (#794797) - Don't kill application when LD_PROFILE is set. (#800224) --- diff --git a/glibc-rh794797-2.patch b/glibc-rh794797-2.patch new file mode 100644 index 0000000..1c6eece --- /dev/null +++ b/glibc-rh794797-2.patch @@ -0,0 +1,119 @@ +--- vfprintf.c 2012-03-07 12:16:21.000000000 -0700 ++++ /home/law/UPSTREAM/glibc/stdio-common/vfprintf.c 2012-03-07 12:00:28.006630851 -0700 +@@ -1,4 +1,4 @@ +-/* Copyright (C) 1991-2008, 2009, 2010, 2011 Free Software Foundation, Inc. ++/* Copyright (C) 1991-2011, 2012 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or +@@ -12,9 +12,8 @@ + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public +- License along with the GNU C Library; if not, write to the Free +- Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +- 02111-1307 USA. */ ++ License along with the GNU C Library; if not, see ++ . */ + + #include + #include +@@ -823,7 +822,7 @@ vfprintf (FILE *s, const CHAR_T *format, + \ + if (function_done < 0) \ + { \ +- /* Error in print handler. */ \ ++ /* Error in print handler; up to handler to set errno. */ \ + done = -1; \ + goto all_done; \ + } \ +@@ -877,7 +876,7 @@ vfprintf (FILE *s, const CHAR_T *format, + \ + if (function_done < 0) \ + { \ +- /* Error in print handler. */ \ ++ /* Error in print handler; up to handler to set errno. */ \ + done = -1; \ + goto all_done; \ + } \ +@@ -1118,7 +1117,7 @@ vfprintf (FILE *s, const CHAR_T *format, + &mbstate); \ + if (len == (size_t) -1) \ + { \ +- /* Something went wron gduring the conversion. Bail out. */ \ ++ /* Something went wrong during the conversion. Bail out. */ \ + done = -1; \ + goto all_done; \ + } \ +@@ -1574,6 +1606,7 @@ vfprintf (FILE *s, const CHAR_T *format, + if (spec == L_('\0')) + { + /* The format string ended before the specifier is complete. */ ++ __set_errno (EINVAL); + done = -1; + goto all_done; + } +@@ -1671,29 +1704,34 @@ do_positional: + + /* Determine the number of arguments the format string consumes. */ + nargs = MAX (nargs, max_ref_arg); +- bytes_per_arg = sizeof (*args_value) + sizeof (*args_size) +- + sizeof (*args_type); ++ /* Calculate total size needed to represent a single argument across ++ all three argument-related arrays. */ ++ bytes_per_arg = (sizeof (*args_value) + sizeof (*args_size) ++ + sizeof (*args_type)); + + /* Check for potential integer overflow. */ +- if (nargs > SIZE_MAX / bytes_per_arg) ++ if (__builtin_expect (nargs > SIZE_MAX / bytes_per_arg, 0)) + { +- done = -1; +- goto all_done; ++ __set_errno (ERANGE); ++ done = -1; ++ goto all_done; + } + +- /* Allocate memory for the argument descriptions. */ ++ /* Allocate memory for all three argument arrays. */ + if (__libc_use_alloca (nargs * bytes_per_arg)) +- args_value = alloca (nargs * bytes_per_arg); ++ args_value = alloca (nargs * bytes_per_arg); + else + { +- args_value = args_malloced = malloc (nargs * bytes_per_arg); +- if (args_value == NULL) +- { +- done = -1; +- goto all_done; +- } ++ args_value = args_malloced = malloc (nargs * bytes_per_arg); ++ if (args_value == NULL) ++ { ++ done = -1; ++ goto all_done; ++ } + } + ++ /* Set up the remaining two arrays to each point past the end of the ++ prior array, since space for all three has been allocated now. */ + args_size = &args_value[nargs].pa_int; + args_type = &args_size[nargs]; + memset (args_type, s->_flags2 & _IO_FLAGS2_FORTIFY ? '\xff' : '\0', +@@ -1912,6 +1950,7 @@ do_positional: + about # of chars. */ + if (function_done < 0) + { ++ /* Function has set errno. */ + done = -1; + goto all_done; + } +@@ -1946,6 +1985,7 @@ do_positional: + of chars. */ + if (function_done < 0) + { ++ /* Function has set errno. */ + done = -1; + goto all_done; + } diff --git a/glibc-rh800224.patch b/glibc-rh800224.patch new file mode 100644 index 0000000..ce8234c --- /dev/null +++ b/glibc-rh800224.patch @@ -0,0 +1,78 @@ + +2012-03-07 Jeff Law + + * elf/dl-reloc.c (_dl_relocate_object): Move code to allocate + l_reloc_result prior to calling ELF_DYNAMIC_RELOCATE. + +diff -rup a/elf/dl-reloc.c b/elf/dl-reloc.c +--- a/elf/dl-reloc.c 2012-01-01 05:16:32.000000000 -0700 ++++ b/elf/dl-reloc.c 2012-03-06 15:41:56.486242640 -0700 +@@ -238,32 +238,9 @@ _dl_relocate_object (struct link_map *l, + /* String table object symbols. */ + const char *strtab = (const void *) D_PTR (l, l_info[DT_STRTAB]); + +- /* This macro is used as a callback from the ELF_DYNAMIC_RELOCATE code. */ +-#define RESOLVE_MAP(ref, version, r_type) \ +- (ELFW(ST_BIND) ((*ref)->st_info) != STB_LOCAL \ +- ? ((__builtin_expect ((*ref) == l->l_lookup_cache.sym, 0) \ +- && elf_machine_type_class (r_type) == l->l_lookup_cache.type_class) \ +- ? (bump_num_cache_relocations (), \ +- (*ref) = l->l_lookup_cache.ret, \ +- l->l_lookup_cache.value) \ +- : ({ lookup_t _lr; \ +- int _tc = elf_machine_type_class (r_type); \ +- l->l_lookup_cache.type_class = _tc; \ +- l->l_lookup_cache.sym = (*ref); \ +- const struct r_found_version *v = NULL; \ +- if ((version) != NULL && (version)->hash != 0) \ +- v = (version); \ +- _lr = _dl_lookup_symbol_x (strtab + (*ref)->st_name, l, (ref), \ +- scope, v, _tc, \ +- DL_LOOKUP_ADD_DEPENDENCY, NULL); \ +- l->l_lookup_cache.ret = (*ref); \ +- l->l_lookup_cache.value = _lr; })) \ +- : l) +- +-#include "dynamic-link.h" +- +- ELF_DYNAMIC_RELOCATE (l, lazy, consider_profiling, skip_ifunc); +- ++ /* ELF_DYNAMIC_RELOCATE may need to examine l_reloc_result ++ when handling MACHINE_IRELATIVE relocs. So we must ++ allocate l_reloc_result prior to calling ELF_DYNAMIC_RELOCATE. */ + #ifndef PROF + if (__builtin_expect (consider_profiling, 0)) + { +@@ -290,6 +267,32 @@ _dl_relocate_object (struct link_map *l, + } + } + #endif ++ ++ /* This macro is used as a callback from the ELF_DYNAMIC_RELOCATE code. */ ++#define RESOLVE_MAP(ref, version, r_type) \ ++ (ELFW(ST_BIND) ((*ref)->st_info) != STB_LOCAL \ ++ ? ((__builtin_expect ((*ref) == l->l_lookup_cache.sym, 0) \ ++ && elf_machine_type_class (r_type) == l->l_lookup_cache.type_class) \ ++ ? (bump_num_cache_relocations (), \ ++ (*ref) = l->l_lookup_cache.ret, \ ++ l->l_lookup_cache.value) \ ++ : ({ lookup_t _lr; \ ++ int _tc = elf_machine_type_class (r_type); \ ++ l->l_lookup_cache.type_class = _tc; \ ++ l->l_lookup_cache.sym = (*ref); \ ++ const struct r_found_version *v = NULL; \ ++ if ((version) != NULL && (version)->hash != 0) \ ++ v = (version); \ ++ _lr = _dl_lookup_symbol_x (strtab + (*ref)->st_name, l, (ref), \ ++ scope, v, _tc, \ ++ DL_LOOKUP_ADD_DEPENDENCY, NULL); \ ++ l->l_lookup_cache.ret = (*ref); \ ++ l->l_lookup_cache.value = _lr; })) \ ++ : l) ++ ++#include "dynamic-link.h" ++ ++ ELF_DYNAMIC_RELOCATE (l, lazy, consider_profiling, skip_ifunc); + } + + /* Mark the object so we know this work has been done. */ diff --git a/glibc.spec b/glibc.spec index 5399069..a2e473b 100644 --- a/glibc.spec +++ b/glibc.spec @@ -28,7 +28,7 @@ Summary: The GNU libc libraries Name: glibc Version: %{glibcversion} -Release: 25%{?dist} +Release: 26%{?dist} # GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries. # Things that are linked directly into dynamically linked programs # and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional @@ -98,18 +98,22 @@ Patch31 : %{name}-rh697149.patch Patch32 : %{name}-rh739743.patch # Discussion started upstream, patch needs to be submitted Patch33 : %{name}-rh789238.patch -# Patch posted upstream, discussion ongoing, Paul E. seems to think it's OK +# From upstream Patch34 : %{name}-rh794797.patch # Posted upstream Patch35 : %{name}-rh788989.patch # Posted upstream Patch36 : %{name}-rh795498.patch -# Posted upstream (bz 13705) +# From upstream Patch37 : %{name}-rh760935.patch -# Approved upstream, waiting for privs to commit +# From upstream Patch38 : %{name}-rh798471.patch - - +# From upstream +Patch39 : %{name}-rh758888.patch +# Submitted upstream BZ 13818 +Patch40 : %{name}-rh800224.patch +# From upstream +Patch41 : %{name}-rh794797-2.patch Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Obsoletes: glibc-profile < 2.4 @@ -366,6 +370,9 @@ rm -rf %{glibcportsdir} %patch36 -p1 %patch37 -p1 %patch38 -p1 +%patch39 -p1 +%patch40 -p1 +%patch41 -p1 # A lot of programs still misuse memcpy when they have to use # memmove. The memcpy implementation below is not tolerant at @@ -1218,6 +1225,10 @@ rm -f *.filelist* %endif %changelog +* Wed Feb 29 2012 Jeff Law - 2.15-26 + - Set errno properly in vfprintf (#794797) + - Don't kill application when LD_PROFILE is set. (#800224) + * Wed Feb 29 2012 Jeff Law - 2.15-25 - Fix out of bounds memory access in resolver (#798471) - Always mark vDSO as used (#758888) @@ -1226,7 +1237,7 @@ rm -f *.filelist* - Fix bogus underflow (#760935) - Correctly handle dns request where large numbers of A and AAA records are returned (#795498) - - Fix nscd crash when group has many members (#788959) + - Fix nscd crash when group has many members (#788989) * Mon Feb 20 2012 Jeff Law - 2.15-23 - Avoid "nargs" integer overflow which could be used to bypass FORTIFY_SOURCE (#794797)