diff options
| author |   Khem Raj <raj.khem@gmail.com> | 2018-02-20 19:12:49 -0800 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-02-24 10:31:35 +0000 |
| commit | 774e372d95c9082766477ea6dbfcd10c48ac4658 (patch) | |
| tree | e5166b7746c5c463a58f818f47c8836e969e0631 /meta/recipes-core/glibc/glibc/CVE-2017-17426.patch | |
| parent | a289787a80099d5029daab84625453cd3e2471b1 (diff) | |
| download | openembedded-core-contrib-774e372d95c9082766477ea6dbfcd10c48ac4658.tar.gz | |
glibc: Update to tip of 2.26
This will make it easy to backport to rocko if needed after 2.27 is landed in master
plus it fixes the aarch64 build issue seen with binutils 2.30
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-core/glibc/glibc/CVE-2017-17426.patch')
| -rw-r--r-- | meta/recipes-core/glibc/glibc/CVE-2017-17426.patch | 53 |
1 files changed, 0 insertions, 53 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-17426.patch b/meta/recipes-core/glibc/glibc/CVE-2017-17426.patch deleted file mode 100644 index bfa58bc1d6..0000000000 --- a/meta/recipes-core/glibc/glibc/CVE-2017-17426.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 34697694e8a93b325b18f25f7dcded55d6baeaf6 Mon Sep 17 00:00:00 2001 -From: Arjun Shankar <arjun@redhat.com> -Date: Thu, 30 Nov 2017 13:31:45 +0100 -Subject: [PATCH] Fix integer overflow in malloc when tcache is enabled [BZ - #22375] - -When the per-thread cache is enabled, __libc_malloc uses request2size (which -does not perform an overflow check) to calculate the chunk size from the -requested allocation size. This leads to an integer overflow causing malloc -to incorrectly return the last successfully allocated block when called with -a very large size argument (close to SIZE_MAX). - -This commit uses checked_request2size instead, removing the overflow. - -Upstream-Status: Backport -CVE: CVE-2017-17426 -Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> -Rebase on new master -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - ChangeLog | 6 ++++++ - malloc/malloc.c | 3 ++- - 2 files changed, 8 insertions(+), 1 deletion(-) - -Index: git/malloc/malloc.c -=================================================================== ---- git.orig/malloc/malloc.c -+++ git/malloc/malloc.c -@@ -3064,7 +3064,8 @@ __libc_malloc (size_t bytes) - return (*hook)(bytes, RETURN_ADDRESS (0)); - #if USE_TCACHE - /* int_free also calls request2size, be careful to not pad twice. */ -- size_t tbytes = request2size (bytes); -+ size_t tbytes; -+ checked_request2size (bytes, tbytes); - size_t tc_idx = csize2tidx (tbytes); - - MAYBE_INIT_TCACHE (); -Index: git/ChangeLog -=================================================================== ---- git.orig/ChangeLog -+++ git/ChangeLog -@@ -1,3 +1,9 @@ -+2017-11-30 Arjun Shankar <arjun@redhat.com> -+ -+ [BZ #22375] -+ * malloc/malloc.c (__libc_malloc): Use checked_request2size -+ instead of request2size. -+ - 2017-12-30 Aurelien Jarno <aurelien@aurel32.net> - Dmitry V. Levin <ldv@altlinux.org> - |