From e8a5332d467434ee65e0f29927abb9c51b025aff Mon Sep 17 00:00:00 2001 From: Robert Yang Date: Tue, 5 Apr 2016 23:58:44 -0700 Subject: glibc: remove unused CVE patches They were CEVs and should be already in the source after upgraded. Signed-off-by: Robert Yang Signed-off-by: Richard Purdie --- meta/recipes-core/glibc/glibc/CVE-2015-8776.patch | 155 --- meta/recipes-core/glibc/glibc/CVE-2015-8777.patch | 123 --- meta/recipes-core/glibc/glibc/CVE-2015-8779.patch | 262 ----- .../recipes-core/glibc/glibc/CVE-2015-9761_1.patch | 1039 -------------------- .../recipes-core/glibc/glibc/CVE-2015-9761_2.patch | 385 -------- 5 files changed, 1964 deletions(-) delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-8776.patch delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-8777.patch delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-8779.patch delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-8776.patch b/meta/recipes-core/glibc/glibc/CVE-2015-8776.patch deleted file mode 100644 index 684f344177..0000000000 --- a/meta/recipes-core/glibc/glibc/CVE-2015-8776.patch +++ /dev/null @@ -1,155 +0,0 @@ -From d36c75fc0d44deec29635dd239b0fbd206ca49b7 Mon Sep 17 00:00:00 2001 -From: Paul Pluzhnikov -Date: Sat, 26 Sep 2015 13:27:48 -0700 -Subject: [PATCH] Fix BZ #18985 -- out of range data to strftime() causes a - segfault - -Upstream-Status: Backport -CVE: CVE-2015-8776 -[Yocto # 8980] - -https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d36c75fc0d44deec29635dd239b0fbd206ca49b7 - -Signed-off-by: Armin Kuster - ---- - ChangeLog | 8 ++++++++ - NEWS | 2 +- - time/strftime_l.c | 20 +++++++++++++------- - time/tst-strftime.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++- - 4 files changed, 73 insertions(+), 9 deletions(-) - -Index: git/ChangeLog -=================================================================== ---- git.orig/ChangeLog -+++ git/ChangeLog -@@ -1,3 +1,11 @@ -+2015-09-26 Paul Pluzhnikov -+ -+ [BZ #18985] -+ * time/strftime_l.c (a_wkday, f_wkday, a_month, f_month): Range check. -+ (__strftime_internal): Likewise. -+ * time/tst-strftime.c (do_bz18985): New test. -+ (do_test): Call it. -+ - 2015-12-04 Joseph Myers - - [BZ #16961] -Index: git/time/strftime_l.c -=================================================================== ---- git.orig/time/strftime_l.c -+++ git/time/strftime_l.c -@@ -514,13 +514,17 @@ __strftime_internal (s, maxsize, format, - only a few elements. Dereference the pointers only if the format - requires this. Then it is ok to fail if the pointers are invalid. */ - # define a_wkday \ -- ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(ABDAY_1) + tp->tm_wday)) -+ ((const CHAR_T *) (tp->tm_wday < 0 || tp->tm_wday > 6 \ -+ ? "?" : _NL_CURRENT (LC_TIME, NLW(ABDAY_1) + tp->tm_wday))) - # define f_wkday \ -- ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(DAY_1) + tp->tm_wday)) -+ ((const CHAR_T *) (tp->tm_wday < 0 || tp->tm_wday > 6 \ -+ ? "?" : _NL_CURRENT (LC_TIME, NLW(DAY_1) + tp->tm_wday))) - # define a_month \ -- ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(ABMON_1) + tp->tm_mon)) -+ ((const CHAR_T *) (tp->tm_mon < 0 || tp->tm_mon > 11 \ -+ ? "?" : _NL_CURRENT (LC_TIME, NLW(ABMON_1) + tp->tm_mon))) - # define f_month \ -- ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(MON_1) + tp->tm_mon)) -+ ((const CHAR_T *) (tp->tm_mon < 0 || tp->tm_mon > 11 \ -+ ? "?" : _NL_CURRENT (LC_TIME, NLW(MON_1) + tp->tm_mon))) - # define ampm \ - ((const CHAR_T *) _NL_CURRENT (LC_TIME, tp->tm_hour > 11 \ - ? NLW(PM_STR) : NLW(AM_STR))) -@@ -530,8 +534,10 @@ __strftime_internal (s, maxsize, format, - # define ap_len STRLEN (ampm) - #else - # if !HAVE_STRFTIME --# define f_wkday (weekday_name[tp->tm_wday]) --# define f_month (month_name[tp->tm_mon]) -+# define f_wkday (tp->tm_wday < 0 || tp->tm_wday > 6 \ -+ ? "?" : weekday_name[tp->tm_wday]) -+# define f_month (tp->tm_mon < 0 || tp->tm_mon > 11 \ -+ ? "?" : month_name[tp->tm_mon]) - # define a_wkday f_wkday - # define a_month f_month - # define ampm (L_("AMPM") + 2 * (tp->tm_hour > 11)) -@@ -1325,7 +1331,7 @@ __strftime_internal (s, maxsize, format, - *tzset_called = true; - } - # endif -- zone = tzname[tp->tm_isdst]; -+ zone = tp->tm_isdst <= 1 ? tzname[tp->tm_isdst] : "?"; - } - #endif - if (! zone) -Index: git/time/tst-strftime.c -=================================================================== ---- git.orig/time/tst-strftime.c -+++ git/time/tst-strftime.c -@@ -4,6 +4,56 @@ - #include - - -+static int -+do_bz18985 (void) -+{ -+ char buf[1000]; -+ struct tm ttm; -+ int rc, ret = 0; -+ -+ memset (&ttm, 1, sizeof (ttm)); -+ ttm.tm_zone = NULL; /* Dereferenced directly if non-NULL. */ -+ rc = strftime (buf, sizeof (buf), "%a %A %b %B %c %z %Z", &ttm); -+ -+ if (rc == 66) -+ { -+ const char expected[] -+ = "? ? ? ? ? ? 16843009 16843009:16843009:16843009 16844909 +467836 ?"; -+ if (0 != strcmp (buf, expected)) -+ { -+ printf ("expected:\n %s\ngot:\n %s\n", expected, buf); -+ ret += 1; -+ } -+ } -+ else -+ { -+ printf ("expected 66, got %d\n", rc); -+ ret += 1; -+ } -+ -+ /* Check negative values as well. */ -+ memset (&ttm, 0xFF, sizeof (ttm)); -+ ttm.tm_zone = NULL; /* Dereferenced directly if non-NULL. */ -+ rc = strftime (buf, sizeof (buf), "%a %A %b %B %c %z %Z", &ttm); -+ -+ if (rc == 30) -+ { -+ const char expected[] = "? ? ? ? ? ? -1 -1:-1:-1 1899 "; -+ if (0 != strcmp (buf, expected)) -+ { -+ printf ("expected:\n %s\ngot:\n %s\n", expected, buf); -+ ret += 1; -+ } -+ } -+ else -+ { -+ printf ("expected 30, got %d\n", rc); -+ ret += 1; -+ } -+ -+ return ret; -+} -+ - static struct - { - const char *fmt; -@@ -104,7 +154,7 @@ do_test (void) - } - } - -- return result; -+ return result + do_bz18985 (); - } - - #define TEST_FUNCTION do_test () diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-8777.patch b/meta/recipes-core/glibc/glibc/CVE-2015-8777.patch deleted file mode 100644 index eeab72d650..0000000000 --- a/meta/recipes-core/glibc/glibc/CVE-2015-8777.patch +++ /dev/null @@ -1,123 +0,0 @@ -From a014cecd82b71b70a6a843e250e06b541ad524f7 Mon Sep 17 00:00:00 2001 -From: Florian Weimer -Date: Thu, 15 Oct 2015 09:23:07 +0200 -Subject: [PATCH] Always enable pointer guard [BZ #18928] - -Honoring the LD_POINTER_GUARD environment variable in AT_SECURE mode -has security implications. This commit enables pointer guard -unconditionally, and the environment variable is now ignored. - - [BZ #18928] - * sysdeps/generic/ldsodefs.h (struct rtld_global_ro): Remove - _dl_pointer_guard member. - * elf/rtld.c (_rtld_global_ro): Remove _dl_pointer_guard - initializer. - (security_init): Always set up pointer guard. - (process_envvars): Do not process LD_POINTER_GUARD. - -Upstream-Status: Backport -CVE: CVE-2015-8777 -[Yocto # 8980] - -https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=a014cecd82b71b70a6a843e250e06b541ad524f7 - -Signed-off-by: Armin Kuster - ---- - ChangeLog | 10 ++++++++++ - NEWS | 13 ++++++++----- - elf/rtld.c | 15 ++++----------- - sysdeps/generic/ldsodefs.h | 3 --- - 4 files changed, 22 insertions(+), 19 deletions(-) - -Index: git/ChangeLog -=================================================================== ---- git.orig/ChangeLog -+++ git/ChangeLog -@@ -1,3 +1,14 @@ -+2015-10-15 Florian Weimer -+ -+ [BZ #18928] -+ * sysdeps/generic/ldsodefs.h (struct rtld_global_ro): Remove -+ _dl_pointer_guard member. -+ * elf/rtld.c (_rtld_global_ro): Remove _dl_pointer_guard -+ initializer. -+ (security_init): Always set up pointer guard. -+ (process_envvars): Do not process LD_POINTER_GUARD. -+ -+ - 2015-08-10 Maxim Ostapenko - - [BZ #18778] -Index: git/NEWS -=================================================================== ---- git.orig/NEWS -+++ git/NEWS -@@ -34,7 +34,10 @@ Version 2.22 - 18533, 18534, 18536, 18539, 18540, 18542, 18544, 18545, 18546, 18547, - 18549, 18553, 18557, 18558, 18569, 18583, 18585, 18586, 18592, 18593, - 18594, 18602, 18612, 18613, 18619, 18633, 18635, 18641, 18643, 18648, -- 18657, 18676, 18694, 18696. -+ 18657, 18676, 18694, 18696, 18928. -+ -+* The LD_POINTER_GUARD environment variable can no longer be used to -+ disable the pointer guard feature. It is always enabled. - - * Cache information can be queried via sysconf() function on s390 e.g. with - _SC_LEVEL1_ICACHE_SIZE as argument. -Index: git/elf/rtld.c -=================================================================== ---- git.orig/elf/rtld.c -+++ git/elf/rtld.c -@@ -163,7 +163,6 @@ struct rtld_global_ro _rtld_global_ro at - ._dl_hwcap_mask = HWCAP_IMPORTANT, - ._dl_lazy = 1, - ._dl_fpu_control = _FPU_DEFAULT, -- ._dl_pointer_guard = 1, - ._dl_pagesize = EXEC_PAGESIZE, - ._dl_inhibit_cache = 0, - -@@ -710,15 +709,12 @@ security_init (void) - #endif - - /* Set up the pointer guard as well, if necessary. */ -- if (GLRO(dl_pointer_guard)) -- { -- uintptr_t pointer_chk_guard = _dl_setup_pointer_guard (_dl_random, -- stack_chk_guard); -+ uintptr_t pointer_chk_guard -+ = _dl_setup_pointer_guard (_dl_random, stack_chk_guard); - #ifdef THREAD_SET_POINTER_GUARD -- THREAD_SET_POINTER_GUARD (pointer_chk_guard); -+ THREAD_SET_POINTER_GUARD (pointer_chk_guard); - #endif -- __pointer_chk_guard_local = pointer_chk_guard; -- } -+ __pointer_chk_guard_local = pointer_chk_guard; - - /* We do not need the _dl_random value anymore. The less - information we leave behind, the better, so clear the -@@ -2478,9 +2474,6 @@ process_envvars (enum mode *modep) - GLRO(dl_use_load_bias) = envline[14] == '1' ? -1 : 0; - break; - } -- -- if (memcmp (envline, "POINTER_GUARD", 13) == 0) -- GLRO(dl_pointer_guard) = envline[14] != '0'; - break; - - case 14: -Index: git/sysdeps/generic/ldsodefs.h -=================================================================== ---- git.orig/sysdeps/generic/ldsodefs.h -+++ git/sysdeps/generic/ldsodefs.h -@@ -600,9 +600,6 @@ struct rtld_global_ro - /* List of auditing interfaces. */ - struct audit_ifaces *_dl_audit; - unsigned int _dl_naudit; -- -- /* 0 if internal pointer values should not be guarded, 1 if they should. */ -- EXTERN int _dl_pointer_guard; - }; - # define __rtld_global_attribute__ - # if IS_IN (rtld) diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-8779.patch b/meta/recipes-core/glibc/glibc/CVE-2015-8779.patch deleted file mode 100644 index 4dc93c769d..0000000000 --- a/meta/recipes-core/glibc/glibc/CVE-2015-8779.patch +++ /dev/null @@ -1,262 +0,0 @@ -From 0f58539030e436449f79189b6edab17d7479796e Mon Sep 17 00:00:00 2001 -From: Paul Pluzhnikov -Date: Sat, 8 Aug 2015 15:53:03 -0700 -Subject: [PATCH] Fix BZ #17905 - -Upstream-Status: Backport -CVE: CVE-2015-8779 -[Yocto # 8980] - -https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f58539030e436449f79189b6edab17d7479796e - -Signed-off-by: Armin Kuster - ---- - ChangeLog | 8 ++++++++ - NEWS | 2 +- - catgets/Makefile | 9 ++++++++- - catgets/catgets.c | 19 ++++++++++++------- - catgets/open_catalog.c | 23 ++++++++++++++--------- - catgets/tst-catgets.c | 31 +++++++++++++++++++++++++++++++ - 6 files changed, 74 insertions(+), 18 deletions(-) - -Index: git/catgets/Makefile -=================================================================== ---- git.orig/catgets/Makefile -+++ git/catgets/Makefile -@@ -37,6 +37,7 @@ ifeq (y,$(OPTION_EGLIBC_CATGETS)) - ifeq ($(run-built-tests),yes) - tests-special += $(objpfx)de/libc.cat $(objpfx)test1.cat $(objpfx)test2.cat \ - $(objpfx)sample.SJIS.cat $(objpfx)test-gencat.out -+tests-special += $(objpfx)tst-catgets-mem.out - endif - endif - gencat-modules = xmalloc -@@ -53,9 +54,11 @@ catgets-CPPFLAGS := -DNLSPATH='"$(msgcat - - generated += de.msg test1.cat test1.h test2.cat test2.h sample.SJIS.cat \ - test-gencat.h -+generated += tst-catgets.mtrace tst-catgets-mem.out -+ - generated-dirs += de - --tst-catgets-ENV = NLSPATH="$(objpfx)%l/%N.cat" LANG=de -+tst-catgets-ENV = NLSPATH="$(objpfx)%l/%N.cat" LANG=de MALLOC_TRACE=$(objpfx)tst-catgets.mtrace - - ifeq ($(run-built-tests),yes) - # This test just checks whether the program produces any error or not. -@@ -89,4 +92,8 @@ $(objpfx)test-gencat.out: test-gencat.sh - $(objpfx)sample.SJIS.cat: sample.SJIS $(objpfx)gencat - $(built-program-cmd) -H $(objpfx)test-gencat.h < $(word 1,$^) > $@; \ - $(evaluate-test) -+ -+$(objpfx)tst-catgets-mem.out: $(objpfx)tst-catgets.out -+ $(common-objpfx)malloc/mtrace $(objpfx)tst-catgets.mtrace > $@; \ -+ $(evaluate-test) - endif -Index: git/catgets/catgets.c -=================================================================== ---- git.orig/catgets/catgets.c -+++ git/catgets/catgets.c -@@ -16,7 +16,6 @@ - License along with the GNU C Library; if not, see - . */ - --#include - #include - #include - #include -@@ -35,6 +34,7 @@ catopen (const char *cat_name, int flag) - __nl_catd result; - const char *env_var = NULL; - const char *nlspath = NULL; -+ char *tmp = NULL; - - if (strchr (cat_name, '/') == NULL) - { -@@ -54,7 +54,10 @@ catopen (const char *cat_name, int flag) - { - /* Append the system dependent directory. */ - size_t len = strlen (nlspath) + 1 + sizeof NLSPATH; -- char *tmp = alloca (len); -+ tmp = malloc (len); -+ -+ if (__glibc_unlikely (tmp == NULL)) -+ return (nl_catd) -1; - - __stpcpy (__stpcpy (__stpcpy (tmp, nlspath), ":"), NLSPATH); - nlspath = tmp; -@@ -65,16 +68,18 @@ catopen (const char *cat_name, int flag) - - result = (__nl_catd) malloc (sizeof (*result)); - if (result == NULL) -- /* We cannot get enough memory. */ -- return (nl_catd) -1; -- -- if (__open_catalog (cat_name, nlspath, env_var, result) != 0) -+ { -+ /* We cannot get enough memory. */ -+ result = (nl_catd) -1; -+ } -+ else if (__open_catalog (cat_name, nlspath, env_var, result) != 0) - { - /* Couldn't open the file. */ - free ((void *) result); -- return (nl_catd) -1; -+ result = (nl_catd) -1; - } - -+ free (tmp); - return (nl_catd) result; - } - -Index: git/catgets/open_catalog.c -=================================================================== ---- git.orig/catgets/open_catalog.c -+++ git/catgets/open_catalog.c -@@ -47,6 +47,7 @@ __open_catalog (const char *cat_name, co - size_t tab_size; - const char *lastp; - int result = -1; -+ char *buf = NULL; - - if (strchr (cat_name, '/') != NULL || nlspath == NULL) - fd = open_not_cancel_2 (cat_name, O_RDONLY); -@@ -57,23 +58,23 @@ __open_catalog (const char *cat_name, co - if (__glibc_unlikely (bufact + (n) >= bufmax)) \ - { \ - char *old_buf = buf; \ -- bufmax += 256 + (n); \ -- buf = (char *) alloca (bufmax); \ -- memcpy (buf, old_buf, bufact); \ -+ bufmax += (bufmax < 256 + (n)) ? 256 + (n) : bufmax; \ -+ buf = realloc (buf, bufmax); \ -+ if (__glibc_unlikely (buf == NULL)) \ -+ { \ -+ free (old_buf); \ -+ return -1; \ -+ } \ - } - - /* The RUN_NLSPATH variable contains a colon separated list of - descriptions where we expect to find catalogs. We have to - recognize certain % substitutions and stop when we found the - first existing file. */ -- char *buf; - size_t bufact; -- size_t bufmax; -+ size_t bufmax = 0; - size_t len; - -- buf = NULL; -- bufmax = 0; -- - fd = -1; - while (*run_nlspath != '\0') - { -@@ -188,7 +189,10 @@ __open_catalog (const char *cat_name, co - - /* Avoid dealing with directories and block devices */ - if (__builtin_expect (fd, 0) < 0) -- return -1; -+ { -+ free (buf); -+ return -1; -+ } - - if (__builtin_expect (__fxstat64 (_STAT_VER, fd, &st), 0) < 0) - goto close_unlock_return; -@@ -325,6 +329,7 @@ __open_catalog (const char *cat_name, co - /* Release the lock again. */ - close_unlock_return: - close_not_cancel_no_status (fd); -+ free (buf); - - return result; - } -Index: git/catgets/tst-catgets.c -=================================================================== ---- git.orig/catgets/tst-catgets.c -+++ git/catgets/tst-catgets.c -@@ -1,7 +1,10 @@ -+#include - #include - #include - #include -+#include - #include -+#include - - - static const char *msgs[] = -@@ -12,6 +15,33 @@ static const char *msgs[] = - }; - #define nmsgs (sizeof (msgs) / sizeof (msgs[0])) - -+ -+/* Test for unbounded alloca. */ -+static int -+do_bz17905 (void) -+{ -+ char *buf; -+ struct rlimit rl; -+ nl_catd result; -+ -+ const int sz = 1024 * 1024; -+ -+ getrlimit (RLIMIT_STACK, &rl); -+ rl.rlim_cur = sz; -+ setrlimit (RLIMIT_STACK, &rl); -+ -+ buf = malloc (sz + 1); -+ memset (buf, 'A', sz); -+ buf[sz] = '\0'; -+ setenv ("NLSPATH", buf, 1); -+ -+ result = catopen (buf, NL_CAT_LOCALE); -+ assert (result == (nl_catd) -1); -+ -+ free (buf); -+ return 0; -+} -+ - #define ROUNDS 5 - - static int -@@ -62,6 +92,7 @@ do_test (void) - } - } - -+ result += do_bz17905 (); - return result; - } - -Index: git/ChangeLog -=================================================================== ---- git.orig/ChangeLog -+++ git/ChangeLog -@@ -1,3 +1,11 @@ -+2015-08-08 Paul Pluzhnikov -+ -+ [BZ #17905] -+ * catgets/Makefile (tst-catgets-mem): New test. -+ * catgets/catgets.c (catopen): Don't use unbounded alloca. -+ * catgets/open_catalog.c (__open_catalog): Likewise. -+ * catgets/tst-catgets.c (do_bz17905): Test unbounded alloca. -+ - 2015-10-15 Florian Weimer - - [BZ #18928] -Index: git/NEWS -=================================================================== ---- git.orig/NEWS -+++ git/NEWS -@@ -9,7 +9,7 @@ Version 2.22.1 - - * The following bugs are resolved with this release: - -- 18778, 18781, 18787. -+ 18778, 18781, 18787, 17905. - - Version 2.22 - diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch b/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch deleted file mode 100644 index 3aca913317..0000000000 --- a/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch +++ /dev/null @@ -1,1039 +0,0 @@ -From e02cabecf0d025ec4f4ddee290bdf7aadb873bb3 Mon Sep 17 00:00:00 2001 -From: Joseph Myers -Date: Tue, 24 Nov 2015 22:24:52 +0000 -Subject: [PATCH] Refactor strtod parsing of NaN payloads. - -The nan* functions handle their string argument by constructing a -NAN(...) string on the stack as a VLA and passing it to strtod -functions. - -This approach has problems discussed in bug 16961 and bug 16962: the -stack usage is unbounded, and it gives incorrect results in certain -cases where the argument is not a valid n-char-sequence. - -The natural fix for both issues is to refactor the NaN payload parsing -out of strtod into a separate function that the nan* functions can -call directly, so that no temporary string needs constructing on the -stack at all. This patch does that refactoring in preparation for -fixing those bugs (but without actually using the new functions from -nan* - which will also require exporting them from libc at version -GLIBC_PRIVATE). This patch is not intended to change any user-visible -behavior, so no tests are added (fixes for the above bugs will of -course add tests for them). - -This patch builds on my recent fixes for strtol and strtod issues in -Turkish locales. Given those fixes, the parsing of NaN payloads is -locale-independent; thus, the new functions do not need to take a -locale_t argument. - -Tested for x86_64, x86, mips64 and powerpc. - - * stdlib/strtod_nan.c: New file. - * stdlib/strtod_nan_double.h: Likewise. - * stdlib/strtod_nan_float.h: Likewise. - * stdlib/strtod_nan_main.c: Likewise. - * stdlib/strtod_nan_narrow.h: Likewise. - * stdlib/strtod_nan_wide.h: Likewise. - * stdlib/strtof_nan.c: Likewise. - * stdlib/strtold_nan.c: Likewise. - * sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h: Likewise. - * sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h: Likewise. - * sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h: Likewise. - * wcsmbs/wcstod_nan.c: Likewise. - * wcsmbs/wcstof_nan.c: Likewise. - * wcsmbs/wcstold_nan.c: Likewise. - * stdlib/Makefile (routines): Add strtof_nan, strtod_nan and - strtold_nan. - * wcsmbs/Makefile (routines): Add wcstod_nan, wcstold_nan and - wcstof_nan. - * include/stdlib.h (__strtof_nan): Declare and use - libc_hidden_proto. - (__strtod_nan): Likewise. - (__strtold_nan): Likewise. - (__wcstof_nan): Likewise. - (__wcstod_nan): Likewise. - (__wcstold_nan): Likewise. - * include/wchar.h (____wcstoull_l_internal): Declare. - * stdlib/strtod_l.c: Do not include . - (____strtoull_l_internal): Remove declaration. - (STRTOF_NAN): Define macro. - (SET_MANTISSA): Remove macro. - (STRTOULL): Likewise. - (____STRTOF_INTERNAL): Use STRTOF_NAN to parse NaN payload. - * stdlib/strtof_l.c (____strtoull_l_internal): Remove declaration. - (STRTOF_NAN): Define macro. - (SET_MANTISSA): Remove macro. - * sysdeps/ieee754/ldbl-128/strtold_l.c (STRTOF_NAN): Define macro. - (SET_MANTISSA): Remove macro. - * sysdeps/ieee754/ldbl-128ibm/strtold_l.c (STRTOF_NAN): Define - macro. - (SET_MANTISSA): Remove macro. - * sysdeps/ieee754/ldbl-64-128/strtold_l.c (STRTOF_NAN): Define - macro. - (SET_MANTISSA): Remove macro. - * sysdeps/ieee754/ldbl-96/strtold_l.c (STRTOF_NAN): Define macro. - (SET_MANTISSA): Remove macro. - * wcsmbs/wcstod_l.c (____wcstoull_l_internal): Remove declaration. - * wcsmbs/wcstof_l.c (____wcstoull_l_internal): Likewise. - * wcsmbs/wcstold_l.c (____wcstoull_l_internal): Likewise. - -Upstream-Status: Backport -CVE: CVE-2015-9761 patch #1 -[Yocto # 8980] - -https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02cabecf0d025ec4f4ddee290bdf7aadb873bb3 - -Signed-off-by: Armin Kuster - ---- - ChangeLog | 49 ++++++++++++++++++ - include/stdlib.h | 18 +++++++ - include/wchar.h | 3 ++ - stdlib/Makefile | 1 + - stdlib/strtod_l.c | 48 ++++-------------- - stdlib/strtod_nan.c | 24 +++++++++ - stdlib/strtod_nan_double.h | 30 +++++++++++ - stdlib/strtod_nan_float.h | 29 +++++++++++ - stdlib/strtod_nan_main.c | 63 ++++++++++++++++++++++++ - stdlib/strtod_nan_narrow.h | 22 +++++++++ - stdlib/strtod_nan_wide.h | 22 +++++++++ - stdlib/strtof_l.c | 11 +---- - stdlib/strtof_nan.c | 24 +++++++++ - stdlib/strtold_nan.c | 30 +++++++++++ - sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h | 33 +++++++++++++ - sysdeps/ieee754/ldbl-128/strtold_l.c | 13 +---- - sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h | 30 +++++++++++ - sysdeps/ieee754/ldbl-128ibm/strtold_l.c | 10 +--- - sysdeps/ieee754/ldbl-64-128/strtold_l.c | 13 +---- - sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h | 30 +++++++++++ - sysdeps/ieee754/ldbl-96/strtold_l.c | 10 +--- - wcsmbs/Makefile | 1 + - wcsmbs/wcstod_l.c | 3 -- - wcsmbs/wcstod_nan.c | 23 +++++++++ - wcsmbs/wcstof_l.c | 3 -- - wcsmbs/wcstof_nan.c | 23 +++++++++ - wcsmbs/wcstold_l.c | 3 -- - wcsmbs/wcstold_nan.c | 30 +++++++++++ - 28 files changed, 504 insertions(+), 95 deletions(-) - create mode 100644 stdlib/strtod_nan.c - create mode 100644 stdlib/strtod_nan_double.h - create mode 100644 stdlib/strtod_nan_float.h - create mode 100644 stdlib/strtod_nan_main.c - create mode 100644 stdlib/strtod_nan_narrow.h - create mode 100644 stdlib/strtod_nan_wide.h - create mode 100644 stdlib/strtof_nan.c - create mode 100644 stdlib/strtold_nan.c - create mode 100644 sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h - create mode 100644 sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h - create mode 100644 sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h - create mode 100644 wcsmbs/wcstod_nan.c - create mode 100644 wcsmbs/wcstof_nan.c - create mode 100644 wcsmbs/wcstold_nan.c - -Index: git/include/stdlib.h -=================================================================== ---- git.orig/include/stdlib.h -+++ git/include/stdlib.h -@@ -203,6 +203,24 @@ libc_hidden_proto (strtoll) - libc_hidden_proto (strtoul) - libc_hidden_proto (strtoull) - -+extern float __strtof_nan (const char *, char **, char) internal_function; -+extern double __strtod_nan (const char *, char **, char) internal_function; -+extern long double __strtold_nan (const char *, char **, char) -+ internal_function; -+extern float __wcstof_nan (const wchar_t *, wchar_t **, wchar_t) -+ internal_function; -+extern double __wcstod_nan (const wchar_t *, wchar_t **, wchar_t) -+ internal_function; -+extern long double __wcstold_nan (const wchar_t *, wchar_t **, wchar_t) -+ internal_function; -+ -+libc_hidden_proto (__strtof_nan) -+libc_hidden_proto (__strtod_nan) -+libc_hidden_proto (__strtold_nan) -+libc_hidden_proto (__wcstof_nan) -+libc_hidden_proto (__wcstod_nan) -+libc_hidden_proto (__wcstold_nan) -+ - extern char *__ecvt (double __value, int __ndigit, int *__restrict __decpt, - int *__restrict __sign); - extern char *__fcvt (double __value, int __ndigit, int *__restrict __decpt, -Index: git/include/wchar.h -=================================================================== ---- git.orig/include/wchar.h -+++ git/include/wchar.h -@@ -52,6 +52,9 @@ extern unsigned long long int __wcstoull - __restrict __endptr, - int __base, - int __group) __THROW; -+extern unsigned long long int ____wcstoull_l_internal (const wchar_t *, -+ wchar_t **, int, int, -+ __locale_t); - libc_hidden_proto (__wcstof_internal) - libc_hidden_proto (__wcstod_internal) - libc_hidden_proto (__wcstold_internal) -Index: git/stdlib/Makefile -=================================================================== ---- git.orig/stdlib/Makefile -+++ git/stdlib/Makefile -@@ -51,6 +51,7 @@ routines-y := \ - strtol_l strtoul_l strtoll_l strtoull_l \ - strtof strtod strtold \ - strtof_l strtod_l strtold_l \ -+ strtof_nan strtod_nan strtold_nan \ - system canonicalize \ - a64l l64a \ - getsubopt xpg_basename \ -Index: git/stdlib/strtod_l.c -=================================================================== ---- git.orig/stdlib/strtod_l.c -+++ git/stdlib/strtod_l.c -@@ -21,8 +21,6 @@ - #include - - extern double ____strtod_l_internal (const char *, char **, int, __locale_t); --extern unsigned long long int ____strtoull_l_internal (const char *, char **, -- int, int, __locale_t); - - /* Configuration part. These macros are defined by `strtold.c', - `strtof.c', `wcstod.c', `wcstold.c', and `wcstof.c' to produce the -@@ -34,27 +32,20 @@ extern unsigned long long int ____strtou - # ifdef USE_WIDE_CHAR - # define STRTOF wcstod_l - # define __STRTOF __wcstod_l -+# define STRTOF_NAN __wcstod_nan - # else - # define STRTOF strtod_l - # define __STRTOF __strtod_l -+# define STRTOF_NAN __strtod_nan - # endif - # define MPN2FLOAT __mpn_construct_double - # define FLOAT_HUGE_VAL HUGE_VAL --# define SET_MANTISSA(flt, mant) \ -- do { union ieee754_double u; \ -- u.d = (flt); \ -- u.ieee_nan.mantissa0 = (mant) >> 32; \ -- u.ieee_nan.mantissa1 = (mant); \ -- if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \ -- (flt) = u.d; \ -- } while (0) - #endif - /* End of configuration part. */ - - #include - #include - #include --#include - #include "../locale/localeinfo.h" - #include - #include -@@ -105,7 +96,6 @@ extern unsigned long long int ____strtou - # define TOLOWER_C(Ch) __towlower_l ((Ch), _nl_C_locobj_ptr) - # define STRNCASECMP(S1, S2, N) \ - __wcsncasecmp_l ((S1), (S2), (N), _nl_C_locobj_ptr) --# define STRTOULL(S, E, B) ____wcstoull_l_internal ((S), (E), (B), 0, loc) - #else - # define STRING_TYPE char - # define CHAR_TYPE char -@@ -117,7 +107,6 @@ extern unsigned long long int ____strtou - # define TOLOWER_C(Ch) __tolower_l ((Ch), _nl_C_locobj_ptr) - # define STRNCASECMP(S1, S2, N) \ - __strncasecmp_l ((S1), (S2), (N), _nl_C_locobj_ptr) --# define STRTOULL(S, E, B) ____strtoull_l_internal ((S), (E), (B), 0, loc) - #endif - - -@@ -668,33 +657,14 @@ ____STRTOF_INTERNAL (nptr, endptr, group - if (*cp == L_('(')) - { - const STRING_TYPE *startp = cp; -- do -- ++cp; -- while ((*cp >= L_('0') && *cp <= L_('9')) -- || ({ CHAR_TYPE lo = TOLOWER (*cp); -- lo >= L_('a') && lo <= L_('z'); }) -- || *cp == L_('_')); -- -- if (*cp != L_(')')) -- /* The closing brace is missing. Only match the NAN -- part. */ -- cp = startp; -+ STRING_TYPE *endp; -+ retval = STRTOF_NAN (cp + 1, &endp, L_(')')); -+ if (*endp == L_(')')) -+ /* Consume the closing parenthesis. */ -+ cp = endp + 1; - else -- { -- /* This is a system-dependent way to specify the -- bitmask used for the NaN. We expect it to be -- a number which is put in the mantissa of the -- number. */ -- STRING_TYPE *endp; -- unsigned long long int mant; -- -- mant = STRTOULL (startp + 1, &endp, 0); -- if (endp == cp) -- SET_MANTISSA (retval, mant); -- -- /* Consume the closing brace. */ -- ++cp; -- } -+ /* Only match the NAN part. */ -+ cp = startp; - } - - if (endptr != NULL) -Index: git/stdlib/strtod_nan.c -=================================================================== ---- /dev/null -+++ git/stdlib/strtod_nan.c -@@ -0,0 +1,24 @@ -+/* Convert string for NaN payload to corresponding NaN. Narrow -+ strings, double. -+ Copyright (C) 2015 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#include -+#include -+ -+#define STRTOD_NAN __strtod_nan -+#include -Index: git/stdlib/strtod_nan_double.h -=================================================================== ---- /dev/null -+++ git/stdlib/strtod_nan_double.h -@@ -0,0 +1,30 @@ -+/* Convert string for NaN payload to corresponding NaN. For double. -+ Copyright (C) 1997-2015 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#define FLOAT double -+#define SET_MANTISSA(flt, mant) \ -+ do \ -+ { \ -+ union ieee754_double u; \ -+ u.d = (flt); \ -+ u.ieee_nan.mantissa0 = (mant) >> 32; \ -+ u.ieee_nan.mantissa1 = (mant); \ -+ if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \ -+ (flt) = u.d; \ -+ } \ -+ while (0) -Index: git/stdlib/strtod_nan_float.h -=================================================================== ---- /dev/null -+++ git/stdlib/strtod_nan_float.h -@@ -0,0 +1,29 @@ -+/* Convert string for NaN payload to corresponding NaN. For float. -+ Copyright (C) 1997-2015 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#define FLOAT float -+#define SET_MANTISSA(flt, mant) \ -+ do \ -+ { \ -+ union ieee754_float u; \ -+ u.f = (flt); \ -+ u.ieee_nan.mantissa = (mant); \ -+ if (u.ieee.mantissa != 0) \ -+ (flt) = u.f; \ -+ } \ -+ while (0) -Index: git/stdlib/strtod_nan_main.c -=================================================================== ---- /dev/null -+++ git/stdlib/strtod_nan_main.c -@@ -0,0 +1,63 @@ -+/* Convert string for NaN payload to corresponding NaN. -+ Copyright (C) 1997-2015 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#include -+#include -+#include -+#include -+#include -+ -+ -+/* If STR starts with an optional n-char-sequence as defined by ISO C -+ (a sequence of ASCII letters, digits and underscores), followed by -+ ENDC, return a NaN whose payload is set based on STR. Otherwise, -+ return a default NAN. If ENDPTR is not NULL, set *ENDPTR to point -+ to the character after the initial n-char-sequence. */ -+ -+internal_function -+FLOAT -+STRTOD_NAN (const STRING_TYPE *str, STRING_TYPE **endptr, STRING_TYPE endc) -+{ -+ const STRING_TYPE *cp = str; -+ -+ while ((*cp >= L_('0') && *cp <= L_('9')) -+ || (*cp >= L_('A') && *cp <= L_('Z')) -+ || (*cp >= L_('a') && *cp <= L_('z')) -+ || *cp == L_('_')) -+ ++cp; -+ -+ FLOAT retval = NAN; -+ if (*cp != endc) -+ goto out; -+ -+ /* This is a system-dependent way to specify the bitmask used for -+ the NaN. We expect it to be a number which is put in the -+ mantissa of the number. */ -+ STRING_TYPE *endp; -+ unsigned long long int mant; -+ -+ mant = STRTOULL (str, &endp, 0); -+ if (endp == cp) -+ SET_MANTISSA (retval, mant); -+ -+ out: -+ if (endptr != NULL) -+ *endptr = (STRING_TYPE *) cp; -+ return retval; -+} -+libc_hidden_def (STRTOD_NAN) -Index: git/stdlib/strtod_nan_narrow.h -=================================================================== ---- /dev/null -+++ git/stdlib/strtod_nan_narrow.h -@@ -0,0 +1,22 @@ -+/* Convert string for NaN payload to corresponding NaN. Narrow strings. -+ Copyright (C) 1997-2015 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#define STRING_TYPE char -+#define L_(Ch) Ch -+#define STRTOULL(S, E, B) ____strtoull_l_internal ((S), (E), (B), 0, \ -+ _nl_C_locobj_ptr) -Index: git/stdlib/strtod_nan_wide.h -=================================================================== ---- /dev/null -+++ git/stdlib/strtod_nan_wide.h -@@ -0,0 +1,22 @@ -+/* Convert string for NaN payload to corresponding NaN. Wide strings. -+ Copyright (C) 1997-2015 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#define STRING_TYPE wchar_t -+#define L_(Ch) L##Ch -+#define STRTOULL(S, E, B) ____wcstoull_l_internal ((S), (E), (B), 0, \ -+ _nl_C_locobj_ptr) -Index: git/stdlib/strtof_l.c -=================================================================== ---- git.orig/stdlib/strtof_l.c -+++ git/stdlib/strtof_l.c -@@ -20,26 +20,19 @@ - #include - - extern float ____strtof_l_internal (const char *, char **, int, __locale_t); --extern unsigned long long int ____strtoull_l_internal (const char *, char **, -- int, int, __locale_t); - - #define FLOAT float - #define FLT FLT - #ifdef USE_WIDE_CHAR - # define STRTOF wcstof_l - # define __STRTOF __wcstof_l -+# define STRTOF_NAN __wcstof_nan - #else - # define STRTOF strtof_l - # define __STRTOF __strtof_l -+# define STRTOF_NAN __strtof_nan - #endif - #define MPN2FLOAT __mpn_construct_float - #define FLOAT_HUGE_VAL HUGE_VALF --#define SET_MANTISSA(flt, mant) \ -- do { union ieee754_float u; \ -- u.f = (flt); \ -- u.ieee_nan.mantissa = (mant); \ -- if (u.ieee.mantissa != 0) \ -- (flt) = u.f; \ -- } while (0) - - #include "strtod_l.c" -Index: git/stdlib/strtof_nan.c -=================================================================== ---- /dev/null -+++ git/stdlib/strtof_nan.c -@@ -0,0 +1,24 @@ -+/* Convert string for NaN payload to corresponding NaN. Narrow -+ strings, float. -+ Copyright (C) 2015 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#include -+#include -+ -+#define STRTOD_NAN __strtof_nan -+#include -Index: git/stdlib/strtold_nan.c -=================================================================== ---- /dev/null -+++ git/stdlib/strtold_nan.c -@@ -0,0 +1,30 @@ -+/* Convert string for NaN payload to corresponding NaN. Narrow -+ strings, long double. -+ Copyright (C) 2015 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#include -+ -+/* This function is unused if long double and double have the same -+ representation. */ -+#ifndef __NO_LONG_DOUBLE_MATH -+# include -+# include -+ -+# define STRTOD_NAN __strtold_nan -+# include -+#endif -Index: git/sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h -=================================================================== ---- /dev/null -+++ git/sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h -@@ -0,0 +1,33 @@ -+/* Convert string for NaN payload to corresponding NaN. For ldbl-128. -+ Copyright (C) 1997-2015 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#define FLOAT long double -+#define SET_MANTISSA(flt, mant) \ -+ do \ -+ { \ -+ union ieee854_long_double u; \ -+ u.d = (flt); \ -+ u.ieee_nan.mantissa0 = 0; \ -+ u.ieee_nan.mantissa1 = 0; \ -+ u.ieee_nan.mantissa2 = (mant) >> 32; \ -+ u.ieee_nan.mantissa3 = (mant); \ -+ if ((u.ieee.mantissa0 | u.ieee.mantissa1 \ -+ | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \ -+ (flt) = u.d; \ -+ } \ -+ while (0) -Index: git/sysdeps/ieee754/ldbl-128/strtold_l.c -=================================================================== ---- git.orig/sysdeps/ieee754/ldbl-128/strtold_l.c -+++ git/sysdeps/ieee754/ldbl-128/strtold_l.c -@@ -25,22 +25,13 @@ - #ifdef USE_WIDE_CHAR - # define STRTOF wcstold_l - # define __STRTOF __wcstold_l -+# define STRTOF_NAN __wcstold_nan - #else - # define STRTOF strtold_l - # define __STRTOF __strtold_l -+# define STRTOF_NAN __strtold_nan - #endif - #define MPN2FLOAT __mpn_construct_long_double - #define FLOAT_HUGE_VAL HUGE_VALL --#define SET_MANTISSA(flt, mant) \ -- do { union ieee854_long_double u; \ -- u.d = (flt); \ -- u.ieee_nan.mantissa0 = 0; \ -- u.ieee_nan.mantissa1 = 0; \ -- u.ieee_nan.mantissa2 = (mant) >> 32; \ -- u.ieee_nan.mantissa3 = (mant); \ -- if ((u.ieee.mantissa0 | u.ieee.mantissa1 \ -- | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \ -- (flt) = u.d; \ -- } while (0) - - #include -Index: git/sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h -=================================================================== ---- /dev/null -+++ git/sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h -@@ -0,0 +1,30 @@ -+/* Convert string for NaN payload to corresponding NaN. For ldbl-128ibm. -+ Copyright (C) 1997-2015 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#define FLOAT long double -+#define SET_MANTISSA(flt, mant) \ -+ do \ -+ { \ -+ union ibm_extended_long_double u; \ -+ u.ld = (flt); \ -+ u.d[0].ieee_nan.mantissa0 = (mant) >> 32; \ -+ u.d[0].ieee_nan.mantissa1 = (mant); \ -+ if ((u.d[0].ieee.mantissa0 | u.d[0].ieee.mantissa1) != 0) \ -+ (flt) = u.ld; \ -+ } \ -+ while (0) -Index: git/sysdeps/ieee754/ldbl-128ibm/strtold_l.c -=================================================================== ---- git.orig/sysdeps/ieee754/ldbl-128ibm/strtold_l.c -+++ git/sysdeps/ieee754/ldbl-128ibm/strtold_l.c -@@ -30,25 +30,19 @@ extern long double ____new_wcstold_l (co - # define STRTOF __new_wcstold_l - # define __STRTOF ____new_wcstold_l - # define ____STRTOF_INTERNAL ____wcstold_l_internal -+# define STRTOF_NAN __wcstold_nan - #else - extern long double ____new_strtold_l (const char *, char **, __locale_t); - # define STRTOF __new_strtold_l - # define __STRTOF ____new_strtold_l - # define ____STRTOF_INTERNAL ____strtold_l_internal -+# define STRTOF_NAN __strtold_nan - #endif - extern __typeof (__STRTOF) STRTOF; - libc_hidden_proto (__STRTOF) - libc_hidden_proto (STRTOF) - #define MPN2FLOAT __mpn_construct_long_double - #define FLOAT_HUGE_VAL HUGE_VALL --# define SET_MANTISSA(flt, mant) \ -- do { union ibm_extended_long_double u; \ -- u.ld = (flt); \ -- u.d[0].ieee_nan.mantissa0 = (mant) >> 32; \ -- u.d[0].ieee_nan.mantissa1 = (mant); \ -- if ((u.d[0].ieee.mantissa0 | u.d[0].ieee.mantissa1) != 0) \ -- (flt) = u.ld; \ -- } while (0) - - #include - -Index: git/sysdeps/ieee754/ldbl-64-128/strtold_l.c -=================================================================== ---- git.orig/sysdeps/ieee754/ldbl-64-128/strtold_l.c -+++ git/sysdeps/ieee754/ldbl-64-128/strtold_l.c -@@ -30,28 +30,19 @@ extern long double ____new_wcstold_l (co - # define STRTOF __new_wcstold_l - # define __STRTOF ____new_wcstold_l - # define ____STRTOF_INTERNAL ____wcstold_l_internal -+# define STRTOF_NAN __wcstold_nan - #else - extern long double ____new_strtold_l (const char *, char **, __locale_t); - # define STRTOF __new_strtold_l - # define __STRTOF ____new_strtold_l - # define ____STRTOF_INTERNAL ____strtold_l_internal -+# define STRTOF_NAN __strtold_nan - #endif - extern __typeof (__STRTOF) STRTOF; - libc_hidden_proto (__STRTOF) - libc_hidden_proto (STRTOF) - #define MPN2FLOAT __mpn_construct_long_double - #define FLOAT_HUGE_VAL HUGE_VALL --#define SET_MANTISSA(flt, mant) \ -- do { union ieee854_long_double u; \ -- u.d = (flt); \ -- u.ieee_nan.mantissa0 = 0; \ -- u.ieee_nan.mantissa1 = 0; \ -- u.ieee_nan.mantissa2 = (mant) >> 32; \ -- u.ieee_nan.mantissa3 = (mant); \ -- if ((u.ieee.mantissa0 | u.ieee.mantissa1 \ -- | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \ -- (flt) = u.d; \ -- } while (0) - - #include - -Index: git/sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h -=================================================================== ---- /dev/null -+++ git/sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h -@@ -0,0 +1,30 @@ -+/* Convert string for NaN payload to corresponding NaN. For ldbl-96. -+ Copyright (C) 1997-2015 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#define FLOAT long double -+#define SET_MANTISSA(flt, mant) \ -+ do \ -+ { \ -+ union ieee854_long_double u; \ -+ u.d = (flt); \ -+ u.ieee_nan.mantissa0 = (mant) >> 32; \ -+ u.ieee_nan.mantissa1 = (mant); \ -+ if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \ -+ (flt) = u.d; \ -+ } \ -+ while (0) -Index: git/sysdeps/ieee754/ldbl-96/strtold_l.c -=================================================================== ---- git.orig/sysdeps/ieee754/ldbl-96/strtold_l.c -+++ git/sysdeps/ieee754/ldbl-96/strtold_l.c -@@ -25,19 +25,13 @@ - #ifdef USE_WIDE_CHAR - # define STRTOF wcstold_l - # define __STRTOF __wcstold_l -+# define STRTOF_NAN __wcstold_nan - #else - # define STRTOF strtold_l - # define __STRTOF __strtold_l -+# define STRTOF_NAN __strtold_nan - #endif - #define MPN2FLOAT __mpn_construct_long_double - #define FLOAT_HUGE_VAL HUGE_VALL --#define SET_MANTISSA(flt, mant) \ -- do { union ieee854_long_double u; \ -- u.d = (flt); \ -- u.ieee_nan.mantissa0 = (mant) >> 32; \ -- u.ieee_nan.mantissa1 = (mant); \ -- if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \ -- (flt) = u.d; \ -- } while (0) - - #include -Index: git/wcsmbs/Makefile -=================================================================== ---- git.orig/wcsmbs/Makefile -+++ git/wcsmbs/Makefile -@@ -39,6 +39,7 @@ routines-$(OPTION_POSIX_C_LANG_WIDE_CHAR - wcstol wcstoul wcstoll wcstoull wcstod wcstold wcstof \ - wcstol_l wcstoul_l wcstoll_l wcstoull_l \ - wcstod_l wcstold_l wcstof_l \ -+ wcstod_nan wcstold_nan wcstof_nan \ - wcscoll wcsxfrm \ - wcwidth wcswidth \ - wcscoll_l wcsxfrm_l \ -Index: git/wcsmbs/wcstod_l.c -=================================================================== ---- git.orig/wcsmbs/wcstod_l.c -+++ git/wcsmbs/wcstod_l.c -@@ -23,9 +23,6 @@ - - extern double ____wcstod_l_internal (const wchar_t *, wchar_t **, int, - __locale_t); --extern unsigned long long int ____wcstoull_l_internal (const wchar_t *, -- wchar_t **, int, int, -- __locale_t); - - #define USE_WIDE_CHAR 1 - -Index: git/wcsmbs/wcstod_nan.c -=================================================================== ---- /dev/null -+++ git/wcsmbs/wcstod_nan.c -@@ -0,0 +1,23 @@ -+/* Convert string for NaN payload to corresponding NaN. Wide strings, double. -+ Copyright (C) 2015 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#include "../stdlib/strtod_nan_wide.h" -+#include "../stdlib/strtod_nan_double.h" -+ -+#define STRTOD_NAN __wcstod_nan -+#include "../stdlib/strtod_nan_main.c" -Index: git/wcsmbs/wcstof_l.c -=================================================================== ---- git.orig/wcsmbs/wcstof_l.c -+++ git/wcsmbs/wcstof_l.c -@@ -25,8 +25,5 @@ - - extern float ____wcstof_l_internal (const wchar_t *, wchar_t **, int, - __locale_t); --extern unsigned long long int ____wcstoull_l_internal (const wchar_t *, -- wchar_t **, int, int, -- __locale_t); - - #include -Index: git/wcsmbs/wcstof_nan.c -=================================================================== ---- /dev/null -+++ git/wcsmbs/wcstof_nan.c -@@ -0,0 +1,23 @@ -+/* Convert string for NaN payload to corresponding NaN. Wide strings, float. -+ Copyright (C) 2015 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#include "../stdlib/strtod_nan_wide.h" -+#include "../stdlib/strtod_nan_float.h" -+ -+#define STRTOD_NAN __wcstof_nan -+#include "../stdlib/strtod_nan_main.c" -Index: git/wcsmbs/wcstold_l.c -=================================================================== ---- git.orig/wcsmbs/wcstold_l.c -+++ git/wcsmbs/wcstold_l.c -@@ -24,8 +24,5 @@ - - extern long double ____wcstold_l_internal (const wchar_t *, wchar_t **, int, - __locale_t); --extern unsigned long long int ____wcstoull_l_internal (const wchar_t *, -- wchar_t **, int, int, -- __locale_t); - - #include -Index: git/wcsmbs/wcstold_nan.c -=================================================================== ---- /dev/null -+++ git/wcsmbs/wcstold_nan.c -@@ -0,0 +1,30 @@ -+/* Convert string for NaN payload to corresponding NaN. Wide strings, -+ long double. -+ Copyright (C) 2015 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#include -+ -+/* This function is unused if long double and double have the same -+ representation. */ -+#ifndef __NO_LONG_DOUBLE_MATH -+# include "../stdlib/strtod_nan_wide.h" -+# include -+ -+# define STRTOD_NAN __wcstold_nan -+# include "../stdlib/strtod_nan_main.c" -+#endif -Index: git/ChangeLog -=================================================================== ---- git.orig/ChangeLog -+++ git/ChangeLog -@@ -1,3 +1,57 @@ -+2015-11-24 Joseph Myers -+ -+ * stdlib/strtod_nan.c: New file. -+ * stdlib/strtod_nan_double.h: Likewise. -+ * stdlib/strtod_nan_float.h: Likewise. -+ * stdlib/strtod_nan_main.c: Likewise. -+ * stdlib/strtod_nan_narrow.h: Likewise. -+ * stdlib/strtod_nan_wide.h: Likewise. -+ * stdlib/strtof_nan.c: Likewise. -+ * stdlib/strtold_nan.c: Likewise. -+ * sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h: Likewise. -+ * sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h: Likewise. -+ * sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h: Likewise. -+ * wcsmbs/wcstod_nan.c: Likewise. -+ * wcsmbs/wcstof_nan.c: Likewise. -+ * wcsmbs/wcstold_nan.c: Likewise. -+ * stdlib/Makefile (routines): Add strtof_nan, strtod_nan and -+ strtold_nan. -+ * wcsmbs/Makefile (routines): Add wcstod_nan, wcstold_nan and -+ wcstof_nan. -+ * include/stdlib.h (__strtof_nan): Declare and use -+ libc_hidden_proto. -+ (__strtod_nan): Likewise. -+ (__strtold_nan): Likewise. -+ (__wcstof_nan): Likewise. -+ (__wcstod_nan): Likewise. -+ (__wcstold_nan): Likewise. -+ * include/wchar.h (____wcstoull_l_internal): Declare. -+ * stdlib/strtod_l.c: Do not include . -+ (____strtoull_l_internal): Remove declaration. -+ (STRTOF_NAN): Define macro. -+ (SET_MANTISSA): Remove macro. -+ (STRTOULL): Likewise. -+ (____STRTOF_INTERNAL): Use STRTOF_NAN to parse NaN payload. -+ * stdlib/strtof_l.c (____strtoull_l_internal): Remove declaration. -+ (STRTOF_NAN): Define macro. -+ (SET_MANTISSA): Remove macro. -+ * sysdeps/ieee754/ldbl-128/strtold_l.c (STRTOF_NAN): Define macro. -+ (SET_MANTISSA): Remove macro. -+ * sysdeps/ieee754/ldbl-128ibm/strtold_l.c (STRTOF_NAN): Define -+ macro. -+ (SET_MANTISSA): Remove macro. -+ * sysdeps/ieee754/ldbl-64-128/strtold_l.c (STRTOF_NAN): Define -+ macro. -+ (SET_MANTISSA): Remove macro. -+ * sysdeps/ieee754/ldbl-96/strtold_l.c (STRTOF_NAN): Define macro. -+ (SET_MANTISSA): Remove macro. -+ * wcsmbs/wcstod_l.c (____wcstoull_l_internal): Remove declaration. -+ * wcsmbs/wcstof_l.c (____wcstoull_l_internal): Likewise. -+ * wcsmbs/wcstold_l.c (____wcstoull_l_internal): Likewise. -+ -+ [BZ #19266] -+ * stdlib/strtod_l.c (____STRTOF_INTERNAL): Check directly for -+ upper case and lower case letters inside NAN(), not using TOLOWER. - 2015-08-08 Paul Pluzhnikov - - [BZ #17905] diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch b/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch deleted file mode 100644 index e30307fbc0..0000000000 --- a/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch +++ /dev/null @@ -1,385 +0,0 @@ -From 8f5e8b01a1da2a207228f2072c934fa5918554b8 Mon Sep 17 00:00:00 2001 -From: Joseph Myers -Date: Fri, 4 Dec 2015 20:36:28 +0000 -Subject: [PATCH] Fix nan functions handling of payload strings (bug 16961, bug - 16962). - -The nan, nanf and nanl functions handle payload strings by doing e.g.: - - if (tagp[0] != '\0') - { - char buf[6 + strlen (tagp)]; - sprintf (buf, "NAN(%s)", tagp); - return strtod (buf, NULL); - } - -This is an unbounded stack allocation based on the length of the -argument. Furthermore, if the argument starts with an n-char-sequence -followed by ')', that n-char-sequence is wrongly treated as -significant for determining the payload of the resulting NaN, when ISO -C says the call should be equivalent to strtod ("NAN", NULL), without -being affected by that initial n-char-sequence. This patch fixes both -those problems by using the __strtod_nan etc. functions recently -factored out of strtod etc. for that purpose, with those functions -being exported from libc at version GLIBC_PRIVATE. - -Tested for x86_64, x86, mips64 and powerpc. - - [BZ #16961] - [BZ #16962] - * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a - string on the stack for strtod. - * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing - a string on the stack for strtof. - * math/s_nanl.c (__nanl): Use __strtold_nan instead of - constructing a string on the stack for strtold. - * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and - __strtold_nan to GLIBC_PRIVATE. - * math/test-nan-overflow.c: New file. - * math/test-nan-payload.c: Likewise. - * math/Makefile (tests): Add test-nan-overflow and - test-nan-payload. - -Upstream-Status: Backport -CVE: CVE-2015-9761 patch #2 -[Yocto # 8980] - -https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f5e8b01a1da2a207228f2072c934fa5918554b8 - -Signed-off-by: Armin Kuster - ---- - ChangeLog | 17 +++++++ - NEWS | 6 +++ - math/Makefile | 3 +- - math/s_nan.c | 9 +--- - math/s_nanf.c | 9 +--- - math/s_nanl.c | 9 +--- - math/test-nan-overflow.c | 66 +++++++++++++++++++++++++ - math/test-nan-payload.c | 122 +++++++++++++++++++++++++++++++++++++++++++++++ - stdlib/Versions | 1 + - 9 files changed, 217 insertions(+), 25 deletions(-) - create mode 100644 math/test-nan-overflow.c - create mode 100644 math/test-nan-payload.c - -Index: git/ChangeLog -=================================================================== ---- git.orig/ChangeLog -+++ git/ChangeLog -@@ -1,3 +1,20 @@ -+2015-12-04 Joseph Myers -+ -+ [BZ #16961] -+ [BZ #16962] -+ * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a -+ string on the stack for strtod. -+ * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing -+ a string on the stack for strtof. -+ * math/s_nanl.c (__nanl): Use __strtold_nan instead of -+ constructing a string on the stack for strtold. -+ * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and -+ __strtold_nan to GLIBC_PRIVATE. -+ * math/test-nan-overflow.c: New file. -+ * math/test-nan-payload.c: Likewise. -+ * math/Makefile (tests): Add test-nan-overflow and -+ test-nan-payload. -+ - 2015-11-24 Joseph Myers - - * stdlib/strtod_nan.c: New file. -Index: git/NEWS -=================================================================== ---- git.orig/NEWS -+++ git/NEWS -@@ -99,6 +99,12 @@ Version 2.22 - - Version 2.21 - -+Security related changes: -+ -+* The nan, nanf and nanl functions no longer have unbounded stack usage -+ depending on the length of the string passed as an argument to the -+ functions. Reported by Joseph Myers. -+ - * The following bugs are resolved with this release: - - 6652, 10672, 12674, 12847, 12926, 13862, 14132, 14138, 14171, 14498, -Index: git/math/Makefile -=================================================================== ---- git.orig/math/Makefile -+++ git/math/Makefile -@@ -110,6 +110,7 @@ tests = test-matherr test-fenv atest-exp - test-tgmath-ret bug-nextafter bug-nexttoward bug-tgmath1 \ - test-tgmath-int test-tgmath2 test-powl tst-CMPLX tst-CMPLX2 test-snan \ - test-fenv-tls test-fenv-preserve test-fenv-return test-fenvinline \ -+ test-nan-overflow test-nan-payload \ - $(tests-static) - tests-static = test-fpucw-static test-fpucw-ieee-static - # We do the `long double' tests only if this data type is available and -Index: git/math/s_nan.c -=================================================================== ---- git.orig/math/s_nan.c -+++ git/math/s_nan.c -@@ -28,14 +28,7 @@ - double - __nan (const char *tagp) - { -- if (tagp[0] != '\0') -- { -- char buf[6 + strlen (tagp)]; -- sprintf (buf, "NAN(%s)", tagp); -- return strtod (buf, NULL); -- } -- -- return NAN; -+ return __strtod_nan (tagp, NULL, 0); - } - weak_alias (__nan, nan) - #ifdef NO_LONG_DOUBLE -Index: git/math/s_nanf.c -=================================================================== ---- git.orig/math/s_nanf.c -+++ git/math/s_nanf.c -@@ -28,13 +28,6 @@ - float - __nanf (const char *tagp) - { -- if (tagp[0] != '\0') -- { -- char buf[6 + strlen (tagp)]; -- sprintf (buf, "NAN(%s)", tagp); -- return strtof (buf, NULL); -- } -- -- return NAN; -+ return __strtof_nan (tagp, NULL, 0); - } - weak_alias (__nanf, nanf) -Index: git/math/s_nanl.c -=================================================================== ---- git.orig/math/s_nanl.c -+++ git/math/s_nanl.c -@@ -28,13 +28,6 @@ - long double - __nanl (const char *tagp) - { -- if (tagp[0] != '\0') -- { -- char buf[6 + strlen (tagp)]; -- sprintf (buf, "NAN(%s)", tagp); -- return strtold (buf, NULL); -- } -- -- return NAN; -+ return __strtold_nan (tagp, NULL, 0); - } - weak_alias (__nanl, nanl) -Index: git/math/test-nan-overflow.c -=================================================================== ---- /dev/null -+++ git/math/test-nan-overflow.c -@@ -0,0 +1,66 @@ -+/* Test nan functions stack overflow (bug 16962). -+ Copyright (C) 2015 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#include -+#include -+#include -+#include -+ -+#define STACK_LIM 1048576 -+#define STRING_SIZE (2 * STACK_LIM) -+ -+static int -+do_test (void) -+{ -+ int result = 0; -+ struct rlimit lim; -+ getrlimit (RLIMIT_STACK, &lim); -+ lim.rlim_cur = STACK_LIM; -+ setrlimit (RLIMIT_STACK, &lim); -+ char *nanstr = malloc (STRING_SIZE); -+ if (nanstr == NULL) -+ { -+ puts ("malloc failed, cannot test"); -+ return 77; -+ } -+ memset (nanstr, '0', STRING_SIZE - 1); -+ nanstr[STRING_SIZE - 1] = 0; -+#define NAN_TEST(TYPE, FUNC) \ -+ do \ -+ { \ -+ char *volatile p = nanstr; \ -+ volatile TYPE v = FUNC (p); \ -+ if (isnan (v)) \ -+ puts ("PASS: " #FUNC); \ -+ else \ -+ { \ -+ puts ("FAIL: " #FUNC); \ -+ result = 1; \ -+ } \ -+ } \ -+ while (0) -+ NAN_TEST (float, nanf); -+ NAN_TEST (double, nan); -+#ifndef NO_LONG_DOUBLE -+ NAN_TEST (long double, nanl); -+#endif -+ return result; -+} -+ -+#define TEST_FUNCTION do_test () -+#include "../test-skeleton.c" -Index: git/math/test-nan-payload.c -=================================================================== ---- /dev/null -+++ git/math/test-nan-payload.c -@@ -0,0 +1,122 @@ -+/* Test nan functions payload handling (bug 16961). -+ Copyright (C) 2015 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#include -+#include -+#include -+#include -+#include -+ -+/* Avoid built-in functions. */ -+#define WRAP_NAN(FUNC, STR) \ -+ ({ const char *volatile wns = (STR); FUNC (wns); }) -+#define WRAP_STRTO(FUNC, STR) \ -+ ({ const char *volatile wss = (STR); FUNC (wss, NULL); }) -+ -+#define CHECK_IS_NAN(TYPE, A) \ -+ do \ -+ { \ -+ if (isnan (A)) \ -+ puts ("PASS: " #TYPE " " #A); \ -+ else \ -+ { \ -+ puts ("FAIL: " #TYPE " " #A); \ -+ result = 1; \ -+ } \ -+ } \ -+ while (0) -+ -+#define CHECK_SAME_NAN(TYPE, A, B) \ -+ do \ -+ { \ -+ if (memcmp (&(A), &(B), sizeof (A)) == 0) \ -+ puts ("PASS: " #TYPE " " #A " = " #B); \ -+ else \ -+ { \ -+ puts ("FAIL: " #TYPE " " #A " = " #B); \ -+ result = 1; \ -+ } \ -+ } \ -+ while (0) -+ -+#define CHECK_DIFF_NAN(TYPE, A, B) \ -+ do \ -+ { \ -+ if (memcmp (&(A), &(B), sizeof (A)) != 0) \ -+ puts ("PASS: " #TYPE " " #A " != " #B); \ -+ else \ -+ { \ -+ puts ("FAIL: " #TYPE " " #A " != " #B); \ -+ result = 1; \ -+ } \ -+ } \ -+ while (0) -+ -+/* Cannot test payloads by memcmp for formats where NaNs have padding -+ bits. */ -+#define CAN_TEST_EQ(MANT_DIG) ((MANT_DIG) != 64 && (MANT_DIG) != 106) -+ -+#define RUN_TESTS(TYPE, SFUNC, FUNC, MANT_DIG) \ -+ do \ -+ { \ -+ TYPE n123 = WRAP_NAN (FUNC, "123"); \ -+ CHECK_IS_NAN (TYPE, n123); \ -+ TYPE s123 = WRAP_STRTO (SFUNC, "NAN(123)"); \ -+ CHECK_IS_NAN (TYPE, s123); \ -+ TYPE n456 = WRAP_NAN (FUNC, "456"); \ -+ CHECK_IS_NAN (TYPE, n456); \ -+ TYPE s456 = WRAP_STRTO (SFUNC, "NAN(456)"); \ -+ CHECK_IS_NAN (TYPE, s456); \ -+ TYPE n123x = WRAP_NAN (FUNC, "123)"); \ -+ CHECK_IS_NAN (TYPE, n123x); \ -+ TYPE nemp = WRAP_NAN (FUNC, ""); \ -+ CHECK_IS_NAN (TYPE, nemp); \ -+ TYPE semp = WRAP_STRTO (SFUNC, "NAN()"); \ -+ CHECK_IS_NAN (TYPE, semp); \ -+ TYPE sx = WRAP_STRTO (SFUNC, "NAN"); \ -+ CHECK_IS_NAN (TYPE, sx); \ -+ if (CAN_TEST_EQ (MANT_DIG)) \ -+ CHECK_SAME_NAN (TYPE, n123, s123); \ -+ if (CAN_TEST_EQ (MANT_DIG)) \ -+ CHECK_SAME_NAN (TYPE, n456, s456); \ -+ if (CAN_TEST_EQ (MANT_DIG)) \ -+ CHECK_SAME_NAN (TYPE, nemp, semp); \ -+ if (CAN_TEST_EQ (MANT_DIG)) \ -+ CHECK_SAME_NAN (TYPE, n123x, sx); \ -+ CHECK_DIFF_NAN (TYPE, n123, n456); \ -+ CHECK_DIFF_NAN (TYPE, n123, nemp); \ -+ CHECK_DIFF_NAN (TYPE, n123, n123x); \ -+ CHECK_DIFF_NAN (TYPE, n456, nemp); \ -+ CHECK_DIFF_NAN (TYPE, n456, n123x); \ -+ } \ -+ while (0) -+ -+static int -+do_test (void) -+{ -+ int result = 0; -+ RUN_TESTS (float, strtof, nanf, FLT_MANT_DIG); -+ RUN_TESTS (double, strtod, nan, DBL_MANT_DIG); -+#ifndef NO_LONG_DOUBLE -+ RUN_TESTS (long double, strtold, nanl, LDBL_MANT_DIG); -+#endif -+ return result; -+} -+ -+#define TEST_FUNCTION do_test () -+#include "../test-skeleton.c" -Index: git/stdlib/Versions -=================================================================== ---- git.orig/stdlib/Versions -+++ git/stdlib/Versions -@@ -118,5 +118,6 @@ libc { - # Used from other libraries - __libc_secure_getenv; - __call_tls_dtors; -+ __strtof_nan; __strtod_nan; __strtold_nan; - } - } -- cgit 1.2.3-korg