pool/glibc
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5005d4836d
glibc/tls-dtor-list-mangling.patch
Andreas Schwab 5005d4836d Accepting request 359989 from home:Andreas_Schwab:Factory 
- tls-dtor-list-mangling.patch: Harden tls_dtor_list with pointer mangling
  (BZ #19018)
- prelink-elf-rtype-class.patch: Keep only ELF_RTYPE_CLASS_{PLT|COPY} bits
  for prelink (BZ #19178)
- vector-finite-math-aliases.patch: Better workaround for aliases of
  *_finite symbols in vector math library (BZ# 19058)
- powerpc-elision-adapt-param.patch: powerpc: Fix usage of elision
  transient failure adapt param (BZ #19174)
- catopen-unbound-alloca.patch: Fix unbound alloca in catopen
  (CVE-2015-8779, bsc#962739, BZ #17905)
- strftime-range-check.patch: Add range check on time fields
  (CVE-2015-8776, bsc#962736, BZ #18985)
- hcreate-overflow-check.patch: Handle overflow in hcreate (CVE-2015-8778,
  bsc#962737, BZ #18240)
- errorcheck-mutex-no-elision.patch: Don't do lock elision on an error
  checking mutex (bsc#956716, BZ #17514)
- refactor-nan-parsing.patch: Refactor strtod parsing of NaN payloads
  (CVE-2014-9761, bsc#962738, BZ #16962)
- send-dg-buffer-overflow.patch: Fix getaddrinfo stack-based buffer
  overflow (CVE-2015-7547, bsc#961721, BZ #18665)
- powerpc-lock-elision-race.patch: renamed from
  0001-powerpc-Fix-a-race-condition-when-eliding-a-lock-20150730.patch

OBS-URL: https://build.opensuse.org/request/show/359989
OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=421
2016-02-17 14:42:34 +00:00

38 lines
1.2 KiB
Diff
Raw Blame History

2015-10-06 Florian Weimer <fweimer@redhat.com>
[BZ #19018]
* stdlib/cxa_thread_atexit_impl.c (__cxa_thread_atexit_impl):
Mangle function pointer before storing it.
(__call_tls_dtors): Demangle function pointer before calling it.
Index: glibc-2.22/stdlib/cxa_thread_atexit_impl.c
===================================================================
--- glibc-2.22.orig/stdlib/cxa_thread_atexit_impl.c
+++ glibc-2.22/stdlib/cxa_thread_atexit_impl.c
@@ -98,6 +98,10 @@ static __thread struct link_map *lm_cach
int
__cxa_thread_atexit_impl (dtor_func func, void *obj, void *dso_symbol)
{
+#ifdef PTR_MANGLE
+ PTR_MANGLE (func);
+#endif
+
/* Prepend. */
struct dtor_list *new = calloc (1, sizeof (struct dtor_list));
new->func = func;
@@ -142,9 +146,13 @@ __call_tls_dtors (void)
while (tls_dtor_list)
{
struct dtor_list *cur = tls_dtor_list;
+ dtor_func func = cur->func;
+#ifdef PTR_DEMANGLE
+ PTR_DEMANGLE (func);
+#endif
tls_dtor_list = tls_dtor_list->next;
- cur->func (cur->obj);
+ func (cur->obj);
/* Ensure that the MAP dereference happens before
l_tls_dtor_count decrement. That way, we protect this access from a
Reference in New Issue View Git Blame Copy Permalink