forked from pool/glibc
Andreas Schwab
c59611fc72
- i686-memchr-sse.patch: Fix i686 memchr overflow calculation (bsc#1031021, BZ #21182) - sunrpc-use-after-free.patch: Avoid use-after-free read access in clntudp_call (BZ #21115) - Build testsuite with gdb and python-pexpect to enable more tests OBS-URL: https://build.opensuse.org/request/show/483845 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=454
46 lines
1.4 KiB
Diff
46 lines
1.4 KiB
Diff
2017-03-29 Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
|
|
|
[BZ# 21182]
|
|
* string/test-memchr.c (do_test): Add BZ#21182 checks for address
|
|
near end of a page.
|
|
* sysdeps/i386/i686/multiarch/memchr-sse2.S (__memchr): Fix
|
|
overflow calculation.
|
|
|
|
Index: glibc-2.25/string/test-memchr.c
|
|
===================================================================
|
|
--- glibc-2.25.orig/string/test-memchr.c
|
|
+++ glibc-2.25/string/test-memchr.c
|
|
@@ -208,6 +208,12 @@ test_main (void)
|
|
do_test (0, i, i + 1, i + 1, 0);
|
|
}
|
|
|
|
+ /* BZ#21182 - wrong overflow calculation for i686 implementation
|
|
+ with address near end of the page. */
|
|
+ for (i = 2; i < 16; ++i)
|
|
+ /* page_size is in fact getpagesize() * 2. */
|
|
+ do_test (page_size / 2 - i, i, i, 1, 0x9B);
|
|
+
|
|
do_random_tests ();
|
|
return ret;
|
|
}
|
|
Index: glibc-2.25/sysdeps/i386/i686/multiarch/memchr-sse2.S
|
|
===================================================================
|
|
--- glibc-2.25.orig/sysdeps/i386/i686/multiarch/memchr-sse2.S
|
|
+++ glibc-2.25/sysdeps/i386/i686/multiarch/memchr-sse2.S
|
|
@@ -117,7 +117,6 @@ L(crosscache):
|
|
|
|
# ifndef USE_AS_RAWMEMCHR
|
|
jnz L(match_case2_prolog1)
|
|
- lea -16(%edx), %edx
|
|
/* Calculate the last acceptable address and check for possible
|
|
addition overflow by using satured math:
|
|
edx = ecx + edx
|
|
@@ -125,6 +124,7 @@ L(crosscache):
|
|
add %ecx, %edx
|
|
sbb %eax, %eax
|
|
or %eax, %edx
|
|
+ sub $16, %edx
|
|
jbe L(return_null)
|
|
lea 16(%edi), %edi
|
|
# else
|