This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

GNU C Library master sources branch master updated. glibc-2.17-806-g5865a56


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  5865a56bf4e31c5a152e46454367a99c5971ac02 (commit)
      from  c204ab284bc3ef492f5a5201bd6131032bfd471a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5865a56bf4e31c5a152e46454367a99c5971ac02

commit 5865a56bf4e31c5a152e46454367a99c5971ac02
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Fri Jun 14 01:20:06 2013 +0530

    Avoid access beyond memory bounds in pthread_attr_getaffinity_np
    
    Resolves BZ #15618.
    
    pthread_attr_getaffinity_np may write beyond bounds of the input
    cpuset buffer if the size of the input buffer is smaller than the
    buffer present in the input pthread attributes.  Fix is to copy to the
    extent of the minimum of the source and the destination.

diff --git a/NEWS b/NEWS
index 42dfece..afbcacc 100644
--- a/NEWS
+++ b/NEWS
@@ -20,7 +20,7 @@ Version 2.18
   15380, 15381, 15394, 15395, 15405, 15406, 15409, 15416, 15418, 15419,
   15423, 15424, 15426, 15429, 15431, 15432, 15441, 15442, 15448, 15465,
   15480, 15485, 15488, 15490, 15493, 15497, 15506, 15529, 15536, 15553,
-  15577, 15583.
+  15577, 15583, 15618.
 
 * CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla
   #15078).
diff --git a/nptl/ChangeLog b/nptl/ChangeLog
index 8fb473f..64b674c 100644
--- a/nptl/ChangeLog
+++ b/nptl/ChangeLog
@@ -1,3 +1,13 @@
+2013-06-13  Siddhesh Poyarekar  <siddhesh@redhat.com>
+	    Carlos O'Donell  <carlos@redhat.com>
+
+	[BZ #15618]
+	* tst-pthread-attr-affinity: New test case.
+	* Makefile (tests): Add it.
+	* sysdeps/unix/sysv/linux/pthread_attr_getaffinity.c
+	(__pthread_attr_getaffinity_new): Copy minimum of source and
+	destination sizes to avoid a buffer overrun.
+
 2013-06-10  Carlos O'Donell  <carlos@redhat.com>
 
 	* sysdeps/unix/sysv/linux/i386/lowlevellock.h
diff --git a/nptl/Makefile b/nptl/Makefile
index 7fa991b..4788bd8 100644
--- a/nptl/Makefile
+++ b/nptl/Makefile
@@ -252,6 +252,7 @@ tests = tst-typesizes \
 	tst-exit1 tst-exit2 tst-exit3 \
 	tst-stdio1 tst-stdio2 \
 	tst-stack1 tst-stack2 tst-stack3 tst-pthread-getattr \
+	tst-pthread-attr-affinity \
 	tst-unload \
 	tst-dlsym1 \
 	tst-sysconf \
diff --git a/nptl/sysdeps/unix/sysv/linux/pthread_attr_getaffinity.c b/nptl/sysdeps/unix/sysv/linux/pthread_attr_getaffinity.c
index 00bb29b..2a60f8e 100644
--- a/nptl/sysdeps/unix/sysv/linux/pthread_attr_getaffinity.c
+++ b/nptl/sysdeps/unix/sysv/linux/pthread_attr_getaffinity.c
@@ -42,7 +42,12 @@ __pthread_attr_getaffinity_new (const pthread_attr_t *attr, size_t cpusetsize,
 	if (((char *) iattr->cpuset)[cnt] != 0)
 	  return EINVAL;
 
-      void *p = mempcpy (cpuset, iattr->cpuset, iattr->cpusetsize);
+      /* Copy over the cpuset from the thread attribute object.  Limit the copy
+	 to the minimum of the source and destination sizes to prevent a buffer
+	 overrun.  If the destination is larger, fill the remaining space with
+	 zeroes.  */
+      void *p = mempcpy (cpuset, iattr->cpuset,
+			 MIN (iattr->cpusetsize, cpusetsize));
       if (cpusetsize > iattr->cpusetsize)
 	memset (p, '\0', cpusetsize - iattr->cpusetsize);
     }
diff --git a/nptl/tst-pthread-attr-affinity.c b/nptl/tst-pthread-attr-affinity.c
new file mode 100644
index 0000000..eab0820
--- /dev/null
+++ b/nptl/tst-pthread-attr-affinity.c
@@ -0,0 +1,63 @@
+/* Make sure that pthread_attr_getaffinity_np does not crash when the input
+   cpuset size is smaller than that in the attribute structure.
+
+   Copyright (C) 2013 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <pthread.h>
+#include <stdio.h>
+#include <sched.h>
+#include <errno.h>
+#include <sys/param.h>
+
+
+#define RETURN_IF_FAIL(f, ...) \
+  ({									      \
+    int ret = f (__VA_ARGS__);						      \
+    if (ret != 0)							      \
+      {									      \
+	printf ("%s:%d: %s returned %d (errno = %d)\n", __FILE__, __LINE__,   \
+		#f, ret, errno);					      \
+	return ret;							      \
+      }									      \
+  })
+
+static int
+do_test (void)
+{
+  for (int i = 0; i < 10; i++)
+    {
+      pthread_attr_t attr;
+      cpu_set_t *cpuset = CPU_ALLOC (512);
+      size_t cpusetsize = CPU_ALLOC_SIZE (512);
+      CPU_ZERO_S (cpusetsize, cpuset);
+
+      RETURN_IF_FAIL (pthread_attr_init, &attr);
+      RETURN_IF_FAIL (pthread_attr_setaffinity_np, &attr, cpusetsize, cpuset);
+      CPU_FREE (cpuset);
+
+      cpuset = CPU_ALLOC (1);
+      cpusetsize = CPU_ALLOC_SIZE (1);
+      RETURN_IF_FAIL (pthread_attr_getaffinity_np, &attr, cpusetsize, cpuset);
+      CPU_FREE (cpuset);
+    }
+  return 0;
+}
+
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"

-----------------------------------------------------------------------

Summary of changes:
 NEWS                                               |    2 +-
 nptl/ChangeLog                                     |   10 +++
 nptl/Makefile                                      |    1 +
 .../unix/sysv/linux/pthread_attr_getaffinity.c     |    7 ++-
 nptl/tst-pthread-attr-affinity.c                   |   63 ++++++++++++++++++++
 5 files changed, 81 insertions(+), 2 deletions(-)
 create mode 100644 nptl/tst-pthread-attr-affinity.c


hooks/post-receive
-- 
GNU C Library master sources


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]