This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch master updated. glibc-2.21-215-g2b02856

From: fw at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 23 Mar 2015 15:21:24 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.21-215-g2b02856

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  2b028564f14d20cdda0c00d8ba100695b40501f5 (commit)
      from  59261ad3eb345e0d7b9f5c73e1a09d046991cea5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2b028564f14d20cdda0c00d8ba100695b40501f5

commit 2b028564f14d20cdda0c00d8ba100695b40501f5
Author: Florian Weimer <fweimer@redhat.com>
Date:   Mon Mar 23 16:12:38 2015 +0100

    Avoid SIGFPE in wordexp [BZ #18100]
    
    Check for a zero divisor and integer overflow before performing
    division in arithmetic expansion.

diff --git a/ChangeLog b/ChangeLog
index 2a9b972..c1b9106 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2015-03-23  Florian Weimer  <fweimer@redhat.com>
+
+	[BZ #18100]
+	* posix/wordexp.c (eval_expr_multdiv): Check for division by zero
+	and integer overflow.
+	* posix/wordexp-test.c (test_case): Add divide-by-zero test.
+	(main): Add integer overflow tests.
+	* manual/pattern.texi (Calling Wordexp): Document additional use
+	for WRDE_SYNTAX.
+
 2015-03-23  Alan Modra  <amodra@gmail.com>
 
 	* config.h.in: Remove HAVE_ASM_PPC_REL16.
diff --git a/NEWS b/NEWS
index 7c8a557..aec1957 100644
--- a/NEWS
+++ b/NEWS
@@ -14,8 +14,8 @@ Version 2.22
   17621, 17628, 17631, 17711, 17776, 17779, 17792, 17836, 17912, 17916,
   17932, 17944, 17949, 17964, 17965, 17967, 17969, 17978, 17987, 17991,
   17996, 17998, 17999, 18019, 18020, 18029, 18030, 18032, 18036, 18038,
-  18039, 18042, 18043, 18046, 18047, 18068, 18080, 18093, 18104, 18110,
-  18111, 18128, 18138.
+  18039, 18042, 18043, 18046, 18047, 18068, 18080, 18093, 18100, 18104,
+  18110, 18111, 18128, 18138.
 
 * Character encoding and ctype tables were updated to Unicode 7.0.0, using
   new generator scripts contributed by Pravin Satpute and Mike FABIAN (Red
diff --git a/manual/pattern.texi b/manual/pattern.texi
index da848c3..d1b9275 100644
--- a/manual/pattern.texi
+++ b/manual/pattern.texi
@@ -2006,7 +2006,8 @@ allocate room for.
 @comment POSIX.2
 @item WRDE_SYNTAX
 There was a syntax error in the input string.  For example, an unmatched
-quoting character is a syntax error.
+quoting character is a syntax error.  This error code is also used to
+signal division by zero and overflow in arithmetic expansion.
 @end table
 @end deftypefun
 
diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
index 0a353a4..73f1b7d 100644
--- a/posix/wordexp-test.c
+++ b/posix/wordexp-test.c
@@ -237,6 +237,7 @@ struct test_case_struct
     { WRDE_SYNTAX, NULL, "`\\", 0, 0, { NULL, }, IFS },     /* BZ 18042  */
     { WRDE_SYNTAX, NULL, "${", 0, 0, { NULL, }, IFS },      /* BZ 18043  */
     { WRDE_SYNTAX, NULL, "L${a:", 0, 0, { NULL, }, IFS },   /* BZ 18043#c4  */
+    { WRDE_SYNTAX, NULL, "$[1/0]", WRDE_NOCMD, 0, {NULL, }, IFS }, /* BZ 18100 */
 
     { -1, NULL, NULL, 0, 0, { NULL, }, IFS },
   };
@@ -362,6 +363,45 @@ main (int argc, char *argv[])
 	++fail;
     }
 
+  /* Integer overflow in division.  */
+  {
+    static const char *const numbers[] = {
+      "0",
+      "1",
+      "65536",
+      "2147483648",
+      "4294967296"
+      "9223372036854775808",
+      "18446744073709551616",
+      "170141183460469231731687303715884105728",
+      "340282366920938463463374607431768211456",
+      NULL
+    };
+
+    for (const char *const *num = numbers; *num; ++num)
+      {
+	wordexp_t p;
+	char pattern[256];
+	snprintf (pattern, sizeof (pattern), "$[(-%s)/(-1)]", *num);
+	int ret = wordexp (pattern, &p, WRDE_NOCMD);
+	if (ret == 0)
+	  {
+	    if (p.we_wordc != 1 || strcmp (p.we_wordv[0], *num) != 0)
+	      {
+		printf ("Integer overflow for \"%s\" failed", pattern);
+		++fail;
+	      }
+	    wordfree (&p);
+	  }
+	else if (ret != WRDE_SYNTAX)
+	  {
+	    printf ("Integer overflow for \"%s\" failed with %d",
+		    pattern, ret);
+	    ++fail;
+	  }
+      }
+  }
+
   puts ("tests completed, now cleaning up");
 
   /* Clean up */
diff --git a/posix/wordexp.c b/posix/wordexp.c
index f6062d5..e711d43 100644
--- a/posix/wordexp.c
+++ b/posix/wordexp.c
@@ -617,6 +617,10 @@ eval_expr_multdiv (char **expr, long int *result)
 	  if (eval_expr_val (expr, &arg) != 0)
 	    return WRDE_SYNTAX;
 
+	  /* Division by zero or integer overflow.  */
+	  if (arg == 0 || (arg == -1 && *result == LONG_MIN))
+	    return WRDE_SYNTAX;
+
 	  *result /= arg;
 	}
       else break;

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog            |   10 ++++++++++
 NEWS                 |    4 ++--
 manual/pattern.texi  |    3 ++-
 posix/wordexp-test.c |   40 ++++++++++++++++++++++++++++++++++++++++
 posix/wordexp.c      |    4 ++++
 5 files changed, 58 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]