This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch master updated. glibc-2.18-759-g94c8a4b

From: neleai at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 7 Jan 2014 11:06:18 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.18-759-g94c8a4b

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  94c8a4bc574c58f90a41c5a0fd719608741d3bae (commit)
      from  b513cbf751bc891f5f9dce96fba4a5b295f8f840 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=94c8a4bc574c58f90a41c5a0fd719608741d3bae

commit 94c8a4bc574c58f90a41c5a0fd719608741d3bae
Author: OndÅ?ej BÃlka <neleai@seznam.cz>
Date:   Tue Jan 7 12:02:15 2014 +0100

    Fix integer overflow in vfwprintf. Fixes bug 14286.

diff --git a/ChangeLog b/ChangeLog
index 50dd9b4..be41012 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2014-01-07  OndÅ?ej BÃlka  <neleai@seznam.cz>
+
+	[BZ #14286]
+	* stdio-common/vfprintf.c: Check for integer overflow.
+
 2014-01-07  Andreas Krebbel  <Andreas.Krebbel@de.ibm.com>
 
 	* sysdeps/s390/dl-tls.h: sysdeps/s390/dl-tls.h: Remove casts for
diff --git a/NEWS b/NEWS
index ab3b882..a3030eb 100644
--- a/NEWS
+++ b/NEWS
@@ -11,20 +11,20 @@ Version 2.19
 
   156, 387, 431, 762, 832, 926, 2801, 4772, 6786, 6787, 6807, 6810, 7003,
   9954, 10253, 10278, 11087, 11157, 11214, 12100, 12486, 12986, 13028,
-  13982, 13985, 14029, 14032, 14120, 14143, 14155, 14547, 14699, 14752,
-  14876, 14910, 15004, 15048, 15073, 15089, 15128, 15218, 15268, 15277,
-  15308, 15362, 15374, 15400, 15425, 15427, 15483, 15522, 15531, 15532,
-  15593, 15601, 15608, 15609, 15610, 15632, 15640, 15670, 15672, 15680,
-  15681, 15723, 15734, 15735, 15736, 15748, 15749, 15754, 15760, 15763,
-  15764, 15797, 15799, 15825, 15843, 15844, 15846, 15847, 15849, 15855,
-  15856, 15857, 15859, 15867, 15886, 15887, 15890, 15892, 15893, 15895,
-  15897, 15901, 15905, 15909, 15915, 15917, 15919, 15921, 15923, 15939,
-  15941, 15948, 15963, 15966, 15985, 15988, 15997, 16032, 16034, 16036,
-  16037, 16038, 16041, 16055, 16071, 16072, 16074, 16077, 16078, 16103,
-  16112, 16143, 16144, 16146, 16150, 16151, 16153, 16167, 16172, 16195,
-  16214, 16245, 16271, 16274, 16283, 16289, 16293, 16314, 16316, 16330,
-  16337, 16338, 16356, 16365, 16366, 16369, 16372, 16375, 16379, 16384,
-  16385, 16386, 16390, 16400.
+  13982, 13985, 14029, 14032, 14120, 14143, 14155, 14286, 14547, 14699,
+  14752, 14876, 14910, 15004, 15048, 15073, 15089, 15128, 15218, 15268,
+  15277, 15308, 15362, 15374, 15400, 15425, 15427, 15483, 15522, 15531,
+  15532, 15593, 15601, 15608, 15609, 15610, 15632, 15640, 15670, 15672,
+  15680, 15681, 15723, 15734, 15735, 15736, 15748, 15749, 15754, 15760,
+  15763, 15764, 15797, 15799, 15825, 15843, 15844, 15846, 15847, 15849,
+  15855, 15856, 15857, 15859, 15867, 15886, 15887, 15890, 15892, 15893,
+  15895, 15897, 15901, 15905, 15909, 15915, 15917, 15919, 15921, 15923,
+  15939, 15941, 15948, 15963, 15966, 15985, 15988, 15997, 16032, 16034,
+  16036, 16037, 16038, 16041, 16055, 16071, 16072, 16074, 16077, 16078,
+  16103, 16112, 16143, 16144, 16146, 16150, 16151, 16153, 16167, 16172,
+  16195, 16214, 16245, 16271, 16274, 16283, 16289, 16293, 16314, 16316,
+  16330, 16337, 16338, 16356, 16365, 16366, 16369, 16372, 16375, 16379,
+  16384, 16385, 16386, 16390, 16400.
 
 * Slovenian translations for glibc messages have been contributed by the
   Translation Project's Slovenian team of translators.
diff --git a/stdio-common/vfprintf.c b/stdio-common/vfprintf.c
index 115beab..f7e5f61 100644
--- a/stdio-common/vfprintf.c
+++ b/stdio-common/vfprintf.c
@@ -1067,7 +1067,13 @@ vfprintf (FILE *s, const CHAR_T *format, va_list ap)
 	    /* Allocate dynamically an array which definitely is long	      \
 	       enough for the wide character version.  Each byte in the	      \
 	       multi-byte string can produce at most one wide character.  */  \
-	    if (__libc_use_alloca (len * sizeof (wchar_t)))		      \
+	    if (__glibc_unlikely (len > SIZE_MAX / sizeof (wchar_t)))	      \
+	      {								      \
+		__set_errno (EOVERFLOW);				      \
+		done = -1;						      \
+		goto all_done;						      \
+	      }								      \
+	    else if (__libc_use_alloca (len * sizeof (wchar_t)))	      \
 	      string = (CHAR_T *) alloca (len * sizeof (wchar_t));	      \
 	    else if ((string = (CHAR_T *) malloc (len * sizeof (wchar_t)))    \
 		     == NULL)						      \

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog               |    5 +++++
 NEWS                    |   28 ++++++++++++++--------------
 stdio-common/vfprintf.c |    8 +++++++-
 3 files changed, 26 insertions(+), 15 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]