This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.21-104-gbdf1ff0
- From: ppluzhnikov at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 22 Feb 2015 20:02:39 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.21-104-gbdf1ff0
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via bdf1ff052a8e23d637f2c838fa5642d78fcedc33 (commit)
from 9529611240b612fec59e289673d05f83396aede4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33
commit bdf1ff052a8e23d637f2c838fa5642d78fcedc33
Author: Paul Pluzhnikov <ppluzhnikov@google.com>
Date: Sun Feb 22 12:01:47 2015 -0800
Fix BZ #17269 -- _IO_wstr_overflow integer overflow
diff --git a/ChangeLog b/ChangeLog
index 18961d8..9ae6b8b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2015-02-22 Paul Pluzhnikov <ppluzhnikov@google.com>
+
+ [BZ #17269]
+ * libio/wstrops.c (_IO_wstr_overflow): Guard against integer overflow
+ (enlarge_userbuf): Likewise.
+
2015-02-22 Chung-Lin Tang <cltang@codesourcery.com>
* libio/tst-memstream2.c (TIMEOUT): Define as 100.
diff --git a/NEWS b/NEWS
index 5eb79d2..28ef45d 100644
--- a/NEWS
+++ b/NEWS
@@ -9,9 +9,9 @@ Version 2.22
* The following bugs are resolved with this release:
- 4719, 13064, 14094, 15319, 15467, 15790, 16560, 17569, 17588, 17792,
- 17912, 17932, 17944, 17949, 17964, 17965, 17967, 17969, 17978, 17987,
- 17991, 17996, 17998, 17999.
+ 4719, 13064, 14094, 15319, 15467, 15790, 16560, 17269, 17569, 17588,
+ 17792, 17912, 17932, 17944, 17949, 17964, 17965, 17967, 17969, 17978,
+ 17987, 17991, 17996, 17998, 17999.
* Character encoding and ctype tables were updated to Unicode 7.0.0, using
new generator scripts contributed by Pravin Satpute and Mike FABIAN (Red
diff --git a/libio/wstrops.c b/libio/wstrops.c
index 43d847d..3993579 100644
--- a/libio/wstrops.c
+++ b/libio/wstrops.c
@@ -95,8 +95,11 @@ _IO_wstr_overflow (fp, c)
wchar_t *old_buf = fp->_wide_data->_IO_buf_base;
size_t old_wblen = _IO_wblen (fp);
_IO_size_t new_size = 2 * old_wblen + 100;
- if (new_size < old_wblen)
+
+ if (__glibc_unlikely (new_size < old_wblen)
+ || __glibc_unlikely (new_size > SIZE_MAX / sizeof (wchar_t)))
return EOF;
+
new_buf
= (wchar_t *) (*((_IO_strfile *) fp)->_s._allocate_buffer) (new_size
* sizeof (wchar_t));
@@ -186,6 +189,9 @@ enlarge_userbuf (_IO_FILE *fp, _IO_off64_t offset, int reading)
return 1;
_IO_size_t newsize = offset + 100;
+ if (__glibc_unlikely (newsize > SIZE_MAX / sizeof (wchar_t)))
+ return 1;
+
wchar_t *oldbuf = wd->_IO_buf_base;
wchar_t *newbuf
= (wchar_t *) (*((_IO_strfile *) fp)->_s._allocate_buffer) (newsize
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 6 ++++++
NEWS | 6 +++---
libio/wstrops.c | 8 +++++++-
3 files changed, 16 insertions(+), 4 deletions(-)
hooks/post-receive
--
GNU C Library master sources