packages/glibc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport patches for bugfix

Browse Source
This commit is contained in:
wangshuo 2021-01-06 10:10:11 +08:00 committed by liqingqing_1229
parent 2793651bb6
commit 378f51a559
5 changed files with 582 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
backport-Fix-buffer-overrun-in-EUC-KR-conversion-module-bz-24.patch Normal file
View File

@ -0,0 +1,137 @@
From ee7a3144c9922808181009b7b3e50e852fb4999b Mon Sep 17 00:00:00 2001
From: Andreas Schwab <schwab@suse.de>
Date: Mon, 21 Dec 2020 08:56:43 +0530
Subject: [PATCH] Fix buffer overrun in EUC-KR conversion module (bz #24973)
reason:Fix buffer overrun in EUC-KR conversion module (bz #24973)
Conflict:NA
Reference:https://sourceware.org/bugzilla/show_bug.cgi?id=24973
The byte 0xfe as input to the EUC-KR conversion denotes a user-defined
area and is not allowed. The from_euc_kr function used to skip two bytes
when told to skip over the unknown designation, potentially running over
the buffer end.
---
iconvdata/Makefile | 3 ++-
iconvdata/bug-iconv13.c | 53 +++++++++++++++++++++++++++++++++++++++++
iconvdata/euc-kr.c | 6 +----
iconvdata/ksc5601.h | 6 ++---
4 files changed, 59 insertions(+), 9 deletions(-)
create mode 100644 iconvdata/bug-iconv13.c
diff --git a/iconvdata/Makefile b/iconvdata/Makefile
index 97aaffa2..6790e0bd 100644
--- a/iconvdata/Makefile
+++ b/iconvdata/Makefile
@@ -73,7 +73,8 @@ modules.so := $(addsuffix .so, $(modules))
ifeq (yes,$(build-shared))
tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \
tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \
- bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4
+ bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4 \
+ bug-iconv13
ifeq ($(have-thread-library),yes)
tests += bug-iconv3
endif
diff --git a/iconvdata/bug-iconv13.c b/iconvdata/bug-iconv13.c
new file mode 100644
index 00000000..87aaff39
--- /dev/null
+++ b/iconvdata/bug-iconv13.c
@@ -0,0 +1,53 @@
+/* bug 24973: Test EUC-KR module
+ Copyright (C) 2020 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <errno.h>
+#include <iconv.h>
+#include <stdio.h>
+#include <support/check.h>
+
+static int
+do_test (void)
+{
+ iconv_t cd = iconv_open ("UTF-8//IGNORE", "EUC-KR");
+ TEST_VERIFY_EXIT (cd != (iconv_t) -1);
+
+ /* 0xfe (->0x7e : row 94) and 0xc9 (->0x49 : row 41) are user-defined
+ areas, which are not allowed and should be skipped over due to
+ //IGNORE. The trailing 0xfe also is an incomplete sequence, which
+ should be checked first. */
+ char input[4] = { '\xc9', '\xa1', '\0', '\xfe' };
+ char *inptr = input;
+ size_t insize = sizeof (input);
+ char output[4];
+ char *outptr = output;
+ size_t outsize = sizeof (output);
+
+ /* This used to crash due to buffer overrun. */
+ TEST_VERIFY (iconv (cd, &inptr, &insize, &outptr, &outsize) == (size_t) -1);
+ TEST_VERIFY (errno == EINVAL);
+ /* The conversion should produce one character, the converted null
+ character. */
+ TEST_VERIFY (sizeof (output) - outsize == 1);
+
+ TEST_VERIFY_EXIT (iconv_close (cd) != -1);
+
+ return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/iconvdata/euc-kr.c b/iconvdata/euc-kr.c
index 73e02817..dc7eaa65 100644
--- a/iconvdata/euc-kr.c
+++ b/iconvdata/euc-kr.c
@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned char *cp)
\
if (ch <= 0x9f) \
++inptr; \
- /* 0xfe(->0x7e : row 94) and 0xc9(->0x59 : row 41) are \
- user-defined areas. */ \
- else if (__builtin_expect (ch == 0xa0, 0) \
- || __builtin_expect (ch > 0xfe, 0) \
- || __builtin_expect (ch == 0xc9, 0)) \
+ else if (__glibc_unlikely (ch == 0xa0)) \
{ \
/* This is illegal. */ \
STANDARD_FROM_LOOP_ERR_HANDLER (1); \
diff --git a/iconvdata/ksc5601.h b/iconvdata/ksc5601.h
index 5588d3a1..fa2d3067 100644
--- a/iconvdata/ksc5601.h
+++ b/iconvdata/ksc5601.h
@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s, size_t avail, unsigned char offset)
unsigned char ch2;
int idx;
+ if (avail < 2)
+ return 0;
+
/* row 94(0x7e) and row 41(0x49) are user-defined area in KS C 5601 */
if (ch < offset || (ch - offset) <= 0x20 || (ch - offset) >= 0x7e
|| (ch - offset) == 0x49)
return __UNKNOWN_10646_CHAR;
- if (avail < 2)
- return 0;
-
ch2 = (*s)[1];
if (ch2 < offset || (ch2 - offset) <= 0x20 || (ch2 - offset) >= 0x7f)
return __UNKNOWN_10646_CHAR;
--
2.23.0

66
backport-aarch64-fix-stack-missing-after-sp-is-updated.patch Normal file
View File

@ -0,0 +1,66 @@
From cd6274089f7a7603cdaf2a24cef575fa61d3772e Mon Sep 17 00:00:00 2001
From: Shuo Wang <wangshuo47@huawei.com>
Date: Mon, 4 Jan 2021 20:42:52 +0800
Subject: [PATCH] aarch64: fix stack missing after sp is updated
reason:aarch64: fix stack missing after sp is updated
Conflict:NA
Reference:https://sourceware.org/pipermail/libc-alpha/2021-January/121272.html
After sp is updated, the CFA offset should be set before next instruction.
Tested in glibc-2.28:
Thread 2 "xxxxxxx" hit Breakpoint 1, _dl_tlsdesc_dynamic () at ../sysdeps/aarch64/dl-tlsdesc.S:149
149 stp x1, x2, [sp, #-32]!
Missing separate debuginfos, use: dnf debuginfo-install libgcc-7.3.0-20190804.h24.aarch64
(gdb) bt
#0 _dl_tlsdesc_dynamic () at ../sysdeps/aarch64/dl-tlsdesc.S:149
#1 0x0000ffffbe4fbb44 in OurFunction (threadId=3194870184)
at /home/test/test_function.c:30
#2 0x0000000000400c08 in initaaa () at thread.c:58
#3 0x0000000000400c50 in thread_proc (param=0x0) at thread.c:71
#4 0x0000ffffbf6918bc in start_thread (arg=0xfffffffff29f) at pthread_create.c:486
#5 0x0000ffffbf5669ec in thread_start () at ../sysdeps/unix/sysv/linux/aarch64/clone.S:78
(gdb) ni
_dl_tlsdesc_dynamic () at ../sysdeps/aarch64/dl-tlsdesc.S:150
150 stp x3, x4, [sp, #16]
(gdb) bt
#0 _dl_tlsdesc_dynamic () at ../sysdeps/aarch64/dl-tlsdesc.S:150
#1 0x0000ffffbe4fbb44 in OurFunction (threadId=3194870184)
at /home/test/test_function.c:30
#2 0x0000000000000000 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) ni
_dl_tlsdesc_dynamic () at ../sysdeps/aarch64/dl-tlsdesc.S:157
157 mrs x4, tpidr_el0
(gdb) bt
#0 _dl_tlsdesc_dynamic () at ../sysdeps/aarch64/dl-tlsdesc.S:157
#1 0x0000ffffbe4fbb44 in OurFunction (threadId=3194870184)
at /home/test/test_function.c:30
#2 0x0000000000400c08 in initaaa () at thread.c:58
#3 0x0000000000400c50 in thread_proc (param=0x0) at thread.c:71
#4 0x0000ffffbf6918bc in start_thread (arg=0xfffffffff29f) at pthread_create.c:486
#5 0x0000ffffbf5669ec in thread_start () at ../sysdeps/unix/sysv/linux/aarch64/clone.S:78
Signed-off-by: liqingqing <liqingqing3@huawei.com>
Signed-off-by: Shuo Wang <wangshuo47@huawei.com>
---
sysdeps/aarch64/dl-tlsdesc.S | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sysdeps/aarch64/dl-tlsdesc.S b/sysdeps/aarch64/dl-tlsdesc.S
index 43a62ef3..39ef48e9 100644
--- a/sysdeps/aarch64/dl-tlsdesc.S
+++ b/sysdeps/aarch64/dl-tlsdesc.S
@@ -147,8 +147,8 @@ _dl_tlsdesc_dynamic:
/* Save just enough registers to support fast path, if we fall
into slow path we will save additional registers. */
stp x1, x2, [sp, #-32]!
- stp x3, x4, [sp, #16]
cfi_adjust_cfa_offset (32)
+ stp x3, x4, [sp, #16]
cfi_rel_offset (x1, 0)
cfi_rel_offset (x2, 8)
cfi_rel_offset (x3, 16)
--
2.23.0

89
backport-aarch64-push-the-set-of-rules-before-falling-into-sl.patch Normal file
View File

@ -0,0 +1,89 @@
From f5082c70101d5b6c10c312f86c9de7fecf0075b6 Mon Sep 17 00:00:00 2001
From: Shuo Wang <wangshuo47@huawei.com>
Date: Tue, 5 Jan 2021 10:04:12 +0800
Subject: [PATCH] aarch64: push the set of rules before falling into slow path
reason:aarch64: push the set of rules before falling into slow path
Conflict:NA
Reference:https://sourceware.org/pipermail/libc-alpha/2021-January/121330.html
It is supposed to save the rules for the instructions before falling into slow path.
Tested in glibc-2.28 before fixing:
Thread 2 "xxxxxxx" hit Breakpoint 1, _dl_tlsdesc_dynamic () at ../sysdeps/aarch64/dl-tlsdesc.S:149
149 stp x1, x2, [sp, #-32]!
Missing separate debuginfos, use: dnf debuginfo-install libgcc-7.3.0-20190804.h24.aarch64
(gdb) ni
_dl_tlsdesc_dynamic () at ../sysdeps/aarch64/dl-tlsdesc.S:150
150 stp x3, x4, [sp, #16]
(gdb)
_dl_tlsdesc_dynamic () at ../sysdeps/aarch64/dl-tlsdesc.S:157
157 mrs x4, tpidr_el0
(gdb)
158 ldr PTR_REG (1), [x0,#TLSDESC_ARG]
(gdb)
159 ldr PTR_REG (0), [x4,#TCBHEAD_DTV]
(gdb)
160 ldr PTR_REG (3), [x1,#TLSDESC_GEN_COUNT]
(gdb)
161 ldr PTR_REG (2), [x0,#DTV_COUNTER]
(gdb)
162 cmp PTR_REG (3), PTR_REG (2)
(gdb)
163 b.hi 2f
(gdb)
165 ldp PTR_REG (2), PTR_REG (3), [x1,#TLSDESC_MODID]
(gdb)
166 add PTR_REG (0), PTR_REG (0), PTR_REG (2), lsl #(PTR_LOG_SIZE + 1)
(gdb)
167 ldr PTR_REG (0), [x0] /* Load val member of DTV entry. */
(gdb)
168 cmp PTR_REG (0), #TLS_DTV_UNALLOCATED
(gdb)
169 b.eq 2f
(gdb) bt
#0 _dl_tlsdesc_dynamic () at ../sysdeps/aarch64/dl-tlsdesc.S:169
#1 0x0000ffffbe4fbb44 in OurFunction (threadId=4294967295)
at /home/test/test_function.c:30
#2 0x0000000000400c08 in initaaa () at thread.c:58
#3 0x0000000000400c50 in thread_proc (param=0x0) at thread.c:71
#4 0x0000ffffbf6918bc in start_thread (arg=0xfffffffff29f) at pthread_create.c:486
#5 0x0000ffffbf5669ec in thread_start () at ../sysdeps/unix/sysv/linux/aarch64/clone.S:78
(gdb) ni
_dl_tlsdesc_dynamic () at ../sysdeps/aarch64/dl-tlsdesc.S:184
184 stp x29, x30, [sp,#-16*NSAVEXREGPAIRS]!
(gdb) bt
#0 _dl_tlsdesc_dynamic () at ../sysdeps/aarch64/dl-tlsdesc.S:184
#1 0x0000ffffbe4fbb44 in OurFunction (threadId=4294967295)
at /home/test/test_function.c:30
#2 0x0000000000000000 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
Co-authored-by: liqingqing <liqingqing3@huawei.com>
---
sysdeps/aarch64/dl-tlsdesc.S | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sysdeps/aarch64/dl-tlsdesc.S b/sysdeps/aarch64/dl-tlsdesc.S
index 39ef48e9..479a445b 100644
--- a/sysdeps/aarch64/dl-tlsdesc.S
+++ b/sysdeps/aarch64/dl-tlsdesc.S
@@ -167,6 +167,7 @@ _dl_tlsdesc_dynamic:
ldr PTR_REG (0), [x0] /* Load val member of DTV entry. */
cmp PTR_REG (0), #TLS_DTV_UNALLOCATED
b.eq 2f
+ cfi_remember_state
sub PTR_REG (3), PTR_REG (3), PTR_REG (4)
add PTR_REG (0), PTR_REG (0), PTR_REG (3)
1:
@@ -180,6 +181,7 @@ _dl_tlsdesc_dynamic:
callee will trash. */
/* Save the remaining registers that we must treat as caller save. */
+ cfi_restore_state
# define NSAVEXREGPAIRS 8
stp x29, x30, [sp,#-16*NSAVEXREGPAIRS]!
cfi_adjust_cfa_offset (16*NSAVEXREGPAIRS)
--
2.23.0

276
backport-addmntent-Remove-unbounded-alloca-usage-from-getmnte.patch Normal file
View File

@ -0,0 +1,276 @@
From 9798906a426fc458b949271bcc9b8ad1608de867 Mon Sep 17 00:00:00 2001
From: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Tue, 22 Dec 2020 17:18:12 +0530
Subject: [PATCH] addmntent: Remove unbounded alloca usage from getmntent
[BZ#27083]
reason:Remove unbounded alloca usage from getmntent
Conflict:NA
Reference:https://sourceware.org/bugzilla/show_bug.cgi?id=27083
The addmntent function replicates elements of struct mnt on stack
using alloca, which is unsafe. Put characters directly into the
stream, escaping them as they're being written out.
Also add a test to check all escaped characters with addmntent and
getmntent.
---
misc/Makefile | 2 +-
misc/mntent_r.c | 111 ++++++++++++++-------------------------
misc/tst-mntent-escape.c | 101 +++++++++++++++++++++++++++++++++++
3 files changed, 140 insertions(+), 74 deletions(-)
create mode 100644 misc/tst-mntent-escape.c
diff --git a/misc/Makefile b/misc/Makefile
index b7be2bc1..186d3f96 100644
--- a/misc/Makefile
+++ b/misc/Makefile
@@ -84,7 +84,7 @@ tests := tst-dirname tst-tsearch tst-fdset tst-efgcvt tst-mntent tst-hsearch \
tst-error1 tst-pselect tst-insremque tst-mntent2 bug-hsearch1 \
tst-mntent-blank-corrupt tst-mntent-blank-passno bug18240 \
tst-preadvwritev tst-preadvwritev64 tst-makedev tst-empty \
- tst-preadvwritev2 tst-preadvwritev64v2
+ tst-preadvwritev2 tst-preadvwritev64v2 tst-mntent-escape
tests-internal := tst-atomic tst-atomic-long tst-allocate_once
tests-static := tst-empty
diff --git a/misc/mntent_r.c b/misc/mntent_r.c
index 7a826586..440e4e57 100644
--- a/misc/mntent_r.c
+++ b/misc/mntent_r.c
@@ -186,87 +186,52 @@ __getmntent_r (FILE *stream, struct mntent *mp, char *buffer, int bufsiz)
libc_hidden_def (__getmntent_r)
weak_alias (__getmntent_r, getmntent_r)
+/* Write STR into STREAM, escaping whitespaces as we go. Do not check for
+ errors here; we check the stream status in __ADDMNTENT. */
+static void
+write_string (FILE *stream, const char *str)
+{
+ char c;
+ const char *encode_chars = " \t\n\\";
-/* We have to use an encoding for names if they contain spaces or tabs.
- To be able to represent all characters we also have to escape the
- backslash itself. This "function" must be a macro since we use
- `alloca'. */
-#define encode_name(name) \
- do { \
- const char *rp = name; \
- \
- while (*rp != '\0') \
- if (*rp == ' ' || *rp == '\t' || *rp == '\n' || *rp == '\\') \
- break; \
- else \
- ++rp; \
- \
- if (*rp != '\0') \
- { \
- /* In the worst case the length of the string can increase to \
- four times the current length. */ \
- char *wp; \
- \
- rp = name; \
- name = wp = (char *) alloca (strlen (name) * 4 + 1); \
- \
- do \
- if (*rp == ' ') \
- { \
- *wp++ = '\\'; \
- *wp++ = '0'; \
- *wp++ = '4'; \
- *wp++ = '0'; \
- } \
- else if (*rp == '\t') \
- { \
- *wp++ = '\\'; \
- *wp++ = '0'; \
- *wp++ = '1'; \
- *wp++ = '1'; \
- } \
- else if (*rp == '\n') \
- { \
- *wp++ = '\\'; \
- *wp++ = '0'; \
- *wp++ = '1'; \
- *wp++ = '2'; \
- } \
- else if (*rp == '\\') \
- { \
- *wp++ = '\\'; \
- *wp++ = '\\'; \
- } \
- else \
- *wp++ = *rp; \
- while (*rp++ != '\0'); \
- } \
- } while (0)
-
+ while ((c = *str++) != '\0')
+ {
+ if (strchr (encode_chars, c) == NULL)
+ fputc_unlocked (c, stream);
+ else
+ {
+ fputc_unlocked ('\\', stream);
+ fputc_unlocked (((c & 0xc0) >> 6) + '0', stream);
+ fputc_unlocked (((c & 0x38) >> 3) + '0', stream);
+ fputc_unlocked (((c & 0x07) >> 0) + '0', stream);
+ }
+ }
+ fputc_unlocked (' ', stream);
+}
/* Write the mount table entry described by MNT to STREAM.
Return zero on success, nonzero on failure. */
int
__addmntent (FILE *stream, const struct mntent *mnt)
{
- struct mntent mntcopy = *mnt;
+ int ret = 1;
+
if (fseek (stream, 0, SEEK_END))
- return 1;
-
- /* Encode spaces and tabs in the names. */
- encode_name (mntcopy.mnt_fsname);
- encode_name (mntcopy.mnt_dir);
- encode_name (mntcopy.mnt_type);
- encode_name (mntcopy.mnt_opts);
-
- return (fprintf (stream, "%s %s %s %s %d %d\n",
- mntcopy.mnt_fsname,
- mntcopy.mnt_dir,
- mntcopy.mnt_type,
- mntcopy.mnt_opts,
- mntcopy.mnt_freq,
- mntcopy.mnt_passno) < 0
- || fflush (stream) != 0);
+ return ret;
+
+ flockfile (stream);
+
+ write_string (stream, mnt->mnt_fsname);
+ write_string (stream, mnt->mnt_dir);
+ write_string (stream, mnt->mnt_type);
+ write_string (stream, mnt->mnt_opts);
+ fprintf (stream, "%d %d\n", mnt->mnt_freq, mnt->mnt_passno);
+
+ ret = ferror (stream) != 0 || fflush (stream) != 0;
+
+ funlockfile (stream);
+
+ return ret;
}
weak_alias (__addmntent, addmntent)
diff --git a/misc/tst-mntent-escape.c b/misc/tst-mntent-escape.c
new file mode 100644
index 00000000..c1db428a
--- /dev/null
+++ b/misc/tst-mntent-escape.c
@@ -0,0 +1,101 @@
+/* Test mntent interface with escaped sequences.
+ Copyright (C) 2020 Free Software Foundation, Inc.
+
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <mntent.h>
+#include <stdio.h>
+#include <string.h>
+#include <support/check.h>
+
+struct const_mntent
+{
+ const char *mnt_fsname;
+ const char *mnt_dir;
+ const char *mnt_type;
+ const char *mnt_opts;
+ int mnt_freq;
+ int mnt_passno;
+ const char *expected;
+};
+
+struct const_mntent tests[] =
+{
+ {"/dev/hda1", "/some dir", "ext2", "defaults", 1, 2,
+ "/dev/hda1 /some\\040dir ext2 defaults 1 2\n"},
+ {"device name", "/some dir", "tmpfs", "defaults", 1, 2,
+ "device\\040name /some\\040dir tmpfs defaults 1 2\n"},
+ {" ", "/some dir", "tmpfs", "defaults", 1, 2,
+ "\\040 /some\\040dir tmpfs defaults 1 2\n"},
+ {"\t", "/some dir", "tmpfs", "defaults", 1, 2,
+ "\\011 /some\\040dir tmpfs defaults 1 2\n"},
+ {"\\", "/some dir", "tmpfs", "defaults", 1, 2,
+ "\\134 /some\\040dir tmpfs defaults 1 2\n"},
+};
+
+static int
+do_test (void)
+{
+ for (int i = 0; i < sizeof (tests) / sizeof (struct const_mntent); i++)
+ {
+ char buf[128];
+ struct mntent *ret, curtest;
+ FILE *fp = fmemopen (buf, sizeof (buf), "w+");
+
+ if (fp == NULL)
+ {
+ printf ("Failed to open file\n");
+ return 1;
+ }
+
+ curtest.mnt_fsname = strdupa (tests[i].mnt_fsname);
+ curtest.mnt_dir = strdupa (tests[i].mnt_dir);
+ curtest.mnt_type = strdupa (tests[i].mnt_type);
+ curtest.mnt_opts = strdupa (tests[i].mnt_opts);
+ curtest.mnt_freq = tests[i].mnt_freq;
+ curtest.mnt_passno = tests[i].mnt_passno;
+
+ if (addmntent (fp, &curtest) != 0)
+ {
+ support_record_failure ();
+ continue;
+ }
+
+ TEST_COMPARE_STRING (buf, tests[i].expected);
+
+ rewind (fp);
+ ret = getmntent (fp);
+ if (ret == NULL)
+ {
+ support_record_failure ();
+ continue;
+ }
+
+ TEST_COMPARE_STRING(tests[i].mnt_fsname, ret->mnt_fsname);
+ TEST_COMPARE_STRING(tests[i].mnt_dir, ret->mnt_dir);
+ TEST_COMPARE_STRING(tests[i].mnt_type, ret->mnt_type);
+ TEST_COMPARE_STRING(tests[i].mnt_opts, ret->mnt_opts);
+ TEST_COMPARE(tests[i].mnt_freq, ret->mnt_freq);
+ TEST_COMPARE(tests[i].mnt_passno, ret->mnt_passno);
+
+ fclose (fp);
+ }
+
+ return 0;
+}
+
+#include <support/test-driver.c>
--
2.23.0

15
glibc.spec
View File

@ -59,7 +59,7 @@
##############################################################################
Name: glibc
Version: 2.28
Release: 49
Release: 50
Summary: The GNU libc libraries
License: %{all_license}
URL: http://www.gnu.org/software/glibc/
@ -101,6 +101,10 @@ Patch24: backport-x86-Use-one-ldbl2mpn.c-file-for-both-i386-and-x86_64.patch
Patch25: backport-Fix-CVE-2020-29573-x86-Harden-printf-against-non-normal-long-double-val.patch
Patch26: backport-Fix-iconv-buffer-handling-with-IGNORE-error-handler-.patch
Patch27: backport-CVE-2020-29562-iconv-Fix-incorrect-UCS4-inner-loop-bounds-BZ-26923.patch
Patch28: backport-aarch64-fix-stack-missing-after-sp-is-updated.patch
Patch29: backport-aarch64-push-the-set-of-rules-before-falling-into-sl.patch
Patch30: backport-Fix-buffer-overrun-in-EUC-KR-conversion-module-bz-24.patch
Patch31: backport-addmntent-Remove-unbounded-alloca-usage-from-getmnte.patch
Provides: ldconfig rtld(GNU_HASH) bundled(gnulib)
@ -1096,6 +1100,15 @@ fi
%doc hesiod/README.hesiod
%changelog
* Wed Jan 6 2021 Wang Shuo<wangshuo_1994@foxmail.com> - 2.28-50
- Fix stack missing in _dl_tlsdesc_dynamic
Fix buffer overrun in EUC-KR conversion module (bz #24973)
Remove unbounded alloca usage from getmntent [BZ#27083]
https://sourceware.org/pipermail/libc-alpha/2021-January/121272.html
https://sourceware.org/pipermail/libc-alpha/2021-January/121330.html
https://sourceware.org/bugzilla/show_bug.cgi?id=24973
https://sourceware.org/bugzilla/show_bug.cgi?id=27083
* Mon Dec 21 2020 Wang Shuo<wangshuo_1994@foxmail.com> - 2.28-49
- Fix CVE-2020-29562, Fix incorrect UCS4 inner loop bounds (BZ#26923)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29562