This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch, master, updated. glibc-2.11-172-g8549abc
- From: drepper at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 22 Jan 2010 20:45:54 -0000
- Subject: GNU C Library master sources branch, master, updated. glibc-2.11-172-g8549abc
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 8549abcb9ca4d7857cc457aaa17c2073522804f4 (commit)
via 8b2f25c23374fe79645499b8095f0d2f6eb24f71 (commit)
via aef699dce14a56ff0f212f533e5ea485d3cec96a (commit)
via 74bc9f14db655d2fdc9018d396af326e9b9bdf3f (commit)
via 42a2c9b5c3c92f7e2f556d7bc9dc80e557484574 (commit)
via eadc09f22cd81dd0153fba0fd8514261ea9b4196 (commit)
via 4cd028677b55c8be454bb06f0b28a8b41beffe9b (commit)
via daa8454919de6c4e8b914c5d45276abd20baab08 (commit)
via d044d844dd011bb26317ac36da2d22ebe19621b1 (commit)
from 5ddf954cf19d43f54ba44f487427d210952e1236 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8549abcb9ca4d7857cc457aaa17c2073522804f4
commit 8549abcb9ca4d7857cc457aaa17c2073522804f4
Author: Ulrich Drepper <drepper@redhat.com>
Date: Fri Jan 22 12:45:43 2010 -0800
Add BZ number.
diff --git a/ChangeLog b/ChangeLog
index 28953a7..56f5e45 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
2010-01-22 Ulrich Drepper <drepper@redhat.com>
+ [BZ #11200]
* locale/loadlocale.c (_nl_load_locale): Fix recognition of genuine
mmap resource problem. Patch by Joe Landers <jlanders@vmware.com>.
http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8b2f25c23374fe79645499b8095f0d2f6eb24f71
commit 8b2f25c23374fe79645499b8095f0d2f6eb24f71
Author: Joe Landers <jlanders@vmware.com>
Date: Fri Jan 22 12:44:58 2010 -0800
_nl_load_locale() incorrectly handles mmap() failures
diff --git a/ChangeLog b/ChangeLog
index 91725d5..28953a7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2010-01-22 Ulrich Drepper <drepper@redhat.com>
+
+ * locale/loadlocale.c (_nl_load_locale): Fix recognition of genuine
+ mmap resource problem. Patch by Joe Landers <jlanders@vmware.com>.
+
2010-01-22 Jim Meyering <jim@meyering.net>
[BZ #11193]
diff --git a/locale/loadlocale.c b/locale/loadlocale.c
index 6ef25b0..61e6f7f 100644
--- a/locale/loadlocale.c
+++ b/locale/loadlocale.c
@@ -224,6 +224,7 @@ _nl_load_locale (struct loaded_l10nfile *file, int category)
PROT_READ, MAP_FILE|MAP_COPY, fd, 0);
if (__builtin_expect (filedata == MAP_FAILED, 0))
{
+ filedata = NULL;
if (__builtin_expect (errno, ENOSYS) == ENOSYS)
{
#endif /* _POSIX_MAPPED_FILES */
http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=aef699dce14a56ff0f212f533e5ea485d3cec96a
commit aef699dce14a56ff0f212f533e5ea485d3cec96a
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Fri Jan 22 12:41:12 2010 -0800
regexec.c: avoid overflow in realloc buffer length computation
diff --git a/ChangeLog b/ChangeLog
index 969326d..91725d5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
2010-01-22 Jim Meyering <jim@meyering.net>
+ [BZ #11193]
+ * posix/regexec.c (extend_buffers): Avoid overflow in realloc
+ buffer length computation.
+
[BZ #11192]
* posix/regexec.c (re_copy_regs): Don't leak when allocation
of the start buffer succeeds but allocation of the "end" one fails.
diff --git a/posix/regexec.c b/posix/regexec.c
index 949c170..f877016 100644
--- a/posix/regexec.c
+++ b/posix/regexec.c
@@ -4104,6 +4104,10 @@ extend_buffers (re_match_context_t *mctx)
reg_errcode_t ret;
re_string_t *pstr = &mctx->input;
+ /* Avoid overflow. */
+ if (BE (INT_MAX / 2 / sizeof (re_dfastate_t *) <= pstr->bufs_len, 0))
+ return REG_ESPACE;
+
/* Double the lengthes of the buffers. */
ret = re_string_realloc_buffers (pstr, pstr->bufs_len * 2);
if (BE (ret != REG_NOERROR, 0))
http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=74bc9f14db655d2fdc9018d396af326e9b9bdf3f
commit 74bc9f14db655d2fdc9018d396af326e9b9bdf3f
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Fri Jan 22 12:33:58 2010 -0800
regexec.c: avoid leaks on out-of-memory failure paths
diff --git a/ChangeLog b/ChangeLog
index e6167fa..969326d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
2010-01-22 Jim Meyering <jim@meyering.net>
+ [BZ #11192]
+ * posix/regexec.c (re_copy_regs): Don't leak when allocation
+ of the start buffer succeeds but allocation of the "end" one fails.
+
[BZ #11191]
* posix/regexec.c (re_search_2_stub): Check for overflow
when adding the sizes of the two strings.
diff --git a/posix/regexec.c b/posix/regexec.c
index bad52ac..949c170 100644
--- a/posix/regexec.c
+++ b/posix/regexec.c
@@ -509,9 +509,14 @@ re_copy_regs (regs, pmatch, nregs, regs_allocated)
if (regs_allocated == REGS_UNALLOCATED)
{ /* No. So allocate them with malloc. */
regs->start = re_malloc (regoff_t, need_regs);
- regs->end = re_malloc (regoff_t, need_regs);
- if (BE (regs->start == NULL, 0) || BE (regs->end == NULL, 0))
+ if (BE (regs->start == NULL, 0))
return REGS_UNALLOCATED;
+ regs->end = re_malloc (regoff_t, need_regs);
+ if (BE (regs->end == NULL, 0))
+ {
+ re_free (regs->start);
+ return REGS_UNALLOCATED;
+ }
regs->num_regs = need_regs;
}
else if (regs_allocated == REGS_REALLOCATE)
@@ -521,9 +526,15 @@ re_copy_regs (regs, pmatch, nregs, regs_allocated)
if (BE (need_regs > regs->num_regs, 0))
{
regoff_t *new_start = re_realloc (regs->start, regoff_t, need_regs);
- regoff_t *new_end = re_realloc (regs->end, regoff_t, need_regs);
- if (BE (new_start == NULL, 0) || BE (new_end == NULL, 0))
+ regoff_t *new_end;
+ if (BE (new_start == NULL, 0))
return REGS_UNALLOCATED;
+ new_end = re_realloc (regs->end, regoff_t, need_regs);
+ if (BE (new_end == NULL, 0))
+ {
+ re_free (new_start);
+ return REGS_UNALLOCATED;
+ }
regs->start = new_start;
regs->end = new_end;
regs->num_regs = need_regs;
http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=42a2c9b5c3c92f7e2f556d7bc9dc80e557484574
commit 42a2c9b5c3c92f7e2f556d7bc9dc80e557484574
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Fri Jan 22 12:22:18 2010 -0800
regexec.c: avoid overflow in computing sum of lengths
diff --git a/ChangeLog b/ChangeLog
index 31251f1..e6167fa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
2010-01-22 Jim Meyering <jim@meyering.net>
+ [BZ #11191]
+ * posix/regexec.c (re_search_2_stub): Check for overflow
+ when adding the sizes of the two strings.
+
[BZ #11190]
* posix/regexec.c (re_search_internal): Avoid overflow
in computing re_malloc buffer size.
diff --git a/posix/regexec.c b/posix/regexec.c
index 11f3d31..bad52ac 100644
--- a/posix/regexec.c
+++ b/posix/regexec.c
@@ -370,7 +370,7 @@ re_search_2_stub (bufp, string1, length1, string2, length2, start, range, regs,
int len = length1 + length2;
char *s = NULL;
- if (BE (length1 < 0 || length2 < 0 || stop < 0, 0))
+ if (BE (length1 < 0 || length2 < 0 || stop < 0 || len < length1, 0))
return -2;
/* Concatenate the strings. */
http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=eadc09f22cd81dd0153fba0fd8514261ea9b4196
commit eadc09f22cd81dd0153fba0fd8514261ea9b4196
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Fri Jan 22 12:15:53 2010 -0800
re_search_internal: Avoid overflow in computing re_malloc buffer size
diff --git a/ChangeLog b/ChangeLog
index 1975f6d..31251f1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
2010-01-22 Jim Meyering <jim@meyering.net>
+ [BZ #11190]
+ * posix/regexec.c (re_search_internal): Avoid overflow
+ in computing re_malloc buffer size.
+
[BZ #11189]
* posix/regexec.c (prune_impossible_nodes): Avoid overflow
in computing re_malloc buffer size.
diff --git a/posix/regexec.c b/posix/regexec.c
index a3a7a60..11f3d31 100644
--- a/posix/regexec.c
+++ b/posix/regexec.c
@@ -691,6 +691,13 @@ re_search_internal (preg, string, length, start, range, stop, nmatch, pmatch,
multi character collating element. */
if (nmatch > 1 || dfa->has_mb_node)
{
+ /* Avoid overflow. */
+ if (BE (SIZE_MAX / sizeof (re_dfastate_t *) <= mctx.input.bufs_len, 0))
+ {
+ err = REG_ESPACE;
+ goto free_return;
+ }
+
mctx.state_log = re_malloc (re_dfastate_t *, mctx.input.bufs_len + 1);
if (BE (mctx.state_log == NULL, 0))
{
http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4cd028677b55c8be454bb06f0b28a8b41beffe9b
commit 4cd028677b55c8be454bb06f0b28a8b41beffe9b
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Fri Jan 22 12:03:56 2010 -0800
prune_impossible_nodes: Avoid overflow in computing re_malloc buffer size
diff --git a/ChangeLog b/ChangeLog
index 9b3fe33..1975f6d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
2010-01-22 Jim Meyering <jim@meyering.net>
+ [BZ #11189]
+ * posix/regexec.c (prune_impossible_nodes): Avoid overflow
+ in computing re_malloc buffer size.
+
[BZ #11188]
* posix/regexec.c (build_trtable): Avoid arithmetic overflow
in size calculation.
diff --git a/posix/regexec.c b/posix/regexec.c
index 3765d00..a3a7a60 100644
--- a/posix/regexec.c
+++ b/posix/regexec.c
@@ -949,6 +949,11 @@ prune_impossible_nodes (mctx)
#endif
match_last = mctx->match_last;
halt_node = mctx->last_node;
+
+ /* Avoid overflow. */
+ if (BE (SIZE_MAX / sizeof (re_dfastate_t *) <= match_last, 0))
+ return REG_ESPACE;
+
sifted_states = re_malloc (re_dfastate_t *, match_last + 1);
if (BE (sifted_states == NULL, 0))
{
http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=daa8454919de6c4e8b914c5d45276abd20baab08
commit daa8454919de6c4e8b914c5d45276abd20baab08
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Fri Jan 22 10:52:38 2010 -0800
regexec.c: avoid arithmetic overflow in buffer size calculation
diff --git a/ChangeLog b/ChangeLog
index c4fb74f..9b3fe33 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
2010-01-22 Jim Meyering <jim@meyering.net>
+ [BZ #11188]
+ * posix/regexec.c (build_trtable): Avoid arithmetic overflow
+ in size calculation.
+
[BZ #11187]
* posix/regexec.c (re_search_2_stub): Use simpler method than
boolean for freeing internal storage.
diff --git a/posix/regexec.c b/posix/regexec.c
index c7d0b37..3765d00 100644
--- a/posix/regexec.c
+++ b/posix/regexec.c
@@ -3359,6 +3359,13 @@ build_trtable (const re_dfa_t *dfa, re_dfastate_t *state)
if (BE (err != REG_NOERROR, 0))
goto out_free;
+ /* Avoid arithmetic overflow in size calculation. */
+ if (BE ((((SIZE_MAX - (sizeof (re_node_set) + sizeof (bitset_t)) * SBC_MAX)
+ / (3 * sizeof (re_dfastate_t *)))
+ < ndests),
+ 0))
+ goto out_free;
+
if (__libc_use_alloca ((sizeof (re_node_set) + sizeof (bitset_t)) * SBC_MAX
+ ndests * 3 * sizeof (re_dfastate_t *)))
dest_states = (re_dfastate_t **)
http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d044d844dd011bb26317ac36da2d22ebe19621b1
commit d044d844dd011bb26317ac36da2d22ebe19621b1
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Fri Jan 22 10:39:59 2010 -0800
regexec.c: simplify re_search_2_stub
diff --git a/ChangeLog b/ChangeLog
index 14e3199..c4fb74f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2010-01-22 Jim Meyering <jim@meyering.net>
+
+ [BZ #11187]
+ * posix/regexec.c (re_search_2_stub): Use simpler method than
+ boolean for freeing internal storage.
+
2010-01-22 Ulrich Drepper <drepper@redhat.com>
* posix/regex_internal.c (re_string_skip_chars): Simplify test for
diff --git a/posix/regexec.c b/posix/regexec.c
index b8db740..c7d0b37 100644
--- a/posix/regexec.c
+++ b/posix/regexec.c
@@ -368,7 +368,7 @@ re_search_2_stub (bufp, string1, length1, string2, length2, start, range, regs,
const char *str;
int rval;
int len = length1 + length2;
- int free_str = 0;
+ char *s = NULL;
if (BE (length1 < 0 || length2 < 0 || stop < 0, 0))
return -2;
@@ -377,7 +377,7 @@ re_search_2_stub (bufp, string1, length1, string2, length2, start, range, regs,
if (length2 > 0)
if (length1 > 0)
{
- char *s = re_malloc (char, len);
+ s = re_malloc (char, len);
if (BE (s == NULL, 0))
return -2;
@@ -388,17 +388,14 @@ re_search_2_stub (bufp, string1, length1, string2, length2, start, range, regs,
memcpy (s + length1, string2, length2);
#endif
str = s;
- free_str = 1;
}
else
str = string2;
else
str = string1;
- rval = re_search_stub (bufp, str, len, start, range, stop, regs,
- ret_len);
- if (free_str)
- re_free ((char *) str);
+ rval = re_search_stub (bufp, str, len, start, range, stop, regs, ret_len);
+ re_free (s);
return rval;
}
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 36 +++++++++++++++++++++++++++++++++
locale/loadlocale.c | 1 +
posix/regexec.c | 55 +++++++++++++++++++++++++++++++++++++++-----------
3 files changed, 80 insertions(+), 12 deletions(-)
hooks/post-receive
--
GNU C Library master sources