This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH] Resolve buffer overflow in libm-test-inc check_complex()

From: Marcus Shawcroft <marcus dot shawcroft at linaro dot org>
To: GNU C Library <libc-alpha at sourceware dot org>
Cc: "Joseph S. Myers" <joseph at codesourcery dot com>
Date: Wed, 14 Nov 2012 23:02:41 +0000
Subject: [PATCH] Resolve buffer overflow in libm-test-inc check_complex()

Hi,  I've been digging into the outstanding csqrt() failures we ran
into with the aarch64 port.

http://sourceware.org/ml/libc-ports/2012-11/msg00032.html

The check_complex() implementation in libm-test.inc uses a fixed size
buffer and sprintf() to construct the test case name, a couple of the
long double tests have sufficiently long names to overflow
the buffer and corrupt the stack frame, in the aarch64 case the least
significant couple of bytes of the computed result get over written.

The file already has _GNU_SOURCE hardwired on so I assume it is OK to
switch to asprintf.

Thanks
/Marcus

Proposed ChangeLog:

2012-11-14  Marcus Shawcroft  <marcus.shawcroft@linaro.org>

        * math/libm-test.inc (check_complex): Use asprintf.

Attachment: buffer-overflow.diff
Description: Binary data

Follow-Ups:
- Re: [PATCH] Resolve buffer overflow in libm-test-inc check_complex()
  - From: Joseph S. Myers

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]