Re: [ping][PATCH][BZ #13862] Reuse of cached stack can cause bounds overrun of thread DTV

[Andreas Schwab <schwab at suse dot de>]

MyungJoo Ham <myungjoo.ham@samsung.com> writes:

> @@ -387,6 +385,52 @@ _dl_allocate_tls_init (void *result)
>       TLS.  For those which are dynamically loaded we add the values
>       indicating deferred allocation.  */
>    listp = GL(dl_tls_dtv_slotinfo_list);
> +
> +  /* check if current dtv is big enough */
> +  if (dtv[-1].counter < GL(dl_tls_max_dtv_idx))
> +  {
> +    dtv_t *newp;
> +    size_t newsize = GL(dl_tls_max_dtv_idx) + DTV_SURPLUS;
> +    size_t oldsize = dtv[-1].counter;
> +
> +    if (
> +#ifdef SHARED
> +      dtv == GL(dl_initial_dtv)
> +#else
> +      0
> +#endif
> +       )
> +    {
> +      /* This is the initial dtv that was allocated
> +	 during rtld startup using the dl-minimal.c
> +	 malloc instead of the real malloc.  We can't
> +	 free it, we have to abandon the old storage.  */
> +      newp = malloc ((2 + newsize) * sizeof (dtv_t));
> +      if (newp == NULL)
> +        oom ();
> +      memcpy (newp, &dtv[-1], (2 + oldsize) * sizeof (dtv_t));
> +    }
> +    else

Please put the preprocessor condition around the whole first arm of the
condition statement.

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."