r2161 - in glibc-package/trunk/debian: . patches patches/any
Author: aurel32
Date: 2007-05-01 08:53:27 +0000 (Tue, 01 May 2007)
New Revision: 2161
Added:
glibc-package/trunk/debian/patches/any/cvs-vfprintf-stack-smashing.diff
Modified:
glibc-package/trunk/debian/changelog
glibc-package/trunk/debian/patches/series
Log:
* patches/any/cvs-vfprintf-stack-smashing.diff: new patch from
upstream (fix enormous alloca triggered with %-X.Ys like formats
specifier, with Y big, and in multi-byte locales). Closes: #380195,
#421555.
Modified: glibc-package/trunk/debian/changelog
===================================================================
--- glibc-package/trunk/debian/changelog 2007-05-01 08:35:37 UTC (rev 2160)
+++ glibc-package/trunk/debian/changelog 2007-05-01 08:53:27 UTC (rev 2161)
@@ -1,3 +1,12 @@
+glibc (2.5-6) UNRELEASED; urgency=low
+
+ * patches/any/cvs-vfprintf-stack-smashing.diff: new patch from
+ upstream (fix enormous alloca triggered with %-X.Ys like formats
+ specifier, with Y big, and in multi-byte locales). Closes: #380195,
+ #421555.
+
+ -- Aurelien Jarno <aurel32@debian.org> Tue, 01 May 2007 10:42:08 +0200
+
glibc (2.5-5) unstable; urgency=low
[ Aurelien Jarno ]
Added: glibc-package/trunk/debian/patches/any/cvs-vfprintf-stack-smashing.diff
===================================================================
--- glibc-package/trunk/debian/patches/any/cvs-vfprintf-stack-smashing.diff 2007-05-01 08:35:37 UTC (rev 2160)
+++ glibc-package/trunk/debian/patches/any/cvs-vfprintf-stack-smashing.diff 2007-05-01 08:53:27 UTC (rev 2161)
@@ -0,0 +1,48 @@
+2007-04-30 Ulrich Drepper <drepper@redhat.com>
+
+ [BZ #4438]
+ * stdio-common/vfprintf.c (process_string_arg): Don't overflow the
+ stack for large precisions.
+
+===================================================================
+RCS file: /cvs/glibc/libc/stdio-common/vfprintf.c,v
+retrieving revision 1.135
+retrieving revision 1.136
+diff -u -r1.135 -r1.136
+--- libc/stdio-common/vfprintf.c 2007/03/17 17:08:56 1.135
++++ libc/stdio-common/vfprintf.c 2007/05/01 04:11:26 1.136
+@@ -1160,19 +1160,25 @@
+ else \
+ { \
+ /* In case we have a multibyte character set the \
+- situation is more compilcated. We must not copy \
++ situation is more complicated. We must not copy \
+ bytes at the end which form an incomplete character. */\
+- wchar_t ignore[prec]; \
++ wchar_t ignore[1024]; \
+ const char *str2 = string; \
+- mbstate_t ps; \
++ const char *strend = string + prec; \
++ if (strend < string) \
++ strend = (const char *) UINTPTR_MAX; \
+ \
++ mbstate_t ps; \
+ memset (&ps, '\0', sizeof (ps)); \
+- if (__mbsnrtowcs (ignore, &str2, prec, prec, &ps) \
+- == (size_t) -1) \
+- { \
+- done = -1; \
+- goto all_done; \
+- } \
++ \
++ while (str2 != NULL && str2 < strend) \
++ if (__mbsnrtowcs (ignore, &str2, strend - str2, 1024, \
++ &ps) == (size_t) -1) \
++ { \
++ done = -1; \
++ goto all_done; \
++ } \
++ \
+ if (str2 == NULL) \
+ len = strlen (string); \
+ else \
Modified: glibc-package/trunk/debian/patches/series
===================================================================
--- glibc-package/trunk/debian/patches/series 2007-05-01 08:35:37 UTC (rev 2160)
+++ glibc-package/trunk/debian/patches/series 2007-05-01 08:53:27 UTC (rev 2161)
@@ -107,6 +107,7 @@
any/cvs-itoa-c.diff -p1
any/cvs-lt-update.diff -p0
any/cvs-realpath.diff -p1
+any/cvs-vfprintf-stack-smashing.diff -p1
any/cvs-zdump-64-bit.diff -p1
any/local-notls.diff -p0
any/local-asserth-decls.diff -p0
Reply to: