public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug stdio/26649] New: printf should handle non-normal x86 long double numbers gracefully
@ 2020-09-22 14:24 fweimer at redhat dot com
2020-09-22 14:25 ` [Bug stdio/26649] " fweimer at redhat dot com
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: fweimer at redhat dot com @ 2020-09-22 14:24 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26649
Bug ID: 26649
Summary: printf should handle non-normal x86 long double
numbers gracefully
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: stdio
Assignee: unassigned at sourceware dot org
Reporter: fweimer at redhat dot com
Target Milestone: ---
The behavior of isnan/__builtin_isnan on bit patterns that do not correspond to
something that the CPU would produce from valid inputs is currently
under-defined in the toolchain. (The GCC built-in and glibc disagree.)
The isnan check in PRINTF_FP_FETCH in stdio-common/printf_fp.c assumes the GCC
behavior that returns true for non-normal numbers which are not specified as
NaN. (The glibc implementation returns false for such numbers.)
At present, passing non-normal numbers to __mppn_extract_long_double causes
this function to produce irregularly shaped multi-precision integers,
triggering undefined behavior in __printf_fp_l.
With GCC 10 and glibc 2.32, this behavior is not visible because
__builtin_isnan is used, which avoids calling __mppn_extract_long_double in
this case.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug stdio/26649] printf should handle non-normal x86 long double numbers gracefully
2020-09-22 14:24 [Bug stdio/26649] New: printf should handle non-normal x86 long double numbers gracefully fweimer at redhat dot com
@ 2020-09-22 14:25 ` fweimer at redhat dot com
2020-09-22 14:32 ` fweimer at redhat dot com
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: fweimer at redhat dot com @ 2020-09-22 14:25 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26649
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
See Also| |https://bugzilla.redhat.com
| |/show_bug.cgi?id=1869380
Assignee|unassigned at sourceware dot org |fweimer at redhat dot com
Status|NEW |ASSIGNED
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug stdio/26649] printf should handle non-normal x86 long double numbers gracefully
2020-09-22 14:24 [Bug stdio/26649] New: printf should handle non-normal x86 long double numbers gracefully fweimer at redhat dot com
2020-09-22 14:25 ` [Bug stdio/26649] " fweimer at redhat dot com
@ 2020-09-22 14:32 ` fweimer at redhat dot com
2020-09-22 17:15 ` fweimer at redhat dot com
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: fweimer at redhat dot com @ 2020-09-22 14:32 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26649
--- Comment #1 from Florian Weimer <fweimer at redhat dot com> ---
Patch posted:
https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug stdio/26649] printf should handle non-normal x86 long double numbers gracefully
2020-09-22 14:24 [Bug stdio/26649] New: printf should handle non-normal x86 long double numbers gracefully fweimer at redhat dot com
2020-09-22 14:25 ` [Bug stdio/26649] " fweimer at redhat dot com
2020-09-22 14:32 ` fweimer at redhat dot com
@ 2020-09-22 17:15 ` fweimer at redhat dot com
2020-12-04 15:41 ` siddhesh at sourceware dot org
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: fweimer at redhat dot com @ 2020-09-22 17:15 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26649
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Target Milestone|--- |2.33
Resolution|--- |FIXED
--- Comment #2 from Florian Weimer <fweimer at redhat dot com> ---
Fixed for glibc 2.33 via:
commit 681900d29683722b1cb0a8e565a0585846ec5a61
Author: Florian Weimer <fweimer@redhat.com>
Date: Tue Sep 22 19:07:48 2020 +0200
x86: Harden printf against non-normal long double values (bug 26649)
The behavior of isnan/__builtin_isnan on bit patterns that do not
correspond to something that the CPU would produce from valid inputs
is currently under-defined in the toolchain. (The GCC built-in and
glibc disagree.)
The isnan check in PRINTF_FP_FETCH in stdio-common/printf_fp.c
assumes the GCC behavior that returns true for non-normal numbers
which are not specified as NaN. (The glibc implementation returns
false for such numbers.)
At present, passing non-normal numbers to __mpn_extract_long_double
causes this function to produce irregularly shaped multi-precision
integers, triggering undefined behavior in __printf_fp_l.
With GCC 10 and glibc 2.32, this behavior is not visible because
__builtin_isnan is used, which avoids calling
__mpn_extract_long_double in this case. This commit updates the
implementation of __mpn_extract_long_double so that regularly shaped
multi-precision integers are produced in this case, avoiding
undefined behavior in __printf_fp_l.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug stdio/26649] printf should handle non-normal x86 long double numbers gracefully
2020-09-22 14:24 [Bug stdio/26649] New: printf should handle non-normal x86 long double numbers gracefully fweimer at redhat dot com
` (2 preceding siblings ...)
2020-09-22 17:15 ` fweimer at redhat dot com
@ 2020-12-04 15:41 ` siddhesh at sourceware dot org
2020-12-06 8:21 ` carnil at debian dot org
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: siddhesh at sourceware dot org @ 2020-12-04 15:41 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26649
Siddhesh Poyarekar <siddhesh at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security+
CC| |siddhesh at sourceware dot org
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug stdio/26649] printf should handle non-normal x86 long double numbers gracefully
2020-09-22 14:24 [Bug stdio/26649] New: printf should handle non-normal x86 long double numbers gracefully fweimer at redhat dot com
` (3 preceding siblings ...)
2020-12-04 15:41 ` siddhesh at sourceware dot org
@ 2020-12-06 8:21 ` carnil at debian dot org
2020-12-16 9:49 ` schwab@linux-m68k.org
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: carnil at debian dot org @ 2020-12-06 8:21 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26649
Salvatore Bonaccorso <carnil at debian dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |carnil at debian dot org
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug stdio/26649] printf should handle non-normal x86 long double numbers gracefully
2020-09-22 14:24 [Bug stdio/26649] New: printf should handle non-normal x86 long double numbers gracefully fweimer at redhat dot com
` (4 preceding siblings ...)
2020-12-06 8:21 ` carnil at debian dot org
@ 2020-12-16 9:49 ` schwab@linux-m68k.org
2020-12-16 10:27 ` [Bug stdio/26649] printf should handle non-normal x86 long double numbers gracefully (CVE-2020-29573) fweimer at redhat dot com
2023-07-25 14:07 ` siddhesh at sourceware dot org
7 siblings, 0 replies; 9+ messages in thread
From: schwab@linux-m68k.org @ 2020-12-16 9:49 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26649
Andreas Schwab <schwab@linux-m68k.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Alias| |CVE-2020-29573
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug stdio/26649] printf should handle non-normal x86 long double numbers gracefully (CVE-2020-29573)
2020-09-22 14:24 [Bug stdio/26649] New: printf should handle non-normal x86 long double numbers gracefully fweimer at redhat dot com
` (5 preceding siblings ...)
2020-12-16 9:49 ` schwab@linux-m68k.org
@ 2020-12-16 10:27 ` fweimer at redhat dot com
2023-07-25 14:07 ` siddhesh at sourceware dot org
7 siblings, 0 replies; 9+ messages in thread
From: fweimer at redhat dot com @ 2020-12-16 10:27 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26649
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|printf should handle |printf should handle
|non-normal x86 long double |non-normal x86 long double
|numbers gracefully |numbers gracefully
| |(CVE-2020-29573)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug stdio/26649] printf should handle non-normal x86 long double numbers gracefully (CVE-2020-29573)
2020-09-22 14:24 [Bug stdio/26649] New: printf should handle non-normal x86 long double numbers gracefully fweimer at redhat dot com
` (6 preceding siblings ...)
2020-12-16 10:27 ` [Bug stdio/26649] printf should handle non-normal x86 long double numbers gracefully (CVE-2020-29573) fweimer at redhat dot com
@ 2023-07-25 14:07 ` siddhesh at sourceware dot org
7 siblings, 0 replies; 9+ messages in thread
From: siddhesh at sourceware dot org @ 2023-07-25 14:07 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26649
Siddhesh Poyarekar <siddhesh at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bruno at clisp dot org
--- Comment #3 from Siddhesh Poyarekar <siddhesh at sourceware dot org> ---
*** Bug 4586 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2023-07-25 14:07 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-22 14:24 [Bug stdio/26649] New: printf should handle non-normal x86 long double numbers gracefully fweimer at redhat dot com
2020-09-22 14:25 ` [Bug stdio/26649] " fweimer at redhat dot com
2020-09-22 14:32 ` fweimer at redhat dot com
2020-09-22 17:15 ` fweimer at redhat dot com
2020-12-04 15:41 ` siddhesh at sourceware dot org
2020-12-06 8:21 ` carnil at debian dot org
2020-12-16 9:49 ` schwab@linux-m68k.org
2020-12-16 10:27 ` [Bug stdio/26649] printf should handle non-normal x86 long double numbers gracefully (CVE-2020-29573) fweimer at redhat dot com
2023-07-25 14:07 ` siddhesh at sourceware dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).