* [glibc-2.20] Fix memory handling in strxfrm_l [BZ #16009]
@ 2015-01-01 0:00 Mike Frysinger
0 siblings, 0 replies; only message in thread
From: Mike Frysinger @ 2015-01-01 0:00 UTC (permalink / raw)
To: libc-stable
[-- Attachment #1: Type: text/plain, Size: 2268 bytes --]
i've backported these two commits to the 2.20 branch
-mike
commit f9e0f439b72e0b2fb035be1bc60aaceeed7f6ed0
Author: Leonhard Holz <leonhard.holz@web.de>
Date: Tue Jan 13 11:33:56 2015 +0530
Fix memory handling in strxfrm_l [BZ #16009]
[Modified from the original email by Siddhesh Poyarekar]
This patch solves bug #16009 by implementing an additional path in
strxfrm that does not depend on caching the weight and rule indices.
In detail the following changed:
* The old main loop was factored out of strxfrm_l into the function
do_xfrm_cached to be able to alternativly use the non-caching version
do_xfrm.
* strxfrm_l allocates a a fixed size array on the stack. If this is not
sufficiant to store the weight and rule indices, the non-caching path is
taken. As the cache size is not dependent on the input there can be no
problems with integer overflows or stack allocations greater than
__MAX_ALLOCA_CUTOFF. Note that malloc-ing is not possible because the
definition of strxfrm does not allow an oom errorhandling.
* The uncached path determines the weight and rule index for every char
and for every pass again.
* Passing all the locale data array by array resulted in very long
parameter lists, so I introduced a structure that holds them.
* Checking for zero src string has been moved a bit upwards, it is
before the locale data initialization now.
* To verify that the non-caching path works correct I added a test run
to localedata/sort-test.sh & localedata/xfrm-test.c where all strings
are patched up with spaces so that they are too large for the caching path.
(cherry picked from commit 0f9e585480edcdf1e30dc3d79e24b84aeee516fa)
Conflicts:
ChangeLog
NEWS
commit b0694b9e98ee64cb25490de0921ce307f3872749
Author: Roland McGrath <roland@hack.frob.com>
Date: Thu Sep 11 16:02:17 2014 -0700
Move findidx nested functions to top-level.
Needed in order to backport strxfrm_l security fix cleanly.
(cherry picked from commit 8c0ab919f63dc03a420751172602a52d2bea59a8)
Conflicts:
ChangeLog
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-02-17 7:25 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-01-01 0:00 [glibc-2.20] Fix memory handling in strxfrm_l [BZ #16009] Mike Frysinger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).