[2.27 COMMITTED] libio: Disable vtable validation in case of interposition [BZ #23313]

[2.27 COMMITTED] libio: Disable vtable validation in case of interposition [BZ #23313]

[Florian Weimer]

(cherry picked from commit c402355dfa7807b8e0adb27c009135a7e2b9f1b0)

2018-06-26  Florian Weimer  <fweimer@redhat.com>

	[BZ #23313]
	* libio/vtables.c (check_stdfiles_vtables): New ELF constructor.

diff --git a/NEWS b/NEWS
index 501d97bc7a..7b38967e86 100644
--- a/NEWS
+++ b/NEWS
@@ -81,6 +81,7 @@ The following bugs are resolved with this release:
   [23236] Harden function pointers in _IO_str_fields
   [23259] Unsubstituted ${ORIGIN} remains in DT_NEEDED for AT_SECURE
   [23264] libc: posix_spawnp wrongly executes ENOEXEC in non compat mode
+  [23313] libio: Disable vtable validation in case of interposition
   [23349] Various glibc headers no longer compatible with <linux/time.h>
 
 \f
diff --git a/libio/vtables.c b/libio/vtables.c
index 9fd4ccf642..9df75668c8 100644
--- a/libio/vtables.c
+++ b/libio/vtables.c
@@ -71,3 +71,19 @@ _IO_vtable_check (void)
 
   __libc_fatal ("Fatal error: glibc detected an invalid stdio handle\n");
 }
+
+/* Some variants of libstdc++ interpose _IO_2_1_stdin_ etc. and
+   install their own vtables directly, without calling _IO_init or
+   other functions.  Detect this by looking at the vtables values
+   during startup, and disable vtable validation in this case.  */
+#ifdef SHARED
+__attribute__ ((constructor))
+static void
+check_stdfiles_vtables (void)
+{
+  if (_IO_2_1_stdin_.vtable != &_IO_file_jumps
+      || _IO_2_1_stdout_.vtable != &_IO_file_jumps
+      || _IO_2_1_stderr_.vtable != &_IO_file_jumps)
+    IO_set_accept_foreign_vtables (&_IO_vtable_check);
+}
+#endif