aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>2007-10-07 05:31:00 +0000
committerUlrich Drepper <drepper@redhat.com>2007-10-07 05:31:00 +0000
commita6fa53288f51eac715cf9899ffe3cfd66e7dc42c (patch)
tree5536782944443a3e3e580c9bcbf7c1e7295bb9ca
parent506073094cda49a449c421c5b60f60616a6f898a (diff)
downloadglibc-a6fa53288f51eac715cf9899ffe3cfd66e7dc42c.tar
glibc-a6fa53288f51eac715cf9899ffe3cfd66e7dc42c.tar.gz
glibc-a6fa53288f51eac715cf9899ffe3cfd66e7dc42c.tar.bz2
glibc-a6fa53288f51eac715cf9899ffe3cfd66e7dc42c.zip
[BZ #3924]
* sysdeps/i386/dl-trampoline.S (_dl_runtime_profile): Fix a few more little bugs in creating the stack frame when pltexit has to be called.
-rw-r--r--ChangeLog5
-rw-r--r--nscd/connections.c10
-rw-r--r--nscd/nscd_helper.c21
-rw-r--r--sysdeps/i386/dl-trampoline.S5
4 files changed, 33 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index 24ca28fdd5..846a38234c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
2007-10-06 Ulrich Drepper <drepper@redhat.com>
+ [BZ #3924]
+ * sysdeps/i386/dl-trampoline.S (_dl_runtime_profile): Fix a few
+ more little bugs in creating the stack frame when pltexit has to
+ be called.
+
* nscd/nscd_helper.c (__nscd_cache_search): Prevent endless loops.
* nscd/connections.c (verify_persistent_db): Recognize circular lists.
diff --git a/nscd/connections.c b/nscd/connections.c
index 2572a42ee7..26d75d2978 100644
--- a/nscd/connections.c
+++ b/nscd/connections.c
@@ -378,8 +378,9 @@ verify_persistent_db (void *mem, struct database_pers_head *readhead, int dbnr)
nscd_ssize_t he_cnt = 0;
for (nscd_ssize_t cnt = 0; cnt < head->module; ++cnt)
{
- ref_t first = head->array[cnt];
- ref_t work = first;
+ ref_t trail = head->array[cnt];
+ ref_t work = trail;
+ int tick = 0;
while (work != ENDREF)
{
@@ -439,9 +440,12 @@ verify_persistent_db (void *mem, struct database_pers_head *readhead, int dbnr)
work = here->next;
- if (work == first)
+ if (work == trail)
/* A circular list, this must not happen. */
goto fail;
+ if (tick)
+ trail = ((struct hashentry *) (data + trail))->next;
+ tick = 1 - tick;
}
}
diff --git a/nscd/nscd_helper.c b/nscd/nscd_helper.c
index 2e6d5f76b8..6718d922f3 100644
--- a/nscd/nscd_helper.c
+++ b/nscd/nscd_helper.c
@@ -416,8 +416,10 @@ __nscd_cache_search (request_type type, const char *key, size_t keylen,
unsigned long int hash = __nis_hash (key, keylen) % mapped->head->module;
size_t datasize = mapped->datasize;
- ref_t first = mapped->head->array[hash];
- ref_t work = first;
+ ref_t trail = mapped->head->array[hash];
+ ref_t work = trail;
+ int tick = 0;
+
while (work != ENDREF && work + sizeof (struct hashentry) <= datasize)
{
struct hashentry *here = (struct hashentry *) (mapped->data + work);
@@ -457,8 +459,21 @@ __nscd_cache_search (request_type type, const char *key, size_t keylen,
work = here->next;
/* Prevent endless loops. This should never happen but perhaps
the database got corrupted, accidentally or deliberately. */
- if (work == first)
+ if (work == trail)
break;
+ if (tick)
+ {
+ struct hashentry *trailelem;
+ trailelem = (struct hashentry *) (mapped->data + trail);
+
+#ifndef _STRING_ARCH_unaligned
+ /* We have to redo the checks. Maybe the data changed. */
+ if ((uintptr_t) trailelem & (__alignof__ (*trailelem) - 1))
+ return NULL;
+#endif
+ trail = trailelem->next;
+ }
+ tick = 1 - tick;
}
return NULL;
diff --git a/sysdeps/i386/dl-trampoline.S b/sysdeps/i386/dl-trampoline.S
index af9eaf6d56..73b08ba67e 100644
--- a/sysdeps/i386/dl-trampoline.S
+++ b/sysdeps/i386/dl-trampoline.S
@@ -113,6 +113,7 @@ _dl_runtime_profile:
movl %ebx, %ecx
orl $4, %ebx # Increase frame size if necessary to align
# stack for the function call
+ andl $~3, %ebx
movl %esp, %edi
subl %ebx, %edi
movl %esp, %ebx
@@ -121,9 +122,9 @@ _dl_runtime_profile:
shrl $2, %ecx
rep
movsl
- movl (%edi), %esi
+ movl (%ebx), %esi
cfi_restore (esi)
- movl 4(%edi), %edi
+ movl 4(%ebx), %edi
cfi_restore (edi)
/*
%ebx+40 return address