diff options
author | Joseph Myers <joseph@codesourcery.com> | 2015-12-04 20:36:28 +0000 |
---|---|---|
committer | Joseph Myers <joseph@codesourcery.com> | 2015-12-04 20:36:28 +0000 |
commit | 8f5e8b01a1da2a207228f2072c934fa5918554b8 (patch) | |
tree | c9d9d33b21af5a9df86f398d2d1fd6b42eee1e28 /NEWS | |
parent | 79e0d340a9e7fb2c931686462131c92b99611003 (diff) | |
download | glibc-8f5e8b01a1da2a207228f2072c934fa5918554b8.tar glibc-8f5e8b01a1da2a207228f2072c934fa5918554b8.tar.gz glibc-8f5e8b01a1da2a207228f2072c934fa5918554b8.tar.bz2 glibc-8f5e8b01a1da2a207228f2072c934fa5918554b8.zip |
Fix nan functions handling of payload strings (bug 16961, bug 16962).
The nan, nanf and nanl functions handle payload strings by doing e.g.:
if (tagp[0] != '\0')
{
char buf[6 + strlen (tagp)];
sprintf (buf, "NAN(%s)", tagp);
return strtod (buf, NULL);
}
This is an unbounded stack allocation based on the length of the
argument. Furthermore, if the argument starts with an n-char-sequence
followed by ')', that n-char-sequence is wrongly treated as
significant for determining the payload of the resulting NaN, when ISO
C says the call should be equivalent to strtod ("NAN", NULL), without
being affected by that initial n-char-sequence. This patch fixes both
those problems by using the __strtod_nan etc. functions recently
factored out of strtod etc. for that purpose, with those functions
being exported from libc at version GLIBC_PRIVATE.
Tested for x86_64, x86, mips64 and powerpc.
[BZ #16961]
[BZ #16962]
* math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
string on the stack for strtod.
* math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
a string on the stack for strtof.
* math/s_nanl.c (__nanl): Use __strtold_nan instead of
constructing a string on the stack for strtold.
* stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
__strtold_nan to GLIBC_PRIVATE.
* math/test-nan-overflow.c: New file.
* math/test-nan-payload.c: Likewise.
* math/Makefile (tests): Add test-nan-overflow and
test-nan-payload.
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -60,6 +60,12 @@ Version 2.23 C Library is GCC 4.7. Older GCC versions, and non-GNU compilers, can still be used to compile programs using the GNU C Library. +Security related changes: + +* The nan, nanf and nanl functions no longer have unbounded stack usage + depending on the length of the string passed as an argument to the + functions. Reported by Joseph Myers. + * The following bugs are resolved with this release: [The release manager will add the list generated by |