diff options
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | nptl/ChangeLog | 6 | ||||
-rw-r--r-- | nptl/tst-cleanup2.c | 8 |
3 files changed, 14 insertions, 2 deletions
@@ -10,7 +10,7 @@ Version 2.19 * The following bugs are resolved with this release: 14155, 14699, 15522, 15531, 15532, 15736, 15749, 15797, 15867, 15890, - 15897, 15905, 15909. + 15897, 15905, 15909, 15921. * CVE-2013-4237 The readdir_r function could write more than NAME_MAX bytes to the d_name member of struct dirent, or omit the terminating NUL diff --git a/nptl/ChangeLog b/nptl/ChangeLog index d1efbb43e5..7511f701ec 100644 --- a/nptl/ChangeLog +++ b/nptl/ChangeLog @@ -1,3 +1,9 @@ +2013-09-03 Siddhesh Poyarekar <siddhesh@redhat.com> + + [BZ #15921] + * tst-cleanup2.c (do_test): New volatile variable RET to + return success. + 2013-08-30 Ondřej Bílka <neleai@seznam.cz> * sysdeps/pthread/pthread.h: Fix typos. diff --git a/nptl/tst-cleanup2.c b/nptl/tst-cleanup2.c index 5bd16095a6..65af0f2018 100644 --- a/nptl/tst-cleanup2.c +++ b/nptl/tst-cleanup2.c @@ -34,6 +34,12 @@ static int do_test (void) { char *p = NULL; + /* gcc can overwrite the success written value by scheduling instructions + around sprintf. It is allowed to do this since according to C99 the first + argument of sprintf is a character array and NULL is not a valid character + array. Mark the return value as volatile so that it gets reloaded on + return. */ + volatile int ret = 0; struct sigaction sa; sa.sa_handler = sig_handler; @@ -50,7 +56,7 @@ do_test (void) if (setjmp (jmpbuf)) { puts ("Exiting main..."); - return 0; + return ret; } sprintf (p, "This should segv\n"); |