aboutsummaryrefslogtreecommitdiff
path: root/NEWS
AgeCommit message (Collapse)Author
2015-01-06Define CLOCKS_PER_SEC type to the type clock_tH.J. Lu
C99 specifies that CLOCKS_PER_SEC is an expression with the type clock_t. This patch adds a generic <bits/time2.h> to define CLOCKS_PER_SEC and provides the Linux/x86-64 version of <bits/time2.h> to support x32. [BZ #17797] * bits/time.h (CLOCKS_PER_SEC): Changed to ((clock_t) 1000000). * sysdeps/unix/sysv/linux/bits/time.h (CLOCKS_PER_SEC): Likewise. * sysdeps/unix/sysv/linux/clock.c (clock): _Static_assert CLOCKS_PER_SEC == 1000000. * time/clocktest.c (main): Replace %ld with %jd and cast to intmax_t.
2015-01-05Fix MIPS n64 posix_fadvise namespace (bug 17796).Joseph Myers
sysdeps/unix/sysv/linux/mips/mips64/n64/posix_fadvise.c defines posix_fadvise64 as a strong alias for posix_fadvise (for !SHLIB_COMPAT(libc, GLIBC_2_2, GLIBC_2_3_3) - i.e., for static linking, which is the case when this matters), but it should be a weak alias. This patch makes it a weak alias. Tested for MIPS that this fixes the observed linknamespace test failures. [BZ #17796] * sysdeps/unix/sysv/linux/mips/mips64/n64/posix_fadvise.c [!SHLIB_COMPAT(libc, GLIBC_2_2, GLIBC_2_3_3)] (posix_fadvise64): Define as weak alias not strong alias.
2015-01-05Fix ARM posix_fadvise64 namespace (bug 17793).Joseph Myers
ARM posix_fadvise calls __posix_fadvise64_l64, to which posix_fadvise64 is a strong alias, but posix_fadvise is a POSIX function and posix_fadvise64 isn't. This patch changes it into a weak alias. Tested for ARM that this fixes the corresponding linknamespace test failures. [BZ #17793] * sysdeps/unix/sysv/linux/arm/posix_fadvise64.c (posix_fadvise64): Define as weak alias not strong alias.
2015-01-05Fix isblank / isascii / toascii namespace (bug 17635).Joseph Myers
Use of isblank brings in isascii and toascii, but isblank is a C99 function and the other two aren't; similarly, isascii and toascii are UNIX98 functions and bring in isblank, which isn't. (Not a conformance issue because of the is* and to* reservation, but still contrary to glibc practice.) This patch fixes this by splitting isblank out of ctype-extn.c to a separate ctype-c99.c. isblank_l is also moved to a separate file, ctype-c99_l.c (non-XSI POSIX.1-2008 has isblank_l, but isascii / toascii are marked OB XSI). (In principle all these functions could go in separate files - that's optimal for static linking - but they are also all very small, and splitting them all out is not needed to fix the present bug.) Tested for x86_64 (testsuite, and that installed stripped shared libraries are unchanged by the patch - the ordering in which new and existing sources are listed in ctype/Makefile is arranged so functions go in the same order so that this comparison works). [BZ #17635] * ctype/ctype-c99.c: New file. isblank implementation moved from ... * ctype/ctype-extn.c: ... here. (__isblank_l): Move to ... * ctype/ctype-c99_l.c: ... here. New file. * ctype/Makefile (routines): Add ctype-c99 and ctype-c99_l. * conform/Makefile (test-xfail-ISO99/ctype.h/linknamespace): Remove variable. (test-xfail-ISO11/ctype.h/linknamespace): Likewise. (test-xfail-XPG3/ctype.h/linknamespace): Likewise. (test-xfail-XPG4/ctype.h/linknamespace): Likewise. (test-xfail-UNIX98/ctype.h/linknamespace): Likewise. (test-xfail-POSIX2008/ctype.h/linknamespace): Likewise.
2015-01-05Fix wordsize-64 posix_fadvise64, posix_fallocate64 namespace (bug 17777).Joseph Myers
On systems using sysdeps/unix/sysv/linux/wordsize-64, posix_fadvise64 and posix_fallocate64 (non-POSIX) are strong aliases for posix_fadvise and posix_fallocate (POSIX), meaning references to the latter wrongly bring in definitions of the former. They should be weak aliases; this patch makes them so. Tested for x86_64 (testsuite, and that disassembly of installed shared libraries is unchanged by the patch). [BZ #17777] * sysdeps/unix/sysv/linux/wordsize-64/posix_fadvise.c (posix_fadvise64): Define as weak alias not strong alias. * sysdeps/unix/sysv/linux/wordsize-64/posix_fallocate.c (posix_fallocate64): Likewise. * conform/Makefile (test-xfail-XOPEN2K/fcntl.h/linknamespace): Remove variable. (test-xfail-XOPEN2K/mqueue.h/linknamespace): Likewise. (test-xfail-POSIX2008/fcntl.h/linknamespace): Likewise. (test-xfail-POSIX2008/mqueue.h/linknamespace): Likewise. (test-xfail-XOPEN2K8/fcntl.h/linknamespace): Likewise. (test-xfail-XOPEN2K8/mqueue.h/linknamespace): Likewise.
2015-01-05Fix MIPS variable PAGE_SIZE bug (16191)Matthew Fortune
MIPS supports a variable page size but glibc defines a constant. This causes at least two glibc tests to fail when the page size does not match the hard-coded size: inet/test-ifaddrs inet/test_ifindex [BZ #16191] * NEWS: Mention bug fix. * sysdeps/unix/sysv/linux/mips/sys/user.h (PAGE_SHIFT): Remove. (PAGE_SIZE, PAGE_MASK, NBPG, UPAGES): Likewise. (HOST_TEXT_START_ADDR, HOST_DATA_START_ADDR): Likewise. (HOST_STACK_END_ADDR): Likewise.
2015-01-02Fix MIPS TIOCSER_TEMT namespace (bug 17782).Joseph Myers
sysdeps/unix/sysv/linux/mips/bits/termios.h defines TIOCSER_TEMT unconditionally, but it's in the user's namespace. This patch conditions it on __USE_MISC, as on powerpc. I've filed bug 17783 for the residual inconsistency in conditions on this macro (sparc defines it for __USE_GNU only). [BZ #17782] * sysdeps/unix/sysv/linux/mips/bits/termios.h (TIOCSER_TEMT): Condition macro definition on [__USE_MISC].
2015-01-02Fix MIPS sa_flags type (bug 17781).Joseph Myers
sysdeps/unix/sysv/linux/mips/bits/sigaction.h gives sa_flags type unsigned int, but POSIX says it should be signed int. This patch gives it the correct type (the layout is unchanged, so there are no ABI issues involved). [BZ #17781] * sysdeps/unix/sysv/linux/mips/bits/sigaction.h (struct sigaction): Change type of sa_flags field to int.
2015-01-02Fix MIPS bits/fcntl.h namespace (bug 17780).Joseph Myers
sysdeps/unix/sysv/linux/mips/bits/fcntl.h has a structure field called pad, which is in the user's namespace. This patch changes it to __glibc_reserved0. [BZ #17780] * sysdeps/unix/sysv/linux/mips/bits/fcntl.h (struct flock) [!__USE_FILE_OFFSET64 && _MIPS_SIM != _ABI64]: Rename pad field to __glibc_reserved0.
2015-01-02Update copyright dates not handled by scripts/update-copyrights.Joseph Myers
I've updated copyright dates in glibc for 2015. This is the patch for the changes not generated by scripts/update-copyrights and subsequent build / regeneration of generated files. Apart from the files updated last time (of which sotruss.ksh had moved to sotruss.sh during the year) this also updates nptl/version.c (missed from 2006 until October) and sysdeps/unix/sysv/linux/lddlibc4.c (missed since 2009). * NEWS: Update copyright dates. * catgets/gencat.c (print_version): Likewise. * csu/version.c (banner): Likewise. * debug/catchsegv.sh: Likewise. * debug/pcprofiledump.c (print_version): Likewise. * debug/xtrace.sh (do_version): Likewise. * elf/ldconfig.c (print_version): Likewise. * elf/ldd.bash.in: Likewise. * elf/pldd.c (print_version): Likewise. * elf/sotruss.sh: Likewise. * elf/sprof.c (print_version): Likewise. * iconv/iconv_prog.c (print_version): Likewise. * iconv/iconvconfig.c (print_version): Likewise. * locale/programs/locale.c (print_version): Likewise. * locale/programs/localedef.c (print_version): Likewise. * login/programs/pt_chown.c (print_version): Likewise. * malloc/memusage.sh (do_version): Likewise. * malloc/memusagestat.c (print_version): Likewise. * malloc/mtrace.pl: Likewise. * manual/libc.texinfo: Likewise. * nptl/version.c (banner): Likewise. * nscd/nscd.c (print_version): Likewise. * nss/getent.c (print_version): Likewise. * nss/makedb.c (print_version): Likewise. * posix/getconf.c (main): Likewise. * scripts/test-installation.pl: Likewise. * sysdeps/unix/sysv/linux/lddlibc4.c (main): Likewise.
2015-01-02Update copyright dates with scripts/update-copyrights.Joseph Myers
2014-12-30Don't check PI_STATIC_AND_HIDDEN in i386 dl-machine.hH.J. Lu
PI_STATIC_AND_HIDDEN is always defined for i386. There is no need to check PI_STATIC_AND_HIDDEN in sysdeps/i386/dl-machine.h. [BZ #17775] * sysdeps/i386/dl-machine.h (PI_STATIC_AND_HIDDEN): Removed. (elf_machine_dynamic) [!PI_STATIC_AND_HIDDEN]: Likewise. (elf_machine_load_address) [!PI_STATIC_AND_HIDDEN]: Likewise.
2014-12-30Mention i386 memcpy with SSE2 unaligned load/storeH.J. Lu
2014-12-30Fix libm feraiseexcept namespace (bug 17723).Joseph Myers
Various C90 and UNIX98 libm functions call feraiseexcept, which is not in those standards. This causes linknamespace test failures - except on x86 / x86_64, where feraiseexcept is inline (for the relevant constant arguments) in bits/fenv.h. This patch fixes this by making those functions call __feraiseexcept instead. All changes are applied to all architectures rather than considering the possibility that some might not be needed in some cases (e.g. x86) as it seems most maintainable to keep architectures consistent. Where __feraiseexcept does not exist, it is added, with feraiseexcept made a weak alias; where it is a strong alias, it is made weak. libm_hidden_def / libm_hidden_proto are used with __feraiseexcept (this might in some cases improve code generation for existing calls to __feraiseexcept in some code on some architectures). Where there are dummy feraiseexcept macros (on architectures without floating-point exceptions support, to avoid compile errors from references to undefined FE_* macros), corresponding dummy __feraiseexcept macros are added. And on x86, to ensure __feraiseexcept calls still get inlined, the inline function in bits/fenv.h is refactored so that most of it can be reused in an inline __feraiseexcept in a separate include/bits/fenv.h. Calls are changed in C90/UNIX98 functions, but generally not in functions missing from those standards. They are also changed in libc_fe* functions (on the basis that those might be used in any libm function), and in feupdateenv (on the same basis - may be used, via default libc_*, in any libm function - of course feupdateenv will need changing to __feupdateenv in a subsequent patch to make that fully namespace-clean). No __feraiseexcept is added corresponding to the feraiseexcept in powerpc bits/fenvinline.h, because that macro definition is conditional on !defined __NO_MATH_INLINES, and glibc libm is built with -D__NO_MATH_INLINES, so changing internal calls to use __feraiseexcept should make no difference. Tested for x86_64 (testsuite; the only change in disassembly of installed shared libraries is a slight code reordering in clog10, of no apparent significance). Also tested for MIPS, where (in the configuration tested) it eliminates math.h linknamespace failures for n32 and n64 (some for o32 remain because of other issues). [BZ #17723] * include/fenv.h (__feraiseexcept): Use libm_hidden_proto. * math/fraiseexcpt.c (__feraiseexcept): Use libm_hidden_def. * sysdeps/aarch64/fpu/fraiseexcpt.c (feraiseexcept): Rename to __feraiseexcept and define as weak alias of __feraiseexcept. Use libm_hidden_weak. * sysdeps/arm/fraiseexcpt.c (feraiseexcept): Likewise. * sysdeps/hppa/fpu/fraiseexcpt.c (feraiseexcept): Likewise. * sysdeps/i386/fpu/fraiseexcpt.c (__feraiseexcept): Use libm_hidden_def. * sysdeps/ia64/fpu/fraiseexcpt.c (feraiseexcept): Rename to __feraiseexcept and define as weak alias of __feraiseexcept. Use libm_hidden_weak. * sysdeps/m68k/coldfire/fpu/fraiseexcpt.c (feraiseexcept): Likewise. * sysdeps/microblaze/math_private.h (__feraiseexcept): New macro. * sysdeps/mips/fpu/fraiseexcpt.c (feraiseexcept): Rename to __feraiseexcept and define as weak alias of __feraiseexcept. Use libm_hidden_weak. * sysdeps/powerpc/fpu/fraiseexcpt.c (__feraiseexcept): Use libm_hidden_def. * sysdeps/powerpc/nofpu/fraiseexcpt.c (__feraiseexcept): Likewise. * sysdeps/powerpc/powerpc32/e500/nofpu/fraiseexcpt.c (__feraiseexcept): Likewise. * sysdeps/s390/fpu/fraiseexcpt.c (feraiseexcept): Rename to __feraiseexcept and define as weak alias of __feraiseexcept. Use libm_hidden_weak. * sysdeps/sh/sh4/fpu/fraiseexcpt.c (feraiseexcept): Likewise. * sysdeps/sparc/fpu/fraiseexcpt.c (__feraiseexcept): Use libm_hidden_def. * sysdeps/tile/math_private.h (__feraiseexcept): New macro. * sysdeps/unix/sysv/linux/alpha/fraiseexcpt.S (__feraiseexcept): Use libm_hidden_def. * sysdeps/x86_64/fpu/fraiseexcpt.c (__feraiseexcept): Use libm_hidden_def. (feraiseexcept): Define as weak not strong alias. Use libm_hidden_weak. * sysdeps/x86/fpu/bits/fenv.h (__feraiseexcept_invalid_divbyzero): New inline function. Factored out of ... (feraiseexcept): ... here. Use __feraiseexcept_invalid_divbyzero. * sysdeps/x86/fpu/include/bits/fenv.h: New file. * math/e_scalb.c (invalid_fn): Call __feraiseexcept instead of feraiseexcept. * math/w_acos.c (__acos): Likewise. * math/w_asin.c (__asin): Likewise. * math/w_ilogb.c (__ilogb): Likewise. * math/w_j0.c (y0): Likewise. * math/w_j1.c (y1): Likewise. * math/w_jn.c (yn): Likewise. * math/w_log.c (__log): Likewise. * math/w_log10.c (__log10): Likewise. * sysdeps/aarch64/fpu/feupdateenv.c (feupdateenv): Likewise. * sysdeps/aarch64/fpu/math_private.h (libc_feupdateenv_test_aarch64): Likewise. * sysdeps/alpha/fpu/feupdateenv.c (__feupdateenv): Likewise. * sysdeps/arm/fenv_private.h (libc_feupdateenv_test_vfp): Likewise. * sysdeps/arm/feupdateenv.c (feupdateenv): Likewise. * sysdeps/ia64/fpu/feupdateenv.c (feupdateenv): Likewise. * sysdeps/m68k/fpu/feupdateenv.c (__feupdateenv): Likewise. * sysdeps/mips/fpu/feupdateenv.c (feupdateenv): Likewise. * sysdeps/powerpc/fpu/e_sqrt.c (__slow_ieee754_sqrt): Likewise. * sysdeps/s390/fpu/feupdateenv.c (feupdateenv): Likewise. * sysdeps/sh/sh4/fpu/feupdateenv.c (feupdateenv): Likewise. * sysdeps/sparc/fpu/feupdateenv.c (__feupdateenv): Likewise.
2014-12-30Mention fix for BZ #17732H.J. Lu
2014-12-22NEWS: mention bug fix for 17747.Chris Metcalf
2014-12-22tilegx: remove implicit boolean conversion in strstr.Chris Metcalf
[BZ #17746] The __builtin_expect() truncated a uint64_t to a 32-bit long in ILP32 mode, discarding the high 32 bits, and potentially missing the NUL terminator that we were searching for with SIMD operations. Explicitly compare to zero to fix the problem.
2014-12-22Update NEWS and ChangeLog with two tile bug fixes.Chris Metcalf
I committed fixes without references to bug numbers. Bug 17744: commit 95dee05f. Bug 17745: commit e969965a.
2014-12-22Split __kernel_standard* functions (fixes bug 17724).Joseph Myers
Bug 17724 reports references to fesetround being brought in by ldbl-128ibm rintl via references to __rintl from __kernel_standard_l. Because all three __kernel_standard* functions are in the same file, this gets brought in even though only the long double version __kernel_standard_l needs __rintl, and the C90 functions use only __kernel_standard. This patch fixes this by splitting the three versions into separate files; it's fine for long double functions to refer to fe* functions directly, unless they get called by C90 double functions. Tested for x86_64 (testsuite; the reordering of code means disassembly of shared libraries can't usefully be compared). Tested for powerpc that the relevant issue disappears from the linknamespace test output. [BZ #17724] * sysdeps/ieee754/k_standard.c: Don't include <float.h>. (__kernel_standard_f): Remove. Moved to k_standardf.c. (__kernel_standard_l): Remove. Moved to k_standardl.c with (char *) casts added. * sysdeps/ieee754/k_standardf.c: New file. * sysdeps/ieee754/k_standardl.c: Likewise. * math/Makefile (libm-support): Remove k_standard. (libm-calls): Add k_standard.
2014-12-22Fix resolver bind, getsockname namespace (bug 17733).Joseph Myers
On Linux architectures using socketcall, the resolver ends up bringing in strong symbols for bind and getsockname, which are not in POSIX.1-1996. This causes linknamespace test failures: FAIL: conform/POSIX/pthread.h/linknamespace FAIL: conform/POSIX/sched.h/linknamespace FAIL: conform/POSIX/time.h/linknamespace These functions are defined as strong symbols with __bind and __getsockname as weak aliases. This patch switches this to the other way round by removing the NO_WEAK_ALIAS definitions and so letting the default case in socket.S act; I see no reason for the existing arrangements. Tested for x86 (testsuite, and that disassembly of installed shared libraries is unchanged by the patch). [BZ #17733] * sysdeps/unix/sysv/linux/bind.S (NO_WEAK_ALIAS): Do not define. (__bind): Do not define as weak alias. * sysdeps/unix/sysv/linux/getsockname.S (NO_WEAK_ALIAS): Do not define. (__getsockname): Do not define as weak alias.
2014-12-18Label CVE-2014-9402 in NEWSAllan McRae
2014-12-17Fix profil_counter namespace (bug 17725).Joseph Myers
On ARM, where profil_counter is not static, it is brought in by references to various standard functions, as noted in <https://sourceware.org/ml/libc-alpha/2014-11/msg00890.html>, although it is not a standard function itself. I don't know if this also causes test failures on SPARC, although I see no reason for it not to do so. This patch fixes this namespace issue. profil_counter is renamed to __profil_counter and made a weak alias on ARM and SPARC. Because of the uses in profil.c / sprofil.c it seems simplest to make the rename globally, including on the other architectures for which profil_counter was static and so the change is of no substance. The variant names profil_counter_* used in sprofil.c are also renamed to start with __ so that undesired function names do not get exported in static libc. As I noted in bug 17726, profil_counter should probably be a compat symbol on ARM and SPARC, so it wouldn't exist at all in static libc even as a weak alias. Since defining a compat symbol still requires an internal name as a target of an alias, this patch still seems reasonable as an intermediate step towards that goal: it wouldn't be possible for the function simply to be static profil_counter on ARM and SPARC with profil_counter also being the exported compat symbol name, so profil.c / sprofil.c would still need to be prepared to call the function under another name (here, __profil_counter). Tested for x86_64 (testsuite, and that stripped installed shared libraries are unchanged by the patch) and ARM (ABI and linknamespace tests - this patch reduces the number of linknamespace failures I see on ARM from 227 to 5, the residue being math.h failures for fe* functions and for j0l/j1n/jnl/y0l/y1l/ynl aliases). 2014-12-17 Joseph Myers <joseph@codesourcery.com> [BZ #17725] * sysdeps/generic/profil-counter.h (profil_counter): Rename to __profil_counter. * sysdeps/unix/sysv/linux/hppa/profil-counter.h (profil_counter): Likewise. * sysdeps/unix/sysv/linux/i386/profil-counter.h (profil_counter): Likewise. * sysdeps/unix/sysv/linux/ia64/profil-counter.h (profil_counter): Likewise. * sysdeps/unix/sysv/linux/s390/s390-32/profil-counter.h (profil_counter): Likewise. * sysdeps/unix/sysv/linux/s390/s390-64/profil-counter.h (profil_counter): Likewise. * sysdeps/unix/sysv/linux/sh/profil-counter.h (profil_counter): Likewise. * sysdeps/unix/sysv/linux/tile/profil-counter.h (profil_counter): Likewise. * sysdeps/unix/sysv/linux/x86_64/profil-counter.h (profil_counter): Likewise. * sysdeps/unix/sysv/linux/arm/profil-counter.h (profil_counter): Likewise. [!__profil_counter] (profil_counter): Define as weak alias of __profil_counter. * sysdeps/unix/sysv/linux/sparc/sparc32/profil-counter.h (profil_counter): Rename to __profil_counter. [!__profil_counter] (profil_counter): Define as weak alias of __profil_counter. * sysdeps/unix/sysv/linux/sparc/sparc64/profil-counter.h (profil_counter): Rename to __profil_counter. [!__profil_counter] (profil_counter): Define as weak alias of __profil_counter. * sysdeps/posix/profil.c: Update comment referring to profil_counter. (__profil): Use __profil_counter instead of profil_counter. * sysdeps/posix/sprofil.c (profil_counter): Rename to __profil_counter. Use __profil_counter_ushort and __profil_counter_uint in definitions. (__sprofil): Use __profil_counter_uint and __profil_counter_ushort instead of profil_counter_uint and profil_counter_ushort.
2014-12-17Fix resolver inet_* namespace (bug 17722).Joseph Myers
Parts of the resolver brought in by pthreads (at least) use inet_* functions that aren't in the 1995/6 edition of POSIX that introduced pthreads (or in one case, use __inet_aton which is then defined in the same file as non-weak inet_addr). This patch fixes this by making the affected functions into weak alias for __inet_* and using those names in the problematic resolver code. Tested for x86_64 (testsuite, and that disassembly of installed shared libraries is unchanged by the patch). [BZ #17722] * inet/inet_mkadr.c (inet_makeaddr): Rename to __inet_makeaddr and define as weak alias of __inet_makeaddr. * resolv/inet_addr.c (inet_addr): Rename to __inet_addr and define as weak alias of __inet_addr. * resolv/inet_pton.c (inet_pton): Rename to __inet_pton and define as weak alias of __inet_pton. Use libc_hidden_weak. * include/arpa/inet.h (__inet_pton): Declare. Use libc_hidden_proto. (inet_makeaddr): Don't use libc_hidden_proto. (__inet_makeaddr): Declare. Use libc_hidden_proto. * resolv/res_init.c (__res_vinit): Use __inet_pton instead of inet_pton. Use __inet_makeaddr instead of inet_makeaddr. * conform/Makefile (test-xfail-POSIX/pthread.h/linknamespace): Remove variable. (test-xfail-POSIX/sched.h/linknamespace): Likewise. (test-xfail-POSIX/time.h/linknamespace): Likewise.
2014-12-16Fix x86_64 memrchr namespace (bug 17719).Joseph Myers
On x86_64, memrchr (not a standard function) is defined as a strong symbol, instead of a weak alias of __memrchr as on other architectures. This results in linknamespace test failures from the use of __memrchr from dirname. (Not a conformance issue because of the mem* reservation, but contrary to glibc conventions.) This patch makes x86_64 follow other architectures by defining memrchr as a weak alias. Tested for x86_64 (testsuite, and that disassembly of installed shared libraries is unchanged by the patch). [BZ #17719] * sysdeps/x86_64/memrchr.S (memrchr): Rename to __memrchr and define as weak alias of __memrchr. (__memrchr): Do not define as strong alias of memrchr. * conform/Makefile (test-xfail-XPG4/libgen.h/linknamespace): Remove variable. (test-xfail-UNIX98/libgen.h/linknamespace): Likewise. (test-xfail-XOPEN2K/libgen.h/linknamespace): Likewise. (test-xfail-XOPEN2K8/libgen.h/linknamespace): Likewise.
2014-12-16Fix resolver if_* namespace (bug 17717).Joseph Myers
Resolver code, brought in by pthreads (at least), uses if_* interfaces that weren't in POSIX before 2001, resulting in linknamespace failures. This patch changes those interfaces to be weak aliases of __if_* and makes the resolver use __if_* directly. Tested for x86_64 (testsuite, and that disassembly of installed shared libraries is unchanged by this patch). [BZ #17717] * inet/if_index.c (if_nametoindex): Rename to __if_nametoindex and define as weak alias of __if_nametoindex. Use libc_hidden_weak. (if_indextoname): Rename to __if_indextoname and define as weak alias of __if_indextoname. Use libc_hidden_weak. (if_freenameindex): Rename to __if_freenameindex and define as weak alias of __if_freenameindex. (if_nameindex): Rename to __if_nameindex and define as weak alias of __if_nameindex. * sysdeps/mach/hurd/if_index.c (if_nametoindex): Rename to __if_nametoindex and define as weak alias of __if_nametoindex. Use libc_hidden_weak. (if_freenameindex): Rename to __if_freenameindex and define as weak alias of __if_freenameindex. (if_nameindex): Rename to __if_nameindex and define as weak alias of __if_nameindex. (if_indextoname): Rename to __if_indextoname and define as weak alias of __if_indextoname. Use libc_hidden_weak. * sysdeps/unix/sysv/linux/if_index.c (if_nametoindex): Rename to __if_nametoindex and define as weak alias of __if_nametoindex. Use libc_hidden_weak. (if_freenameindex): Rename to __if_freenameindex and define as weak alias of __if_freenameindex. Use libc_hidden_weak. (if_nameindex_netlink): Use __if_freenameindex instead of if_freenameindex. (if_nameindex): Rename to __if_nameindex and define as weak alias of __if_nameindex. Use libc_hidden_weak. (if_indextoname): Rename to __if_indextoname and define as weak alias of __if_indextoname. Use libc_hidden_weak. * include/net/if.h [!_ISOMAC] (__if_nametoindex): Declare and use libc_hidden_proto. [!_ISOMAC] (__if_freenameindex): Likewise. * resolv/res_init.c (__res_vinit): Use __if_nametoindex instead of if_nametoindex. * conform/Makefile (test-xfail-XPG4/grp.h/linknamespace): Remove variable. (test-xfail-XPG4/pwd.h/linknamespace): Likewise. (test-xfail-UNIX98/aio.h/linknamespace): Likewise. (test-xfail-UNIX98/grp.h/linknamespace): Likewise. (test-xfail-UNIX98/pthread.h/linknamespace): Likewise. (test-xfail-UNIX98/pwd.h/linknamespace): Likewise. (test-xfail-UNIX98/sched.h/linknamespace): Likewise. (test-xfail-UNIX98/time.h/linknamespace): Likewise.
2014-12-16Avoid infinite loop in nss_dns getnetbyname [BZ #17630]Florian Weimer
2014-12-16Return allocated array instead of unallocated.Ondřej Bílka
In locale/programs/ld-ctype.c we returned array that was on stack. Fixed by returning static array instead.
2014-12-15CVE-2012-3406: Stack overflow in vfprintf [BZ #16617]Jeff Law
A larger number of format specifiers coudld cause a stack overflow, potentially allowing to bypass _FORTIFY_SOURCE format string protection.
2014-12-11Properly handle forced elision in pthread_mutex_trylock (bug 16657)Andreas Schwab
2014-12-11intl: Merge with gettext version 0.19.3Will Newton
This patch merges the latest release of gettext into the intl subdirectory. The initial motivation was to include the plural.y changes which enable building with bison 3.0, but the majority of the other changes are merely cosmetic so it seemed like merging the whole directory was simpler than trying to take it piecemeal. The merge was done by copying across the latext gettext code and adding in a few small glibc changes that have been added over the years that seemed beneficial, as well as a couple of small build fixes that should be merged back to gettext. I also reverted the gettext commit: commit 279b57fc367251666f00e8e2b599b83703451afb Author: Bruno Haible <bruno@clisp.org> Date: Fri Jun 14 12:03:49 2002 +0000 Make absolute pathnames inside $LANGUAGE work. As it caused localedata/tst-setlocale3 to fail and it wasn't clear that glibc wanted that behaviour. The merge has dropped many uses of __glibc_likely/unlikely. This is intentional given that it eases merging. It seems to me that the cost of continually rewriting these lines when merging and the risk of adding bugs when doing so outweighs the benefits of using these macros when code is shared with another project. Tested with make check on x86_64. ChangeLog: 2014-12-11 Will Newton <will.newton@linaro.org> Merge gettext 0.19.3 into intl/. This involves a number of cosmetic changes to comments and ANSI function definitions and prototypes throughout all the files. The gettext copyright header is used but with the date ranges taken from the glibc copy. * NEWS: Add gettext merge to 2.21. * intl/bindtextdom.c: Switch to gettext copyright. Use ANSI definitions and prototypes. Use gl_* locking primitives rather than __libc_* ones. Use __builtin_expect rather than __glibc_likely/unlikely. * intl/dcgettext.c: Switch to gettext copyright. Use ANSI definitions and prototypes. * intl/dcigettext.c: Switch to gettext copyright. Use ANSI definitions and prototypes. (INTDIV0_RAISES_SIGFPE): New define. Use gl_* locking primitives rather than __libc_* ones. Include eval-plural.h instead of plural-eval.c. Use __builtin_expect rather than __glibc_likely/unlikely. * intl/dcngettext.c: Switch to gettext copyright. Use ANSI definitions and prototypes. * intl/dgettext.c: Likewise. * intl/dngettext.c: Likewise. * intl/plural-eval.c: Renamed to... * intl/eval-plural.h: ...this. * intl/explodename.c: Switch to gettext copyright. Use ANSI definitions and prototypes. (_nl_explode_name): Use strchr instead of __rawmemchr. * intl/finddomain.c: Switch to gettext copyright. Use ANSI definitions and prototypes. Use gl_* locking primitives rather than __libc_* ones. (_nl_find_domain): Use malloc rather than alloca for allocation of temporary locale name. * intl/gettext.c: Switch to gettext copyright. Use ANSI definitions and prototypes. * intl/gettextP.h: Switch to gettext copyright. Use ANSI definitions and prototypes. Use gl_* locking primitives rather than __libc_* ones. * intl/gmo.h: Switch to gettext copyright. (struct sysdep_string): Move struct segment_pair outside of struct definition. * intl/hash-string.c: Use ANSI definitions and prototypes. * intl/hash-string.h: Switch to gettext copyright. Use ANSI definitions and prototypes. * intl/l10nflist.c: Switch to gettext copyright. Use ANSI definitions and prototypes. (_nl_normalize_codeset): Avoid integer overflow. * intl/loadinfo.h: Switch to gettext copyright. Use ANSI definitions and prototypes. (LIBINTL_DLL_EXPORTED): New define. (PATH_SEPARATOR): New define. * intl/loadmsgcat.c: Switch to gettext copyright. * intl/localealias.c: Switch to gettext copyright. Use ANSI definitions and prototypes. (_nl_expand_alias): Use PATH_SEPARATOR. * intl/ngettext.c: Switch to gettext copyright. Use ANSI definitions and prototypes. * intl/plural-exp.c: Likewise. * intl/plural-exp.h: Switch to gettext copyright. Use ANSI definitions and prototypes. (struct expression): Move definition of enum operator outside of struct definition. * intl/plural.c: Regenerate. * intl/plural.y: Switch to gettext copyright. Use ANSI definitions and prototypes. Port to bison 3.0. * intl/textdomain.c: Switch to gettext copyright. Use ANSI definitions and prototypes. Use gl_* locking primitives rather than __libc_* ones.
2014-12-10Fix strftime wcschr namespace (bug 17634).Joseph Myers
Use of strftime, a C90 function, ends up bringing in wcschr, which is not a C90 function. Although not a conformance bug (C90 reserves wcs*), this is still contrary to glibc practice of avoiding relying on those reservations; this patch arranges for the internal uses to use __wcschr instead, with wcschr being a weak alias. This is more complicated than some such patches because of the various IFUNC definitions of wcschr (which include code redefining libc_hidden_def in a way that involves creating __GI_wcschr manually and so also needs to create __GI___wcschr after the change of internal uses to use __wcschr). Tested for x86_64 and 32-bit x86 (testsuite, and that disassembly of installed shared libraries is unchanged by the patch). 2014-12-10 Joseph Myers <joseph@codesourcery.com> Adhemerval Zanella <azanella@linux.vnet.ibm.com> [BZ #17634] * wcsmbs/wcschr.c [!WCSCHR] (wcschr): Define as __wcschr. Undefine after defining function. Define as weak alias of __wcschr. Use libc_hidden_weak. * include/wchar.h (__wcschr): Declare. Use libc_hidden_proto. * sysdeps/i386/i686/multiarch/wcschr-c.c [IS_IN (libc) && SHARED] (libc_hidden_def): Also define __GI___wcschr alias. * sysdeps/i386/i686/multiarch/wcschr.S (wcschr): Rename to __wcschr and define as weak alias of __wcschr. * sysdeps/powerpc/power6/wcschr.c [!WCSCHR] (WCSCHR): Define as __wcschr. [!WCSCHR] (DEFAULT_WCSCHR): Define. [DEFAULT_WCSCHR] (__wcschr): Use libc_hidden_def. [DEFAULT_WCSCHR] (wcschr): Define as weak alias of __wcschr. Use libc_hidden_weak. Do not use libc_hidden_def. * sysdeps/powerpc/powerpc32/power4/multiarch/wcschr-ppc32.c [IS_IN (libc) && SHARED] (libc_hidden_def): Also define __GI___wcschr alias. * sysdeps/powerpc/powerpc32/power4/multiarch/wcschr.c [IS_IN (libc)] (wcschr): Define as macro expanding to __redirect_wcschr. [IS_IN (libc)] (__wcschr_ppc): Use __redirect_wcschr in typeof. [IS_IN (libc)] (__wcschr_power6): Likewise. [IS_IN (libc)] (__wcschr_power7): Likewise. [IS_IN (libc)] (__libc_wcschr): New. Define with libc_ifunc instead of wcschr. [IS_IN (libc)] (wcschr): Undefine and define as weak alias of __libc_wcschr. [!IS_IN (libc)] (libc_hidden_def): Do not undefine and redefine. * sysdeps/powerpc/powerpc64/multiarch/wcschr.c (wcschr): Rename to __wcschr and define as weak alias of __wcschr. Use libc_hidden_builtin_def. * sysdeps/x86_64/wcschr.S (wcschr): Rename to __wcschr and define as weak alias of __wcschr. Use libc_hidden_weak. * time/alt_digit.c (_nl_get_walt_digit): Use __wcschr instead of wcschr. * time/era.c (_nl_init_era_entries): Likewise. * conform/Makefile (test-xfail-ISO/time.h/linknamespace): Remove variable. (test-xfail-XPG3/time.h/linknamespace): Likewise. (test-xfail-XPG4/time.h/linknamespace): Likewise.
2014-12-10manual: Remove incorrect claim that qsort() can be stabilizedAnders Kaseorg
Under certain conditions on the size of the array and its items, qsort() may fall back to an in-place quicksort if it cannot allocate memory for a temporary array with malloc(). This algorithm is not a stable sort even if the comparison function is written in the described manner. Fixes #10672. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2014-12-10Update NEWSAndreas Schwab
2014-12-10Use -Werror by default, add --disable-werror.Joseph Myers
As discussed starting at <https://sourceware.org/ml/libc-alpha/2014-11/msg00323.html>, this patch makes the glibc build use -Werror by default to avoid accidentally adding new warnings to the build. The configure option --disable-werror can be used to disable this. -Wno-error=undef is temporarily used because the build isn't clean regarding -Wundef warnings. The idea is that once the remaining -Wundef warnings have been cleaned up (in at least one configuration), -Wno-error=undef will be removed. I get a clean build and test on x86_64 (GCC 4.9 branch) with this patch. The expectation is that this may well break the build for some other configurations, and people seeing such breakage should make appropriate fixes to fix or suppress the warnings for their configurations. In some cases that may involve using pragmas as the right fix (I think that will be right for the -Wno-inline issue for MIPS I referred to in <https://sourceware.org/ml/libc-alpha/2012-11/msg00798.html>, for example), in some cases -Wno-error in sysdeps makefiles (__restore_rt in MIPS sigaction, for example), in some cases substantive fixes for the warnings. Note that if, with a view to listing all the warnings then fixing them all, you just look for "warning:" in output from building and testing with --disable-werror, you'll see lots of warnings from the linker about functions such as tmpnam. Those warnings can be ignored - only compiler warnings are relevant to -Werror, not linker warnings. * configure.ac (--disable-werror): New configure option. (enable_werror): New AC_SUBST. * configure: Regenerated. * config.make.in (enable-werror): New variable. * Makeconfig [$(enable-werror) = yes] (+gccwarn): Add -Werror -Wno-error=undef. (+gccwarn-c): Do not use -Werror=implicit-function-declaration. * manual/install.texi (Configuring and compiling): Document --disable-werror. * INSTALL: Regenerated. * debug/Makefile (CFLAGS-tst-chk1.c): Add -Wno-error. (CFLAGS-tst-chk2.c): Likewise. (CFLAGS-tst-chk3.c): Likewise. (CFLAGS-tst-chk4.cc): Likewise. (CFLAGS-tst-chk5.cc): Likewise. (CFLAGS-tst-chk6.cc): Likewise. (CFLAGS-tst-lfschk1.c): Likewise. (CFLAGS-tst-lfschk2.c): Likewise. (CFLAGS-tst-lfschk3.c): Likewise. (CFLAGS-tst-lfschk4.cc): Likewise. (CFLAGS-tst-lfschk5.cc): Likewise. (CFLAGS-tst-lfschk6.cc): Likewise.
2014-12-06Fix pthreads getrlimit, gettimeofday namespace (bug 17682).Joseph Myers
Some pthreads functions use getrlimit and gettimeofday, but these functions are XSI, not base POSIX; this is a namespace issue for dynamic linking as well as static linking. This patch makes them use __getrlimit and __gettimeofday instead - the former needed to be newly exported from libc.so at GLIBC_PRIVATE (and so now needs libc_hidden_proto / libc_hidden_def), the latter was already exported. Tested for x86_64 (testsuite, and that disassembly of installed shared libraries is unchanged by the patch). [BZ #17682] * resource/Versions (libc): Add __getrlimit at GLIBC_PRIVATE. * resource/getrlimit.c (__getrlimit): Use libc_hidden_def. * sysdeps/mach/hurd/getrlimit.c (__getrlimit): Likewise. * include/sys/resource.h (__getrlimit): Use libc_hidden_proto. * nptl/nptl-init.c (__pthread_initialize_minimal_internal): Use __getrlimit instead of getrlimit. * nptl/pthread_cond_timedwait.c (__pthread_cond_timedwait): Use __gettimeofday instead of gettimeofday. * nptl/pthread_rwlock_timedrdlock.c (pthread_rwlock_timedrdlock): Likewise. * nptl/pthread_rwlock_timedwrlock.c (pthread_rwlock_timedwrlock): Likewise. * sysdeps/pthread/aio_misc.c (handle_fildes_io): Likewise. * conform/Makefile (test-xfail-POSIX2008/aio.h/linknamespace): Remove variable. (test-xfail-POSIX2008/pthread.h/linknamespace): Likewise. (test-xfail-POSIX2008/time.h/linknamespace): Likewise.
2014-12-04Reset cached offset when reading to end of stream (BZ #17653)Siddhesh Poyarekar
POSIX allows applications to switch file handles when a read results in an end of file. Unset the cached offset at this point so that it is queried again.
2014-12-04ftell: seek to end only when there are unflushed bytes (BZ #17647)Siddhesh Poyarekar
Currently we seek to end of file if there are unflushed writes or the stream is in write mode, to get the current offset for writing in append mode, which is the end of file. The latter case (i.e. stream is in write mode, but no unflushed writes) is unnecessary since it will only happen when the stream has just been flushed, in which case the recorded offset ought to be reliable. Removing that case lets ftell give the correct offset when it follows an ftruncate. The latter truncates the file, but does not change the file position, due to which it is permissible to call ftell without an intervening fseek call. Tested on x86_64 to verify that the added test case fails without the patch and succeeds with it, and that there are no additional regressions due to it. [BZ #17647] * libio/fileops.c (do_ftell): Seek only when there are unflushed writes. * libio/wfileops.c (do_ftell_wide): Likewise. * libio/tst-ftell-active-handler.c (do_ftruncate_test): New test case. (do_one_test): Call it.
2014-12-02Fix getifaddrs, freeifaddrs namespace (bug 17668).Joseph Myers
Various objects in glibc bring in ifaddrs.o (via references to __netlink_*) and thereby getifaddrs and freeifaddrs, which are not part of any standard supported by glibc. These should be weak aliases of __getifaddrs and __freeifaddrs; this patch makes them so. (The path by which these functions are brought in is Linux-specific, but it seems less confusing to make all versions of these functions weak aliases rather than only the Linux-specific versions that definitely need it.) Tested for x86_64 (testsuite, and that disassembly of installed shared libraries is unchanged by this patch). [BZ #17668] * inet/ifaddrs.c (getifaddrs): Rename to __getifaddrs and define as weak alias of __getifaddrs. Use libc_hidden_weak. (freeifaddrs): Rename to __freeifaddrs and define as weak alias of __freeifaddrs. Use libc_hidden_weak. * sysdeps/gnu/ifaddrs.c (getifaddrs): Rename to __getifaddrs and define as weak alias of __getifaddrs. Use libc_hidden_weak. (freeifaddrs): Rename to __freeifaddrs and define as weak alias of __freeifaddrs. Use libc_hidden_weak. * sysdeps/unix/sysv/linux/ifaddrs.c (getifaddrs): Rename to __getifaddrs and define as weak alias of __getifaddrs. Use libc_hidden_weak. (freeifaddrs): Rename to __freeifaddrs and define as weak alias of __freeifaddrs. Use libc_hidden_weak. * conform/Makefile (test-xfail-XOPEN2K/net/if.h/linknamespace): Remove variable. (test-xfail-POSIX2008/net/if.h/linknamespace): Likewise. (test-xfail-XOPEN2K8/net/if.h/linknamespace): Likewise.
2014-12-02mips: Do not use jal to reach __libc_start_mainPetar Jovanovic
Since __libc_start_main may not be in the same 256MB-aligned region as the function __start, replace use of jal instruction with la/jalr. This fixes linker issue reported in: https://sourceware.org/bugzilla/show_bug.cgi?id=17601 [BZ #17601] * sysdeps/mips/start.S (__start): Use indirect jump to call __libc_start_main.
2014-12-02Remove excess declarations from unistd.h for XPG3/XPG4 (bug 17665).Joseph Myers
For XPG3/XPG4 (defined __USE_XOPEN && !defined __USE_UNIX98), unistd.h declares many functions that should only be declared for __USE_MISC (none of them are in XPG3/XPG4): sethostname sethostid getdomainname setdomainname vhangup revoke profil acct getusershell endusershell setusershell daemon. The whole block with the [__USE_MISC || (__USE_XOPEN && !__USE_UNIX98)] conditional contains only functions that are not in XPG3/XPG4, so this patch simply changes the conditional. Tested for x86_64 (testsuite, and that installed stripped shared libraries are unchanged by this patch). [BZ #17665] * posix/unistd.h [__USE_MISC || (__USE_XOPEN && !__USE_UNIX98)]: Change conditional to [__USE_MISC].
2014-12-02Fix fgets_unlocked namespace issues (bug 17664).Joseph Myers
Various POSIX functions bring in res_init.o, res_hconf.o or mntent_r.o, which use fgets_unlocked, which is not a POSIX function. This patch arranges for them to use __fgets_unlocked instead. (The IS_IN (libc) conditional in rec_hconf.c is needed because that file is also used in nscd.) Tested for x86_64 (testsuite, and that disassembly of installed shared libraries is unchanged by the patch except for an assertion line number). Note that most of the linknamespace tests that failed because of fgets_unlocked from the resolver also fail because of other symbols brought in by the resolver, so the number of XFAILs this removes is limited. Also note that fgets_unlocked failures for unistd.h for XPG3/XPG4 showed up that actually unistd.h is declaring too much for XPG3/XPG4 (bug 17665) - there is no actual need to make getusershell.c use __fgets_unlocked (at least as regards formal standards are concerned; maybe it should still change for namespace-cleanness of _DEFAULT_SOURCE) because the functions there aren't actually in any of the supported standards; the correct fix for those failures will be to stop the *usershell* functions appearing in unistd.h for XPG3/XPG4. [BZ #17664] * misc/mntent_r.c (__getmntent_r): Use __fgets_unlocked instead of fgets_unlocked. * resolv/res_hconf.c [IS_IN (libc)] (fgets_unlocked): Define to __fgets_unlocked. * resolv/res_init.c (__res_vinit): Use __fgets_unlocked instead of fgets_unlocked. * conform/Makefile (test-xfail-XPG4/sys/statvfs.h/linknamespace): Remove variable. (test-xfail-POSIX/sys/mman.h/linknamespace): Likewise. (test-xfail-UNIX98/sys/mman.h/linknamespace): Likewise. (test-xfail-UNIX98/sys/statvfs.h/linknamespace): Likewise. (test-xfail-XOPEN2K/sys/mman.h/linknamespace): Likewise. (test-xfail-XOPEN2K/sys/statvfs.h/linknamespace): Likewise. (test-xfail-POSIX2008/sys/mman.h/linknamespace): Likewise. (test-xfail-POSIX2008/sys/statvfs.h/linknamespace): Likewise. (test-xfail-XOPEN2K8/sys/mman.h/linknamespace): Likewise. (test-xfail-XOPEN2K8/sys/statvfs.h/linknamespace): Likewise.
2014-12-01Fix for test "malloc_usable_size: expected 7 but got 11"James Lemke
[BZ #17581] The checking chain of unused chunks was terminated by a hash of the block pointer, which was sometimes confused with the chunk length byte. The chain is now terminated by a NULL byte.
2014-12-01Update NEWS for previous two commitsSiddhesh Poyarekar
2014-11-28Mention fix for PR 13862H.J. Lu
2014-11-26FIx ldbl-128ibm frexpl for 32-bit systems (bug 16619, bug 16740).Joseph Myers
This patch fixes bugs in ldbl-128ibm frexpl for 32-bit systems shown up by warnings: ../sysdeps/ieee754/ldbl-128ibm/s_frexpl.c:82:4: warning: left shift count >= width of type ../sysdeps/ieee754/ldbl-128ibm/s_frexpl.c:129:5: warning: left shift count >= width of type This did in fact show up in test-ldouble.out (alongside all the other problems there ... maybe we should again consider running the libm tests at finer granularity from the makefiles) as already covered by the testsuite after the previous patch that fixed these bugs for 64-bit systems. The fix is simply using 1LL instead of 1L when shifting by 52. Tested for powerpc32 (soft float). [BZ #16619] [BZ #16740] * sysdeps/ieee754/ldbl-128ibm/s_frexpl.c (__frexpl): Use 1LL << 52 instead of 1L << 52.
2014-11-24Update NEWS for bug 17608Florian Weimer
2014-11-24Fix perror fileno namespace (bug 17633).Joseph Myers
perror, an ISO C function, uses fileno, which is not an ISO C function. This patch makes it use __fileno instead. (The nearby call to fdopen is not a problem because that's #defined to _IO_new_fdopen.) Tested for x86_64 (testsuite, and that installed stripped shared libraries are unchanged by this patch). [BZ #17633] * stdio-common/perror.c (perror): Call __fileno instead of fileno. * conform/Makefile (test-xfail-ISO/stdio.h/linknamespace): Remove variable. (test-xfail-ISO99/stdio.h/linknamespace): Likewise. (test-xfail-ISO11/stdio.h/linknamespace): Likewise.
2014-11-21BZ#16469: don't drop trailing dot in res_nquerydomain(..., name, NULL, ...)Alexandre Oliva
If we drop it here, we will fail to detect a duplicate trailing dot later on. Retaining, OTOH, has no ill effects whatsoever, and it even saves us the trouble of copying the domain name minus the trailing dot, like we used to do. for ChangeLog [BZ #16469] * NEWS: Update. * resolv/res_query.c (__libc_res_nquerydomain): Retain trailing dot. * posix/tst-getaddrinfo5.c: New. * posix/Makefile (tests): Add it.
2014-11-21BZ#14498: fix infinite loop in nss_db_getservbynameAlexandre Oliva
nss_db uses nss_files code for services, but a continue on protocol mismatch that doesn't affect nss_files skipped the code that advanced to the next db entry. Any one of these changes would suffice to fix it, but fixing both makes them both safer to reuse elsewhere. for ChangeLog [BZ #14498] * NEWS: Fixed. * nss/nss_db/db-XXX.c (_nss_db_get##name##_r): Update hidx after parsing line but before break_if_match. * nss/nss_files/files-service (DB_LOOKUP): Don't "continue;" if there is a protocol mismatch.
2014-11-19CVE-2014-7817: wordexp fails to honour WRDE_NOCMD.Carlos O'Donell
The function wordexp() fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of "$((... ``))" where "..." can be anything valid. The backticks in the arithmetic epxression are evaluated by in a shell even if WRDE_NOCMD forbade command substitution. This allows an attacker to attempt to pass dangerous commands via constructs of the above form, and bypass the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD in exec_comm(), the only place that can execute a shell. All other checks for WRDE_NOCMD are superfluous and removed. We expand the testsuite and add 3 new regression tests of roughly the same form but with a couple of nested levels. On top of the 3 new tests we add fork validation to the WRDE_NOCMD testing. If any forks are detected during the execution of a wordexp() call with WRDE_NOCMD, the test is marked as failed. This is slightly heuristic since vfork might be used in the future, but it provides a higher level of assurance that no shells were executed as part of command substitution with WRDE_NOCMD in effect. In addition it doesn't require libpthread or libdl, instead we use the public implementation namespace function __register_atfork (already part of the public ABI for libpthread). Tested on x86_64 with no regressions.