GIT update of https://sourceware.org/git/glibc.git/release/2.40/master from glibc-2.40
GIT update of https://sourceware.org/git/glibc.git/release/2.40/master from glibc-2.40
Gbp-Pq: Name git-updates.diff
--- /dev/null
+For the GNU C Library Security Advisories, see the git master branch:
+https://sourceware.org/git/?p=glibc.git;a=tree;f=advisories;hb=HEAD
Please send GNU C library bug reports via <https://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
\f
+Version 2.40.1
+
+The following bugs are resolved with this release:
+
+ [30081] resolv: Do not wait for non-existing second DNS response after error
+ [31968] mremap implementation in C does not handle arguments correctly
+ [31890] resolv: Allow short error responses to match any DNS query
+ [31968] mremap implementation in C does not handle arguments correctly
+ [32026] strerror/strsignal TLS not handled correctly for secondary namespaces
+ [32052] Name space violation in fortify wrappers
+\f
Version 2.40
Major new features:
+++ /dev/null
-printf: incorrect output for integers with thousands separator and width field
-
-When the printf family of functions is called with a format specifier
-that uses an <apostrophe> (enable grouping) and a minimum width
-specifier, the resulting output could be larger than reasonably expected
-by a caller that computed a tight bound on the buffer size. The
-resulting larger than expected output could result in a buffer overflow
-in the printf family of functions.
-
-CVE-Id: CVE-2023-25139
-Public-Date: 2023-02-02
-Vulnerable-Commit: e88b9f0e5cc50cab57a299dc7efe1a4eb385161d (2.37)
-Fix-Commit: c980549cc6a1c03c23cc2fe3e7b0fe626a0364b0 (2.38)
-Fix-Commit: 07b9521fc6369d000216b96562ff7c0ed32a16c4 (2.37-4)
+++ /dev/null
-getaddrinfo: Stack read overflow in no-aaaa mode
-
-If the system is configured in no-aaaa mode via /etc/resolv.conf,
-getaddrinfo is called for the AF_UNSPEC address family, and a DNS
-response is received over TCP that is larger than 2048 bytes,
-getaddrinfo may potentially disclose stack contents via the returned
-address data, or crash.
-
-CVE-Id: CVE-2023-4527
-Public-Date: 2023-09-12
-Vulnerable-Commit: f282cdbe7f436c75864e5640a409a10485e9abb2 (2.36)
-Fix-Commit: bd77dd7e73e3530203be1c52c8a29d08270cb25d (2.39)
-Fix-Commit: 4ea972b7edd7e36610e8cde18bf7a8149d7bac4f (2.36-113)
-Fix-Commit: b7529346025a130fee483d42178b5c118da971bb (2.37-38)
-Fix-Commit: b25508dd774b617f99419bdc3cf2ace4560cd2d6 (2.38-19)
+++ /dev/null
-getaddrinfo: Potential use-after-free
-
-When an NSS plugin only implements the _gethostbyname2_r and
-_getcanonname_r callbacks, getaddrinfo could use memory that was freed
-during buffer resizing, potentially causing a crash or read or write to
-arbitrary memory.
-
-CVE-Id: CVE-2023-4806
-Public-Date: 2023-09-12
-Fix-Commit: 973fe93a5675c42798b2161c6f29c01b0e243994 (2.39)
-Fix-Commit: e09ee267c03e3150c2c9ba28625ab130705a485e (2.34-420)
-Fix-Commit: e3ccb230a961b4797510e6a1f5f21fd9021853e7 (2.35-270)
-Fix-Commit: a9728f798ec7f05454c95637ee6581afaa9b487d (2.36-115)
-Fix-Commit: 6529a7466c935f36e9006b854d6f4e1d4876f942 (2.37-39)
-Fix-Commit: 00ae4f10b504bc4564e9f22f00907093f1ab9338 (2.38-20)
+++ /dev/null
-tunables: local privilege escalation through buffer overflow
-
-If a tunable of the form NAME=NAME=VAL is passed in the environment of a
-setuid program and NAME is valid, it may result in a buffer overflow,
-which could be exploited to achieve escalated privileges. This flaw was
-introduced in glibc 2.34.
-
-CVE-Id: CVE-2023-4911
-Public-Date: 2023-10-03
-Vulnerable-Commit: 2ed18c5b534d9e92fc006202a5af0df6b72e7aca (2.34)
-Fix-Commit: 1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa (2.39)
-Fix-Commit: dcc367f148bc92e7f3778a125f7a416b093964d9 (2.34-423)
-Fix-Commit: c84018a05aec80f5ee6f682db0da1130b0196aef (2.35-274)
-Fix-Commit: 22955ad85186ee05834e47e665056148ca07699c (2.36-118)
-Fix-Commit: b4e23c75aea756b4bddc4abcf27a1c6dca8b6bd3 (2.37-45)
-Fix-Commit: 750a45a783906a19591fb8ff6b7841470f1f5701 (2.38-27)
+++ /dev/null
-getaddrinfo: DoS due to memory leak
-
-The fix for CVE-2023-4806 introduced a memory leak when an application
-calls getaddrinfo for AF_INET6 with AI_CANONNAME, AI_ALL and AI_V4MAPPED
-flags set.
-
-CVE-Id: CVE-2023-5156
-Public-Date: 2023-09-25
-Vulnerable-Commit: e09ee267c03e3150c2c9ba28625ab130705a485e (2.34-420)
-Vulnerable-Commit: e3ccb230a961b4797510e6a1f5f21fd9021853e7 (2.35-270)
-Vulnerable-Commit: a9728f798ec7f05454c95637ee6581afaa9b487d (2.36-115)
-Vulnerable-Commit: 6529a7466c935f36e9006b854d6f4e1d4876f942 (2.37-39)
-Vulnerable-Commit: 00ae4f10b504bc4564e9f22f00907093f1ab9338 (2.38-20)
-Fix-Commit: 8006457ab7e1cd556b919f477348a96fe88f2e49 (2.34-421)
-Fix-Commit: 17092c0311f954e6f3c010f73ce3a78c24ac279a (2.35-272)
-Fix-Commit: 856bac55f98dc840e7c27cfa82262b933385de90 (2.36-116)
-Fix-Commit: 4473d1b87d04b25cdd0e0354814eeaa421328268 (2.37-42)
-Fix-Commit: 5ee59ca371b99984232d7584fe2b1a758b4421d3 (2.38-24)
+++ /dev/null
-syslog: Heap buffer overflow in __vsyslog_internal
-
-__vsyslog_internal did not handle a case where printing a SYSLOG_HEADER
-containing a long program name failed to update the required buffer
-size, leading to the allocation and overflow of a too-small buffer on
-the heap.
-
-CVE-Id: CVE-2023-6246
-Public-Date: 2024-01-30
-Vulnerable-Commit: 52a5be0df411ef3ff45c10c7c308cb92993d15b1 (2.37)
-Fix-Commit: 6bd0e4efcc78f3c0115e5ea9739a1642807450da (2.39)
-Fix-Commit: 23514c72b780f3da097ecf33a793b7ba9c2070d2 (2.38-42)
-Fix-Commit: 97a4292aa4a2642e251472b878d0ec4c46a0e59a (2.37-57)
-Vulnerable-Commit: b0e7888d1fa2dbd2d9e1645ec8c796abf78880b9 (2.36-16)
-Fix-Commit: d1a83b6767f68b3cb5b4b4ea2617254acd040c82 (2.36-126)
+++ /dev/null
-syslog: Heap buffer overflow in __vsyslog_internal
-
-__vsyslog_internal used the return value of snprintf/vsnprintf to
-calculate buffer sizes for memory allocation. If these functions (for
-any reason) failed and returned -1, the resulting buffer would be too
-small to hold output.
-
-CVE-Id: CVE-2023-6779
-Public-Date: 2024-01-30
-Vulnerable-Commit: 52a5be0df411ef3ff45c10c7c308cb92993d15b1 (2.37)
-Fix-Commit: 7e5a0c286da33159d47d0122007aac016f3e02cd (2.39)
-Fix-Commit: d0338312aace5bbfef85e03055e1212dd0e49578 (2.38-43)
-Fix-Commit: 67062eccd9a65d7fda9976a56aeaaf6c25a80214 (2.37-58)
-Vulnerable-Commit: b0e7888d1fa2dbd2d9e1645ec8c796abf78880b9 (2.36-16)
-Fix-Commit: 2bc9d7c002bdac38b5c2a3f11b78e309d7765b83 (2.36-127)
+++ /dev/null
-syslog: Integer overflow in __vsyslog_internal
-
-__vsyslog_internal calculated a buffer size by adding two integers, but
-did not first check if the addition would overflow.
-
-CVE-Id: CVE-2023-6780
-Public-Date: 2024-01-30
-Vulnerable-Commit: 52a5be0df411ef3ff45c10c7c308cb92993d15b1 (2.37)
-Fix-Commit: ddf542da94caf97ff43cc2875c88749880b7259b (2.39)
-Fix-Commit: d37c2b20a4787463d192b32041c3406c2bd91de0 (2.38-44)
-Fix-Commit: 2b58cba076e912961ceaa5fa58588e4b10f791c0 (2.37-59)
-Vulnerable-Commit: b0e7888d1fa2dbd2d9e1645ec8c796abf78880b9 (2.36-16)
-Fix-Commit: b9b7d6a27aa0632f334352fa400771115b3c69b7 (2.36-128)
+++ /dev/null
-ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence
-
-The iconv() function in the GNU C Library versions 2.39 and older may
-overflow the output buffer passed to it by up to 4 bytes when converting
-strings to the ISO-2022-CN-EXT character set, which may be used to
-crash an application or overwrite a neighbouring variable.
-
-ISO-2022-CN-EXT uses escape sequences to indicate character set changes
-(as specified by RFC 1922). While the SOdesignation has the expected
-bounds checks, neither SS2designation nor SS3designation have its;
-allowing a write overflow of 1, 2, or 3 bytes with fixed values:
-'$+I', '$+J', '$+K', '$+L', '$+M', or '$*H'.
-
-CVE-Id: CVE-2024-2961
-Public-Date: 2024-04-17
-Vulnerable-Commit: 755104edc75c53f4a0e7440334e944ad3c6b32fc (2.1.93-169)
-Fix-Commit: f9dc609e06b1136bb0408be9605ce7973a767ada (2.40)
-Fix-Commit: 31da30f23cddd36db29d5b6a1c7619361b271fb4 (2.39-31)
-Fix-Commit: e1135387deded5d73924f6ca20c72a35dc8e1bda (2.38-66)
-Fix-Commit: 89ce64b269a897a7780e4c73a7412016381c6ecf (2.37-89)
-Fix-Commit: 4ed98540a7fd19f458287e783ae59c41e64df7b5 (2.36-164)
-Fix-Commit: 36280d1ce5e245aabefb877fe4d3c6cff95dabfa (2.35-315)
-Fix-Commit: a8b0561db4b9847ebfbfec20075697d5492a363c (2.34-459)
-Fix-Commit: ed4f16ff6bed3037266f1fa682ebd32a18fce29c (2.33-263)
-Fix-Commit: 682ad4c8623e611a971839990ceef00346289cc9 (2.32-140)
-Fix-Commit: 3703c32a8d304c1ee12126134ce69be965f38000 (2.31-154)
-
-Reported-By: Charles Fol
+++ /dev/null
-nscd: Stack-based buffer overflow in netgroup cache
-
-If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted
-by client requests then a subsequent client request for netgroup data
-may result in a stack-based buffer overflow. This flaw was introduced
-in glibc 2.15 when the cache was added to nscd.
-
-This vulnerability is only present in the nscd binary.
-
-CVE-Id: CVE-2024-33599
-Public-Date: 2024-04-23
-Vulnerable-Commit: 684ae515993269277448150a1ca70db3b94aa5bd (2.15)
-Fix-Commit: 69c58d5ef9f584ea198bd00f7964d364d0e6b921 (2.31-155)
-Fix-Commit: a77064893bfe8a701770e2f53a4d33805bc47a5a (2.32-141)
-Fix-Commit: 5c75001a96abcd50cbdb74df24c3f013188d076e (2.33-264)
-Fix-Commit: 52f73e5c4e29b14e79167272297977f360ae1e97 (2.34-460)
-Fix-Commit: 7a95873543ce225376faf13bb71c43dea6d24f86 (2.35-316)
-Fix-Commit: caa3151ca460bdd9330adeedd68c3112d97bffe4 (2.36-165)
-Fix-Commit: f75c298e747b2b8b41b1c2f551c011a52c41bfd1 (2.37-91)
-Fix-Commit: 5968aebb86164034b8f8421b4abab2f837a5bdaf (2.38-72)
-Fix-Commit: 1263d583d2e28afb8be53f8d6922f0842036f35d (2.39-35)
-Fix-Commit: 87801a8fd06db1d654eea3e4f7626ff476a9bdaa (2.40)
+++ /dev/null
-nscd: Null pointer crash after notfound response
-
-If the Name Service Cache Daemon's (nscd) cache fails to add a not-found
-netgroup response to the cache, the client request can result in a null
-pointer dereference. This flaw was introduced in glibc 2.15 when the
-cache was added to nscd.
-
-This vulnerability is only present in the nscd binary.
-
-CVE-Id: CVE-2024-33600
-Public-Date: 2024-04-24
-Vulnerable-Commit: 684ae515993269277448150a1ca70db3b94aa5bd (2.15)
-Fix-Commit: b048a482f088e53144d26a61c390bed0210f49f2 (2.40)
-Fix-Commit: 7835b00dbce53c3c87bbbb1754a95fb5e58187aa (2.40)
-Fix-Commit: c99f886de54446cd4447db6b44be93dabbdc2f8b (2.39-37)
-Fix-Commit: 5a508e0b508c8ad53bd0d2fb48fd71b242626341 (2.39-36)
-Fix-Commit: 2ae9446c1b7a3064743b4a51c0bbae668ee43e4c (2.38-74)
-Fix-Commit: 541ea5172aa658c4bd5c6c6d6fd13903c3d5bb0a (2.38-73)
-Fix-Commit: a8070b31043c7585c36ba68a74298c4f7af075c3 (2.37-93)
-Fix-Commit: 5eea50c4402e39588de98aa1d4469a79774703d4 (2.37-92)
-Fix-Commit: f205b3af56740e3b014915b1bd3b162afe3407ef (2.36-167)
-Fix-Commit: c34f470a615b136170abd16142da5dd0c024f7d1 (2.36-166)
-Fix-Commit: bafadc589fbe21ae330e8c2af74db9da44a17660 (2.35-318)
-Fix-Commit: 4370bef52b0f3f3652c6aa13d7a9bb3ac079746d (2.35-317)
-Fix-Commit: 1f94122289a9bf7dba573f5d60327aaa2b85cf2e (2.34-462)
-Fix-Commit: 966d6ac9e40222b84bb21674cc4f83c8d72a5a26 (2.34-461)
-Fix-Commit: e3eef1b8fbdd3a7917af466ca9c4b7477251ca79 (2.33-266)
-Fix-Commit: f20a8d696b13c6261b52a6434899121f8b19d5a7 (2.33-265)
-Fix-Commit: be602180146de37582a3da3a0caa4b719645de9c (2.32-143)
-Fix-Commit: 394eae338199078b7961b051c191539870742d7b (2.32-142)
-Fix-Commit: 8d7949183760170c61e55def723c1d8050187874 (2.31-157)
-Fix-Commit: 304ce5fe466c4762b21b36c26926a4657b59b53e (2.31-156)
+++ /dev/null
-nscd: netgroup cache may terminate daemon on memory allocation failure
-
-The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or
-xrealloc and these functions may terminate the process due to a memory
-allocation failure resulting in a denial of service to the clients. The
-flaw was introduced in glibc 2.15 when the cache was added to nscd.
-
-This vulnerability is only present in the nscd binary.
-
-Subsequent refactoring of the netgroup cache only added more uses of
-xmalloc and xrealloc. Uses of xmalloc and xrealloc in other parts of
-nscd only occur during startup of the daemon and so are not affected by
-client requests that could trigger an out of memory followed by
-termination.
-
-CVE-Id: CVE-2024-33601
-Public-Date: 2024-04-24
-Vulnerable-Commit: 684ae515993269277448150a1ca70db3b94aa5bd (2.15)
-Fix-Commit: c04a21e050d64a1193a6daab872bca2528bda44b (2.40)
-Fix-Commit: a9a8d3eebb145779a18d90e3966009a1daa63cd8 (2.39-38)
-Fix-Commit: 71af8ca864345d39b746d5cee84b94b430fad5db (2.38-75)
-Fix-Commit: 6e106dc214d6a033a4e945d1c6cf58061f1c5f1f (2.37-94)
-Fix-Commit: b6742463694b1dfdd5120b91ee21cf05d15ec2e2 (2.36-168)
-Fix-Commit: 7a5864cac60e06000394128a5a2817b03542f5a3 (2.35-319)
-Fix-Commit: 86f1d5f4129c373ac6fb6df5bcf38273838843cb (2.34-463)
-Fix-Commit: 4d27d4b9a188786fc6a56745506cec2acfc51f83 (2.33-267)
-Fix-Commit: 3ed195a8ec89da281e3c4bf887a13d281b72d8f4 (2.32-144)
-Fix-Commit: bbf5a58ccb55679217f94de706164d15372fbbc0 (2.31-158)
+++ /dev/null
-nscd: netgroup cache assumes NSS callback uses in-buffer strings
-
-The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory
-when the NSS callback does not store all strings in the provided buffer.
-The flaw was introduced in glibc 2.15 when the cache was added to nscd.
-
-This vulnerability is only present in the nscd binary.
-
-There is no guarantee from the NSS callback API that the returned
-strings are all within the buffer. However, the netgroup cache code
-assumes that the NSS callback uses in-buffer strings and if it doesn't
-the buffer resizing logic could lead to potential memory corruption.
-
-CVE-Id: CVE-2024-33602
-Public-Date: 2024-04-24
-Vulnerable-Commit: 684ae515993269277448150a1ca70db3b94aa5bd (2.15)
-Fix-Commit: c04a21e050d64a1193a6daab872bca2528bda44b (2.40)
-Fix-Commit: a9a8d3eebb145779a18d90e3966009a1daa63cd8 (2.39-38)
-Fix-Commit: 71af8ca864345d39b746d5cee84b94b430fad5db (2.38-75)
-Fix-Commit: 6e106dc214d6a033a4e945d1c6cf58061f1c5f1f (2.37-94)
-Fix-Commit: b6742463694b1dfdd5120b91ee21cf05d15ec2e2 (2.36-168)
-Fix-Commit: 7a5864cac60e06000394128a5a2817b03542f5a3 (2.35-319)
-Fix-Commit: 86f1d5f4129c373ac6fb6df5bcf38273838843cb (2.34-463)
-Fix-Commit: 4d27d4b9a188786fc6a56745506cec2acfc51f83 (2.33-267)
-Fix-Commit: 3ed195a8ec89da281e3c4bf887a13d281b72d8f4 (2.32-144)
-Fix-Commit: bbf5a58ccb55679217f94de706164d15372fbbc0 (2.31-158)
+++ /dev/null
-GNU C Library Security Advisory Format
-======================================
-
-Security advisories in this directory follow a simple git commit log
-format, with a heading and free-format description augmented with tags
-to allow parsing key information. References to code changes are
-specific to the glibc repository and follow a specific format:
-
- Tag-name: <commit-ref> (release-version)
-
-The <commit-ref> indicates a specific commit in the repository. The
-release-version indicates the publicly consumable release in which this
-commit is known to exist. The release-version is derived from the
-git-describe format, (i.e. stripped out from glibc-2.34.NNN-gxxxx) and
-is of the form 2.34-NNN. If the -NNN suffix is absent, it means that
-the change is in that release tarball, otherwise the change is on the
-release/2.YY/master branch and not in any released tarball.
-
-The following tags are currently being used:
-
-CVE-Id:
-This is the CVE-Id assigned under the CVE Program
-(https://www.cve.org/).
-
-Public-Date:
-The date this issue became publicly known.
-
-Vulnerable-Commit:
-The commit that introduced this vulnerability. There could be multiple
-entries, one for each release branch in the glibc repository; the
-release-version portion of this tag should tell you which branch this is
-on.
-
-Fix-Commit:
-The commit that fixed this vulnerability. There could be multiple
-entries for each release branch in the glibc repository, indicating that
-all of those commits contributed to fixing that issue in each of those
-branches.
-
-Reported-By:
-The entity that reported this issue. There could be multiple entries, one for
-each reporter.
-
-Adding an Advisory
-------------------
-
-An advisory for a CVE needs to be added on the master branch in two steps:
-
-1. Add the text of the advisory without any Fix-Commit tags along with
- the fix for the CVE. Add the Vulnerable-Commit tag, if applicable.
- The advisories directory does not exist in release branches, so keep
- the advisory text commit distinct from the code changes, to ease
- backports. Ask for the GLIBC-SA advisory number from the security
- team.
-
-2. Finish all backports on release branches and then back on the msater
- branch, add all commit refs to the advisory using the Fix-Commit
- tags. Don't bother adding the release-version subscript since the
- next step will overwrite it.
-
-3. Run the process-advisories.sh script in the scripts directory on the
- advisory:
-
- scripts/process-advisories.sh update GLIBC-SA-YYYY-NNNN
-
- (replace YYYY-NNNN with the actual advisory number).
-
-4. Verify the updated advisory and push the result.
-
-Getting a NEWS snippet from advisories
---------------------------------------
-
-Run:
-
- scripts/process-advisories.sh news
-
-and copy the content into the NEWS file.
is not for an audit module, not loaded via dlmopen, and not loaded
via static dlopen either). */
extern _Bool __libc_initial attribute_hidden;
+#else
+/* The static libc is always the initial namespace. */
+# define __libc_initial ((_Bool) 1)
#endif
#endif /* _LIBC_INTERNAL */
"fgets called with bigger size than length of "
"destination buffer")
{
- size_t sz = __glibc_objsize (__s);
- if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz))
+ size_t __sz = __glibc_objsize (__s);
+ if (__glibc_safe_or_unknown_len (__n, sizeof (char), __sz))
return __fgets_alias (__s, __n, __stream);
#if !__fortify_use_clang
- if (__glibc_unsafe_len (__n, sizeof (char), sz))
- return __fgets_chk_warn (__s, sz, __n, __stream);
+ if (__glibc_unsafe_len (__n, sizeof (char), __sz))
+ return __fgets_chk_warn (__s, __sz, __n, __stream);
#endif
- return __fgets_chk (__s, sz, __n, __stream);
+ return __fgets_chk (__s, __sz, __n, __stream);
}
__fortify_function __wur __nonnull ((4)) __attribute_overloadable__ size_t
"fread called with bigger size * n than length "
"of destination buffer")
{
- size_t sz = __glibc_objsize0 (__ptr);
- if (__glibc_safe_or_unknown_len (__n, __size, sz))
+ size_t __sz = __glibc_objsize0 (__ptr);
+ if (__glibc_safe_or_unknown_len (__n, __size, __sz))
return __fread_alias (__ptr, __size, __n, __stream);
#if !__fortify_use_clang
- if (__glibc_unsafe_len (__n, __size, sz))
- return __fread_chk_warn (__ptr, sz, __size, __n, __stream);
+ if (__glibc_unsafe_len (__n, __size, __sz))
+ return __fread_chk_warn (__ptr, __sz, __size, __n, __stream);
#endif
- return __fread_chk (__ptr, sz, __size, __n, __stream);
+ return __fread_chk (__ptr, __sz, __size, __n, __stream);
}
#ifdef __USE_GNU
"fgets called with bigger size than length of "
"destination buffer")
{
- size_t sz = __glibc_objsize (__s);
- if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz))
+ size_t __sz = __glibc_objsize (__s);
+ if (__glibc_safe_or_unknown_len (__n, sizeof (char), __sz))
return __fgets_unlocked_alias (__s, __n, __stream);
#if !__fortify_use_clang
- if (__glibc_unsafe_len (__n, sizeof (char), sz))
- return __fgets_unlocked_chk_warn (__s, sz, __n, __stream);
+ if (__glibc_unsafe_len (__n, sizeof (char), __sz))
+ return __fgets_unlocked_chk_warn (__s, __sz, __n, __stream);
#endif
- return __fgets_unlocked_chk (__s, sz, __n, __stream);
+ return __fgets_unlocked_chk (__s, __sz, __n, __stream);
}
#endif
"fread_unlocked called with bigger size * n than "
"length of destination buffer")
{
- size_t sz = __glibc_objsize0 (__ptr);
- if (__glibc_safe_or_unknown_len (__n, __size, sz))
+ size_t __sz = __glibc_objsize0 (__ptr);
+ if (__glibc_safe_or_unknown_len (__n, __size, __sz))
{
# ifdef __USE_EXTERN_INLINES
if (__builtin_constant_p (__size)
return __fread_unlocked_alias (__ptr, __size, __n, __stream);
}
# if !__fortify_use_clang
- if (__glibc_unsafe_len (__n, __size, sz))
- return __fread_unlocked_chk_warn (__ptr, sz, __size, __n, __stream);
+ if (__glibc_unsafe_len (__n, __size, __sz))
+ return __fread_unlocked_chk_warn (__ptr, __sz, __size, __n, __stream);
# endif
- return __fread_unlocked_chk (__ptr, sz, __size, __n, __stream);
+ return __fread_unlocked_chk (__ptr, __sz, __size, __n, __stream);
}
#endif
mallocbug \
tst-aligned-alloc \
tst-aligned-alloc-random \
+ tst-aligned-alloc-random-thread \
+ tst-aligned-alloc-random-thread-cross \
tst-alloc_buffer \
tst-calloc \
tst-free-errno \
# the tests expect specific internal behavior that is changed due to linking to
# libmcheck.a.
tests-exclude-mcheck = \
+ tst-aligned-alloc-random-thread \
+ tst-aligned-alloc-random-thread-cross \
tst-compathooks-off \
tst-compathooks-on \
tst-malloc-backtrace \
$(objpfx)tst-mallocstate-malloc-check: $(objpfx)libc_malloc_debug.so
$(objpfx)tst-aligned-alloc-random.out: $(objpfx)tst-aligned_alloc-lib.so
+$(objpfx)tst-aligned-alloc-random-thread.out: $(objpfx)tst-aligned_alloc-lib.so
+$(objpfx)tst-aligned-alloc-random-thread-cross.out: $(objpfx)tst-aligned_alloc-lib.so
$(objpfx)tst-malloc-random.out: $(objpfx)tst-aligned_alloc-lib.so
tst-aligned-alloc-random-ENV = LD_PRELOAD=$(objpfx)tst-aligned_alloc-lib.so
+tst-aligned-alloc-random-thread-ENV = LD_PRELOAD=$(objpfx)tst-aligned_alloc-lib.so
+tst-aligned-alloc-random-thread-cross-ENV = LD_PRELOAD=$(objpfx)tst-aligned_alloc-lib.so
tst-malloc-random-ENV = LD_PRELOAD=$(objpfx)tst-aligned_alloc-lib.so
--- /dev/null
+/* multi-threaded memory allocation and cross-thread deallocation test.
+ Copyright (C) 2024 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public License as
+ published by the Free Software Foundation; either version 2.1 of the
+ License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; see the file COPYING.LIB. If
+ not, see <https://www.gnu.org/licenses/>. */
+#define CROSS_THREAD_DEALLOC
+#include "tst-aligned-alloc-random-thread.c"
--- /dev/null
+/* multi-threaded memory allocation/deallocation test.
+ Copyright (C) 2024 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public License as
+ published by the Free Software Foundation; either version 2.1 of the
+ License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; see the file COPYING.LIB. If
+ not, see <https://www.gnu.org/licenses/>. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <support/check.h>
+#include <support/support.h>
+#include <support/xthread.h>
+#include <support/test-driver.h>
+#include <sys/sysinfo.h>
+#include <unistd.h>
+
+#ifndef ITERATIONS
+# define ITERATIONS 16
+#endif
+
+#ifndef NUM_THREADS
+# define NUM_THREADS 8
+#endif
+
+#ifndef NUM_ALLOCATIONS
+# define NUM_ALLOCATIONS 2048
+#endif
+
+static pthread_barrier_t barrier;
+
+__thread unsigned int seed;
+
+typedef struct
+{
+ int id;
+ pthread_t thread;
+} thread;
+
+thread threads[NUM_THREADS];
+
+void *allocations[NUM_THREADS][NUM_ALLOCATIONS];
+
+void
+run_thread_dealloc (int id)
+{
+ for (int i = 0; i < NUM_ALLOCATIONS; i++)
+ {
+ free (allocations[id][i]);
+ allocations[id][i] = NULL;
+ }
+}
+
+void
+run_thread_alloc (int id)
+{
+ size_t msb, size;
+ for (int i = 0; i < NUM_ALLOCATIONS; i++)
+ {
+ msb = 1 << rand_r (&seed) % 16;
+ size = msb + rand_r (&seed) % msb;
+ allocations[id][i] = malloc (size);
+ TEST_VERIFY_EXIT (allocations[id][i] != NULL);
+ }
+}
+
+void *
+run_allocations (void *arg)
+{
+ int id = *((int *) arg);
+ seed = time (NULL) + id;
+
+ /* Stage 1: First half o the threads allocating memory and the second
+ * half waiting for them to finish
+ */
+ if (id < NUM_THREADS / 2)
+ run_thread_alloc (id);
+
+ xpthread_barrier_wait (&barrier);
+
+ /* Stage 2: Half of the threads allocationg memory and the other
+ * half deallocating:
+ * - In the non cross-thread dealloc scenario the first half will be
+ * deallocating the memory allocated by themselves in stage 1 and the
+ * second half will be allocating memory.
+ * - In the cross-thread dealloc scenario the first half will continue
+ * to allocate memory and the second half will deallocate the memory
+ * allocated by the first half in stage 1.
+ */
+ if (id < NUM_THREADS / 2)
+#ifndef CROSS_THREAD_DEALLOC
+ run_thread_dealloc (id);
+#else
+ run_thread_alloc (id + NUM_THREADS / 2);
+#endif
+ else
+#ifndef CROSS_THREAD_DEALLOC
+ run_thread_alloc (id);
+#else
+ run_thread_dealloc (id - NUM_THREADS / 2);
+#endif
+
+ xpthread_barrier_wait (&barrier);
+
+ // Stage 3: Second half of the threads deallocating and the first half
+ // waiting for them to finish.
+ if (id >= NUM_THREADS / 2)
+ run_thread_dealloc (id);
+
+ return NULL;
+}
+
+static int
+do_test (void)
+{
+ xpthread_barrier_init (&barrier, NULL, NUM_THREADS);
+
+ for (int i = 0; i < ITERATIONS; i++)
+ {
+ for (int t = 0; t < NUM_THREADS; t++)
+ {
+ threads[t].id = t;
+ threads[t].thread
+ = xpthread_create (NULL, run_allocations, &threads[t].id);
+ }
+
+ for (int t = 0; t < NUM_THREADS; t++)
+ xpthread_join (threads[t].thread);
+ }
+
+ return 0;
+}
+
+#include <support/test-driver.c>
License along with the GNU C Library; see the file COPYING.LIB. If
not, see <https://www.gnu.org/licenses/>. */
-#include <array_length.h>
#include <libc-symbols.h>
#include <stdlib.h>
+#include <time.h>
extern void *__libc_malloc (size_t size);
extern void *__libc_calloc (size_t n, size_t size);
+__thread unsigned int seed = 0;
+
int aligned_alloc_count = 0;
int libc_malloc_count = 0;
int libc_calloc_count = 0;
-/* Get a random alignment value. Biased towards the smaller values. Must be
- a power of 2. */
-static size_t get_random_alignment (void)
-{
- size_t aligns[] = {
- 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384
- };
-
- return aligns[random () % array_length (aligns)];
-}
-
-static void *get_random_alloc (size_t size)
+static void *
+get_random_alloc (size_t size)
{
void *retval;
size_t align;
+ struct timespec tp;
+
+ if (seed == 0)
+ {
+ clock_gettime (CLOCK_REALTIME, &tp);
+ seed = tp.tv_nsec;
+ }
- switch (random() % 3)
- {
+ switch (rand_r (&seed) % 3)
+ {
case 1:
- align = get_random_alignment ();
+ /* Get a random alignment value. Biased towards the smaller
+ * values up to 16384. Must be a power of 2. */
+ align = 1 << rand_r (&seed) % 15;
retval = aligned_alloc (align, size);
aligned_alloc_count++;
break;
retval = __libc_malloc (size);
libc_malloc_count++;
break;
- }
+ }
return retval;
}
-
-void * __random_malloc (size_t size)
+void *
+__random_malloc (size_t size)
{
return get_random_alloc (size);
}
tst-mntent-blank-passno \
tst-mntent-escape \
tst-mntent2 \
+ tst-mremap1 \
+ tst-mremap2 \
tst-preadvwritev \
tst-preadvwritev2 \
tst-preadvwritev64 \
--- /dev/null
+/* Test mremap with MREMAP_MAYMOVE.
+ Copyright (C) 2024 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <errno.h>
+#include <sys/mman.h>
+#include <support/xstdlib.h>
+#include <support/xunistd.h>
+#include <support/check.h>
+#include <support/test-driver.h>
+
+static int
+do_test (void)
+{
+ size_t old_size = getpagesize ();
+ char *old_addr = xmmap (NULL, old_size, PROT_READ | PROT_WRITE,
+ MAP_PRIVATE | MAP_ANONYMOUS, -1);
+ old_addr[0] = 1;
+ old_addr[old_size - 1] = 2;
+
+ /* Test MREMAP_MAYMOVE. */
+ size_t new_size = old_size + old_size;
+ char *new_addr = mremap (old_addr, old_size, new_size, MREMAP_MAYMOVE);
+ TEST_VERIFY_EXIT (new_addr != MAP_FAILED);
+ new_addr[0] = 1;
+ new_addr[new_size - 1] = 2;
+ xmunmap (new_addr, new_size);
+
+ return 0;
+}
+
+#include <support/test-driver.c>
--- /dev/null
+/* Test mremap with MREMAP_FIXED.
+ Copyright (C) 2024 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <errno.h>
+#include <sys/mman.h>
+#include <support/xstdlib.h>
+#include <support/xunistd.h>
+#include <support/test-driver.h>
+#include <mremap-failure.h>
+
+static int
+do_test (void)
+{
+ size_t old_size = getpagesize ();
+ size_t new_size = old_size + old_size;
+ char *old_addr = xmmap (NULL, old_size, PROT_READ | PROT_WRITE,
+ MAP_PRIVATE | MAP_ANONYMOUS, -1);
+ old_addr[0] = 1;
+ old_addr[old_size - 1] = 2;
+
+ char *fixed_addr = xmmap (NULL, new_size, PROT_READ | PROT_WRITE,
+ MAP_PRIVATE | MAP_ANONYMOUS, -1);
+ fixed_addr[0] = 1;
+ fixed_addr[new_size - 1] = 2;
+
+ /* Test MREMAP_FIXED. */
+ char *new_addr = mremap (old_addr, old_size, new_size,
+ MREMAP_FIXED | MREMAP_MAYMOVE,
+ fixed_addr);
+ if (new_addr == MAP_FAILED)
+ return mremap_failure_exit (errno);
+ new_addr[0] = 1;
+ new_addr[new_size - 1] = 2;
+ xmunmap (new_addr, new_size);
+
+ return 0;
+}
+
+#include <support/test-driver.c>
tst-resolv-nondecimal \
tst-resolv-res_init-multi \
tst-resolv-search \
+ tst-resolv-semi-failure \
+ tst-resolv-short-response \
tst-resolv-trailing \
# This test calls __res_context_send directly, which is not exported
$(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library)
$(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library)
$(objpfx)tst-resolv-search: $(objpfx)libresolv.so $(shared-thread-library)
+$(objpfx)tst-resolv-semi-failure: $(objpfx)libresolv.so \
+ $(shared-thread-library)
+$(objpfx)tst-resolv-short-response: $(objpfx)libresolv.so \
+ $(shared-thread-library)
$(objpfx)tst-resolv-trailing: $(objpfx)libresolv.so $(shared-thread-library)
$(objpfx)tst-resolv-threads: $(objpfx)libresolv.so $(shared-thread-library)
$(objpfx)tst-resolv-txnid-collision: $(objpfx)libresolv.a \
}
/* Check for the correct header layout and a matching
- question. */
+ question. Some recursive resolvers send REFUSED
+ without copying back the question section
+ (producing a response that is only HFIXEDSZ bytes
+ long). Skip query matching in this case. */
+ bool thisansp_error = (anhp->rcode == SERVFAIL ||
+ anhp->rcode == NOTIMP ||
+ anhp->rcode == REFUSED);
+ bool skip_query_match = (*thisresplenp == HFIXEDSZ
+ && ntohs (anhp->qdcount) == 0
+ && thisansp_error);
int matching_query = 0; /* Default to no matching query. */
if (!recvresp1
&& anhp->id == hp->id
- && __libc_res_queriesmatch (buf, buf + buflen,
- *thisansp,
- *thisansp + *thisanssizp))
+ && (skip_query_match
+ || __libc_res_queriesmatch (buf, buf + buflen,
+ *thisansp,
+ *thisansp + *thisanssizp)))
matching_query = 1;
if (!recvresp2
&& anhp->id == hp2->id
- && __libc_res_queriesmatch (buf2, buf2 + buflen2,
- *thisansp,
- *thisansp + *thisanssizp))
+ && (skip_query_match
+ || __libc_res_queriesmatch (buf2, buf2 + buflen2,
+ *thisansp,
+ *thisansp + *thisanssizp)))
matching_query = 2;
if (matching_query == 0)
/* Spurious UDP packet. Drop it and continue
goto wait;
}
- if (anhp->rcode == SERVFAIL ||
- anhp->rcode == NOTIMP ||
- anhp->rcode == REFUSED) {
+ if (thisansp_error) {
next_ns:
if (recvresp1 || (buf2 != NULL && recvresp2)) {
*resplen2 = 0;
return resplen;
}
- if (buf2 != NULL)
+ if (buf2 != NULL && !single_request)
{
/* No data from the first reply. */
resplen = 0;
--- /dev/null
+/* Test parallel failure/success responses (bug 30081).
+ Copyright (C) 2024 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <resolv.h>
+#include <support/check.h>
+#include <support/resolv_test.h>
+#include <support/check_nss.h>
+
+/* The rcode in the initial response. */
+static volatile int rcode;
+
+/* Whether to fail the initial A query (!fail_aaaa) or the initial
+ AAAA query (fail_aaaa). */
+static volatile bool fail_aaaa;
+
+static void
+response (const struct resolv_response_context *ctx,
+ struct resolv_response_builder *b,
+ const char *qname, uint16_t qclass, uint16_t qtype)
+{
+ /* Handle the failing query. */
+ if ((fail_aaaa && qtype == T_AAAA) && ctx->server_index == 0)
+ {
+ struct resolv_response_flags flags = {.rcode = rcode};
+ resolv_response_init (b, flags);
+ return;
+ }
+
+ /* Otherwise produce a response. */
+ resolv_response_init (b, (struct resolv_response_flags) {});
+ resolv_response_add_question (b, qname, qclass, qtype);
+ resolv_response_section (b, ns_s_an);
+ resolv_response_open_record (b, qname, qclass, qtype, 0);
+ switch (qtype)
+ {
+ case T_A:
+ {
+ char ipv4[4] = {192, 0, 2, 17};
+ resolv_response_add_data (b, &ipv4, sizeof (ipv4));
+ }
+ break;
+ case T_AAAA:
+ {
+ char ipv6[16]
+ = {0x20, 0x01, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1};
+ resolv_response_add_data (b, &ipv6, sizeof (ipv6));
+ }
+ break;
+ default:
+ FAIL_EXIT1 ("unexpected TYPE%d query", qtype);
+ }
+ resolv_response_close_record (b);
+}
+
+static void
+check_one (void)
+{
+
+ /* The buggy 1-second query timeout results in 30 seconds of delay,
+ which triggers are test timeout failure. */
+ for (int i = 0; i < 30; ++i)
+ {
+ static const struct addrinfo hints =
+ {
+ .ai_family = AF_UNSPEC,
+ .ai_socktype = SOCK_STREAM,
+ };
+ struct addrinfo *ai;
+ int ret = getaddrinfo ("www.example", "80", &hints, &ai);
+ const char *expected;
+ if (ret == 0 && ai->ai_next != NULL)
+ expected = ("address: STREAM/TCP 192.0.2.17 80\n"
+ "address: STREAM/TCP 2001:db8::1 80\n");
+ else
+ /* Only one response because the AAAA lookup failure is
+ treated as an ignoreable error. */
+ expected = "address: STREAM/TCP 192.0.2.17 80\n";
+ check_addrinfo ("www.example", ai, ret, expected);
+ if (ret == 0)
+ freeaddrinfo (ai);
+ }
+}
+
+static int
+do_test (void)
+{
+ for (int do_single_lookup = 0; do_single_lookup < 2; ++do_single_lookup)
+ {
+ struct resolv_test *aux = resolv_test_start
+ ((struct resolv_redirect_config)
+ {
+ .response_callback = response,
+ });
+
+ if (do_single_lookup)
+ _res.options |= RES_SNGLKUP;
+
+ for (int do_fail_aaaa = 0; do_fail_aaaa < 2; ++do_fail_aaaa)
+ {
+ fail_aaaa = do_fail_aaaa;
+
+ rcode = 2; /* SERVFAIL. */
+ check_one ();
+
+ rcode = 4; /* NOTIMP. */
+ check_one ();
+
+ rcode = 5; /* REFUSED. */
+ check_one ();
+ }
+
+ resolv_test_end (aux);
+ }
+
+ return 0;
+}
+
+#include <support/test-driver.c>
--- /dev/null
+/* Test for spurious timeouts with short 12-byte responses (bug 31890).
+ Copyright (C) 2024 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <resolv.h>
+#include <support/check.h>
+#include <support/resolv_test.h>
+#include <support/check_nss.h>
+
+/* The rcode in the initial response. */
+static volatile int rcode;
+
+static void
+response (const struct resolv_response_context *ctx,
+ struct resolv_response_builder *b,
+ const char *qname, uint16_t qclass, uint16_t qtype)
+{
+ switch (ctx->server_index)
+ {
+ case 0:
+ /* First server times out. */
+ {
+ struct resolv_response_flags flags = {.rcode = rcode};
+ resolv_response_init (b, flags);
+ }
+ break;
+ case 1:
+ /* Second server sends reply. */
+ resolv_response_init (b, (struct resolv_response_flags) {});
+ resolv_response_add_question (b, qname, qclass, qtype);
+ resolv_response_section (b, ns_s_an);
+ resolv_response_open_record (b, qname, qclass, qtype, 0);
+ switch (qtype)
+ {
+ case T_A:
+ {
+ char ipv4[4] = {192, 0, 2, 17};
+ resolv_response_add_data (b, &ipv4, sizeof (ipv4));
+ }
+ break;
+ case T_AAAA:
+ {
+ char ipv6[16]
+ = {0x20, 0x01, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1};
+ resolv_response_add_data (b, &ipv6, sizeof (ipv6));
+ }
+ break;
+ default:
+ FAIL_EXIT1 ("unexpected TYPE%d query", qtype);
+ }
+ resolv_response_close_record (b);
+ break;
+ default:
+ FAIL_EXIT1 ("unexpected query to server %d", ctx->server_index);
+ }
+}
+
+static void
+check_one (void)
+{
+
+ /* The buggy 1-second query timeout results in 30 seconds of delay,
+ which triggers a test timeout failure. */
+ for (int i = 0; i < 10; ++i)
+ {
+ check_hostent ("www.example", gethostbyname ("www.example"),
+ "name: www.example\n"
+ "address: 192.0.2.17\n");
+ check_hostent ("www.example", gethostbyname2 ("www.example", AF_INET6),
+ "name: www.example\n"
+ "address: 2001:db8::1\n");
+ static const struct addrinfo hints =
+ {
+ .ai_family = AF_UNSPEC,
+ .ai_socktype = SOCK_STREAM,
+ };
+ struct addrinfo *ai;
+ int ret = getaddrinfo ("www.example", "80", &hints, &ai);
+ check_addrinfo ("www.example", ai, ret,
+ "address: STREAM/TCP 192.0.2.17 80\n"
+ "address: STREAM/TCP 2001:db8::1 80\n");
+ if (ret == 0)
+ freeaddrinfo (ai);
+ }
+}
+
+static int
+do_test (void)
+{
+ struct resolv_test *aux = resolv_test_start
+ ((struct resolv_redirect_config)
+ {
+ .response_callback = response,
+ });
+
+ _res.options |= RES_SNGLKUP;
+
+ rcode = 2; /* SERVFAIL. */
+ check_one ();
+
+ rcode = 4; /* NOTIMP. */
+ check_one ();
+
+ rcode = 5; /* REFUSED. */
+ check_one ();
+
+ resolv_test_end (aux);
+
+ return 0;
+}
+
+#include <support/test-driver.c>
"recv called with bigger length than "
"size of destination buffer")
{
- size_t sz = __glibc_objsize0 (__buf);
- if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz))
+ size_t __sz = __glibc_objsize0 (__buf);
+ if (__glibc_safe_or_unknown_len (__n, sizeof (char), __sz))
return __recv_alias (__fd, __buf, __n, __flags);
#if !__fortify_use_clang
- if (__glibc_unsafe_len (__n, sizeof (char), sz))
- return __recv_chk_warn (__fd, __buf, __n, sz, __flags);
+ if (__glibc_unsafe_len (__n, sizeof (char), __sz))
+ return __recv_chk_warn (__fd, __buf, __n, __sz, __flags);
#endif
- return __recv_chk (__fd, __buf, __n, sz, __flags);
+ return __recv_chk (__fd, __buf, __n, __sz, __flags);
}
extern ssize_t __recvfrom_chk (int __fd, void *__restrict __buf, size_t __n,
"recvfrom called with bigger length "
"than size of destination buffer")
{
- size_t sz = __glibc_objsize0 (__buf);
- if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz))
+ size_t __sz = __glibc_objsize0 (__buf);
+ if (__glibc_safe_or_unknown_len (__n, sizeof (char), __sz))
return __recvfrom_alias (__fd, __buf, __n, __flags, __addr, __addr_len);
#if !__fortify_use_clang
- if (__glibc_unsafe_len (__n, sizeof (char), sz))
- return __recvfrom_chk_warn (__fd, __buf, __n, sz, __flags, __addr,
+ if (__glibc_unsafe_len (__n, sizeof (char), __sz))
+ return __recvfrom_chk_warn (__fd, __buf, __n, __sz, __flags, __addr,
__addr_len);
#endif
- return __recvfrom_chk (__fd, __buf, __n, sz, __flags, __addr, __addr_len);
+ return __recvfrom_chk (__fd, __buf, __n, __sz, __flags, __addr, __addr_len);
}
"bytes long buffer")
#endif
{
- size_t sz = __glibc_objsize (__resolved);
+ size_t __sz = __glibc_objsize (__resolved);
- if (sz == (size_t) -1)
+ if (__sz == (size_t) -1)
return __realpath_alias (__name, __resolved);
#if !__fortify_use_clang && defined _LIBC_LIMITS_H_ && defined PATH_MAX
- if (__glibc_unsafe_len (PATH_MAX, sizeof (char), sz))
- return __realpath_chk_warn (__name, __resolved, sz);
+ if (__glibc_unsafe_len (PATH_MAX, sizeof (char), __sz))
+ return __realpath_chk_warn (__name, __resolved, __sz);
#endif
- return __realpath_chk (__name, __resolved, sz);
+ return __realpath_chk (__name, __resolved, __sz);
}
test-strncpy \
test-strndup \
test-strnlen \
+ test-strnlen-nonarray \
test-strpbrk \
test-strrchr \
test-strspn \
endif
# This test allocates a lot of memory and can run for a long time.
-xtests = tst-strcoll-overflow
+xtests += tst-strcoll-overflow
+
+# This test runs for a long time.
+xtests += test-strncmp-nonarray
# This test needs libdl.
ifeq (yes,$(build-shared))
#include <stdio.h>
#include <string.h>
#include <tls-internal.h>
-
+#include <libc-internal.h>
static const char *
translate (const char *str, locale_t loc)
return res;
}
+static char *
+unknown_error (locale_t loc)
+{
+ return (char *) translate ("Unknown error", loc);
+}
+
/* Return a string describing the errno code in ERRNUM. */
char *
char *err = (char *) __get_errlist (errnum);
if (__glibc_unlikely (err == NULL))
{
- struct tls_internal_t *tls_internal = __glibc_tls_internal ();
- free (tls_internal->strerror_l_buf);
- if (__asprintf (&tls_internal->strerror_l_buf, "%s%d",
- translate ("Unknown error ", loc), errnum) > 0)
- err = tls_internal->strerror_l_buf;
- else
+ if (__libc_initial)
{
- /* The memory was freed above. */
- tls_internal->strerror_l_buf = NULL;
- /* Provide a fallback translation. */
- err = (char *) translate ("Unknown error", loc);
+ struct tls_internal_t *tls_internal = __glibc_tls_internal ();
+ free (tls_internal->strerror_l_buf);
+ if (__asprintf (&tls_internal->strerror_l_buf, "%s%d",
+ translate ("Unknown error ", loc), errnum) > 0)
+ err = tls_internal->strerror_l_buf;
+ else
+ {
+ /* The memory was freed above. */
+ tls_internal->strerror_l_buf = NULL;
+ /* Provide a fallback translation. */
+ err = unknown_error (loc);
+ }
}
+ else
+ /* Secondary namespaces use a different malloc, so cannot
+ participate in the buffer management. */
+ err = unknown_error (loc);
}
else
err = (char *) translate (err, loc);
#include <string.h>
#include <libintl.h>
#include <tls-internal.h>
+#include <libc-internal.h>
/* Return a string describing the meaning of the signal number SIGNUM. */
char *
if (desc != NULL)
return _(desc);
- struct tls_internal_t *tls_internal = __glibc_tls_internal ();
- free (tls_internal->strsignal_buf);
+ if (__libc_initial)
+ {
+ struct tls_internal_t *tls_internal = __glibc_tls_internal ();
+ free (tls_internal->strsignal_buf);
- int r;
+ int r;
#ifdef SIGRTMIN
- if (signum >= SIGRTMIN && signum <= SIGRTMAX)
- r = __asprintf (&tls_internal->strsignal_buf, _("Real-time signal %d"),
- signum - SIGRTMIN);
- else
+ if (signum >= SIGRTMIN && signum <= SIGRTMAX)
+ r = __asprintf (&tls_internal->strsignal_buf, _("Real-time signal %d"),
+ signum - SIGRTMIN);
+ else
#endif
- r = __asprintf (&tls_internal->strsignal_buf, _("Unknown signal %d"),
- signum);
-
- if (r == -1)
- tls_internal->strsignal_buf = NULL;
-
- return tls_internal->strsignal_buf;
+ r = __asprintf (&tls_internal->strsignal_buf, _("Unknown signal %d"),
+ signum);
+
+ if (r >= 0)
+ return tls_internal->strsignal_buf;
+ else
+ tls_internal->strsignal_buf = NULL;
+ }
+ /* Fall through on asprintf error, and for !__libc_initial:
+ secondary namespaces use a different malloc and cannot
+ participate in the buffer management. */
+ return _("Unknown signal");
}
--- /dev/null
+/* Test non-array inputs to string comparison functions.
+ Copyright (C) 2024 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+/* This skeleton file is included from string/test-strncmp-nonarray.c and
+ wcsmbs/test-wcsncmp-nonarray.c to test that reading of the arrays stops
+ at the first null character.
+
+ TEST_IDENTIFIER must be the test function identifier. TEST_NAME is
+ the same as a string.
+
+ CHAR must be defined as the character type. */
+
+#include <array_length.h>
+#include <string.h>
+#include <support/check.h>
+#include <support/next_to_fault.h>
+#include <support/test-driver.h>
+#include <sys/param.h>
+#include <unistd.h>
+
+/* Much shorter than test-Xnlen-nonarray.c because of deeply nested loops. */
+enum { buffer_length = 80 };
+
+/* The test buffer layout follows what is described test-Xnlen-nonarray.c,
+ except that there two buffers, left and right. The variables
+ a_count, zero_count, start_offset are all duplicated. */
+
+/* Return the maximum string length for a string that starts at
+ start_offset. */
+static int
+string_length (int a_count, int start_offset)
+{
+ if (start_offset == buffer_length || start_offset >= a_count)
+ return 0;
+ else
+ return a_count - start_offset;
+}
+
+/* This is the valid maximum length argument computation for
+ strnlen/wcsnlen. See text-Xnlen-nonarray.c. */
+static int
+maximum_length (int start_offset, int zero_count)
+{
+ if (start_offset == buffer_length)
+ return 0;
+ else if (zero_count > 0)
+ /* Effectively unbounded, but we need to stop fairly low,
+ otherwise testing takes too long. */
+ return buffer_length + 32;
+ else
+ return buffer_length - start_offset;
+}
+
+typedef __typeof (TEST_IDENTIFIER) *proto_t;
+
+#define TEST_MAIN
+#include "test-string.h"
+
+IMPL (TEST_IDENTIFIER, 1)
+
+static int
+test_main (void)
+{
+ TEST_VERIFY_EXIT (sysconf (_SC_PAGESIZE) >= buffer_length);
+ test_init ();
+
+ struct support_next_to_fault left_ntf
+ = support_next_to_fault_allocate (buffer_length * sizeof (CHAR));
+ CHAR *left_buffer = (CHAR *) left_ntf.buffer;
+ struct support_next_to_fault right_ntf
+ = support_next_to_fault_allocate (buffer_length * sizeof (CHAR));
+ CHAR *right_buffer = (CHAR *) right_ntf.buffer;
+
+ FOR_EACH_IMPL (impl, 0)
+ {
+ printf ("info: testing %s\n", impl->name);
+ for (size_t i = 0; i < buffer_length; ++i)
+ left_buffer[i] = 'A';
+
+ for (int left_zero_count = 0; left_zero_count <= buffer_length;
+ ++left_zero_count)
+ {
+ if (left_zero_count > 0)
+ left_buffer[buffer_length - left_zero_count] = 0;
+ int left_a_count = buffer_length - left_zero_count;
+ for (size_t i = 0; i < buffer_length; ++i)
+ right_buffer[i] = 'A';
+ for (int right_zero_count = 0; right_zero_count <= buffer_length;
+ ++right_zero_count)
+ {
+ if (right_zero_count > 0)
+ right_buffer[buffer_length - right_zero_count] = 0;
+ int right_a_count = buffer_length - right_zero_count;
+ for (int left_start_offset = 0;
+ left_start_offset <= buffer_length;
+ ++left_start_offset)
+ {
+ CHAR *left_start_pointer = left_buffer + left_start_offset;
+ int left_maxlen
+ = maximum_length (left_start_offset, left_zero_count);
+ int left_length
+ = string_length (left_a_count, left_start_offset);
+ for (int right_start_offset = 0;
+ right_start_offset <= buffer_length;
+ ++right_start_offset)
+ {
+ CHAR *right_start_pointer
+ = right_buffer + right_start_offset;
+ int right_maxlen
+ = maximum_length (right_start_offset, right_zero_count);
+ int right_length
+ = string_length (right_a_count, right_start_offset);
+
+ /* Maximum length is modelled after strnlen/wcsnlen,
+ and must be valid for both pointer arguments at
+ the same time. */
+ int maxlen = MIN (left_maxlen, right_maxlen);
+
+ for (int length_argument = 0; length_argument <= maxlen;
+ ++length_argument)
+ {
+ if (test_verbose)
+ {
+ printf ("left: zero_count=%d"
+ " a_count=%d start_offset=%d\n",
+ left_zero_count, left_a_count,
+ left_start_offset);
+ printf ("right: zero_count=%d"
+ " a_count=%d start_offset=%d\n",
+ right_zero_count, right_a_count,
+ right_start_offset);
+ printf ("length argument: %d\n",
+ length_argument);
+ }
+
+ /* Effective lengths bounded by length argument.
+ The effective length determines the
+ outcome of the comparison. */
+ int left_effective
+ = MIN (left_length, length_argument);
+ int right_effective
+ = MIN (right_length, length_argument);
+ if (left_effective == right_effective)
+ TEST_COMPARE (CALL (impl,
+ left_start_pointer,
+ right_start_pointer,
+ length_argument), 0);
+ else if (left_effective < right_effective)
+ TEST_COMPARE (CALL (impl,
+ left_start_pointer,
+ right_start_pointer,
+ length_argument) < 0, 1);
+ else
+ TEST_COMPARE (CALL (impl,
+ left_start_pointer,
+ right_start_pointer,
+ length_argument) > 0, 1);
+ }
+ }
+ }
+ }
+ }
+ }
+
+ return 0;
+}
+
+#include <support/test-driver.c>
--- /dev/null
+/* Test non-array inputs to string length functions.
+ Copyright (C) 2024 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+/* This skeleton file is included from string/test-strnlen-nonarray.c
+ and wcsmbs/test-wcsnlen-nonarray.c to test that reading of the array
+ stops at the first null character.
+
+ TEST_IDENTIFIER must be the test function identifier. TEST_NAME is
+ the same as a string.
+
+ CHAR must be defined as the character type. */
+
+#include <array_length.h>
+#include <string.h>
+#include <support/check.h>
+#include <support/next_to_fault.h>
+#include <support/test-driver.h>
+#include <sys/param.h>
+#include <unistd.h>
+
+typedef __typeof (TEST_IDENTIFIER) *proto_t;
+
+#define TEST_MAIN
+#include "test-string.h"
+
+IMPL (TEST_IDENTIFIER, 1)
+
+static int
+test_main (void)
+{
+ enum { buffer_length = 256 };
+ TEST_VERIFY_EXIT (sysconf (_SC_PAGESIZE) >= buffer_length);
+
+ test_init ();
+
+ /* Buffer layout: There are a_count 'A' character followed by
+ zero_count null character, for a total of buffer_length
+ character:
+
+ AAAAA...AAAAA 00000 ... 00000 (unmapped page follows)
+ \ / \ /
+ (a_count) (zero_count)
+ \___ (buffer_length) ___/
+ ^
+ |
+ start_offset
+
+ The buffer length does not change, but a_count (and thus _zero)
+ and start_offset vary.
+
+ If start_offset == buffer_length, only 0 is a valid length
+ argument. The result is 0.
+
+ Otherwwise, if zero_count > 0 (if there a null characters in the
+ buffer), then any length argument is valid. If start_offset <
+ a_count (i.e., there is a non-null character at start_offset), the
+ result is the minimum of a_count - start_offset and the length
+ argument. Otherwise the result is 0.
+
+ Otherwise, there are no null characters before the unmapped page.
+ The length argument must not be greater than buffer_length -
+ start_offset, and the result is the length argument. */
+
+ struct support_next_to_fault ntf
+ = support_next_to_fault_allocate (buffer_length * sizeof (CHAR));
+ CHAR *buffer = (CHAR *) ntf.buffer;
+
+ FOR_EACH_IMPL (impl, 0)
+ {
+ printf ("info: testing %s\n", impl->name);
+ for (size_t i = 0; i < buffer_length; ++i)
+ buffer[i] = 'A';
+
+ for (int zero_count = 0; zero_count <= buffer_length; ++zero_count)
+ {
+ if (zero_count > 0)
+ buffer[buffer_length - zero_count] = 0;
+ int a_count = buffer_length - zero_count;
+ for (int start_offset = 0; start_offset <= buffer_length;
+ ++start_offset)
+ {
+ CHAR *start_pointer = buffer + start_offset;
+ if (start_offset == buffer_length)
+ TEST_COMPARE (CALL (impl, buffer + start_offset, 0), 0);
+ else if (zero_count > 0)
+ for (int length_argument = 0;
+ length_argument <= 2 * buffer_length;
+ ++length_argument)
+ {
+ if (test_verbose)
+ printf ("zero_count=%d a_count=%d start_offset=%d"
+ " length_argument=%d\n",
+ zero_count, a_count, start_offset,
+ length_argument);
+ if (start_offset < a_count)
+ TEST_COMPARE (CALL (impl, start_pointer, length_argument),
+ MIN (a_count - start_offset,
+ length_argument));
+ else
+ TEST_COMPARE (CALL (impl, start_pointer, length_argument),
+ 0);
+ }
+ else
+ for (int length_argument = 0;
+ length_argument <= buffer_length - start_offset;
+ ++length_argument)
+ TEST_COMPARE (CALL (impl, start_pointer, length_argument),
+ length_argument);
+ }
+ }
+ }
+
+ support_next_to_fault_free (&ntf);
+
+ return 0;
+}
+
+#include <support/test-driver.c>
check_result (impl, s, c, exp_result);
}
+static void
+check2 (void)
+{
+ CHAR *s = (CHAR *) (buf1 + getpagesize () - 4 * sizeof (CHAR));
+ CHAR *s_begin = (CHAR *) (buf1 + getpagesize () - 64);
+#ifndef USE_FOR_STRCHRNUL
+ CHAR *exp_result = NULL;
+#else
+ CHAR *exp_result = s + 1;
+#endif
+ CHAR val = 0x12;
+ for (; s_begin != s; ++s_begin)
+ *s_begin = val;
+
+ s[0] = val + 1;
+ s[1] = 0;
+ s[2] = val + 1;
+ s[3] = val + 1;
+
+ {
+ FOR_EACH_IMPL (impl, 0)
+ check_result (impl, s, val, exp_result);
+ }
+ s[3] = val;
+ {
+ FOR_EACH_IMPL (impl, 0)
+ check_result (impl, s, val, exp_result);
+ }
+ exp_result = s;
+ s[0] = val;
+ {
+ FOR_EACH_IMPL (impl, 0)
+ check_result (impl, s, val, exp_result);
+ }
+
+ s[3] = val + 1;
+ {
+ FOR_EACH_IMPL (impl, 0)
+ check_result (impl, s, val, exp_result);
+ }
+
+ s[0] = val + 1;
+ s[1] = val + 1;
+ s[2] = val + 1;
+ s[3] = val + 1;
+ s[4] = val;
+ exp_result = s + 4;
+ {
+ FOR_EACH_IMPL (impl, 0)
+ check_result (impl, s, val, exp_result);
+ }
+ s[4] = 0;
+#ifndef USE_FOR_STRCHRNUL
+ exp_result = NULL;
+#else
+ exp_result = s + 4;
+#endif
+ {
+ FOR_EACH_IMPL (impl, 0)
+ check_result (impl, s, val, exp_result);
+ }
+}
+
int
test_main (void)
{
test_init ();
check1 ();
-
+ check2 ();
printf ("%20s", "");
FOR_EACH_IMPL (impl, 0)
printf ("\t%s", impl->name);
--- /dev/null
+#define TEST_IDENTIFIER strncmp
+#define TEST_NAME "strncmp"
+typedef char CHAR;
+#include "test-Xncmp-nonarray.c"
--- /dev/null
+#define TEST_IDENTIFIER strnlen
+#define TEST_NAME "strnlen"
+typedef char CHAR;
+#include "test-Xnlen-nonarray.c"
{
CMDLINE_OPTIONS
TEST_DEFAULT_OPTIONS
+ { 0, }
};
test_config.options = &options;
#endif
--- /dev/null
+/* mremap failure handling. Generic version.
+ Copyright (C) 2024 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+/* Return exit value on mremap failure with errno ERR. */
+
+static int
+mremap_failure_exit (int err)
+{
+ return EXIT_FAILURE;
+}
tst-getauxval \
tst-gettid \
tst-gettid-kill \
+ tst-linux-mremap1 \
tst-memfd_create \
tst-misalign-clone \
tst-mlock2 \
--- /dev/null
+/* mremap failure handling. Linux version.
+ Copyright (C) 2024 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <support/check.h>
+
+/* Return exit value on mremap failure with errno ERR. */
+
+static int
+mremap_failure_exit (int err)
+{
+ if (err != EINVAL)
+ return EXIT_FAILURE;
+
+ return EXIT_UNSUPPORTED;
+}
#include <sysdep.h>
#include <stdarg.h>
#include <stddef.h>
+#include <errno.h>
+
+#define MREMAP_KNOWN_BITS \
+ (MREMAP_MAYMOVE \
+ | MREMAP_FIXED \
+ | MREMAP_DONTUNMAP)
void *
__mremap (void *addr, size_t old_len, size_t new_len, int flags, ...)
va_list va;
void *new_addr = NULL;
- if (flags & MREMAP_FIXED)
+ if (flags & ~(MREMAP_KNOWN_BITS))
+ {
+ __set_errno (EINVAL);
+ return MAP_FAILED;
+ }
+
+ if (flags & (MREMAP_FIXED | MREMAP_DONTUNMAP))
{
va_start (va, flags);
new_addr = va_arg (va, void *);
--- /dev/null
+/* Test mremap with MREMAP_DONTUNMAP.
+ Copyright (C) 2024 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <errno.h>
+#include <sys/mman.h>
+#include <support/xstdlib.h>
+#include <support/xunistd.h>
+#include <support/check.h>
+#include <support/test-driver.h>
+#include <mremap-failure.h>
+
+static int
+do_test (void)
+{
+ size_t old_size = getpagesize ();
+ size_t new_size = old_size;
+ char *old_addr = xmmap (NULL, old_size, PROT_READ | PROT_WRITE,
+ MAP_PRIVATE | MAP_ANONYMOUS, -1);
+ old_addr[0] = 1;
+ old_addr[old_size - 1] = 2;
+
+ /* Create an available 64-page mmap region. */
+ size_t fixed_size = old_size * 64;
+ char *fixed_addr = xmmap (NULL, fixed_size, PROT_READ | PROT_WRITE,
+ MAP_PRIVATE | MAP_ANONYMOUS, -1);
+ xmunmap (fixed_addr, fixed_size);
+
+ /* Add 3 * pagesize. */
+ fixed_size += 3 * old_size;
+
+ /* Test MREMAP_DONTUNMAP. It should return FIXED_ADDR created above. */
+ char *new_addr = mremap (old_addr, old_size, new_size,
+ MREMAP_DONTUNMAP | MREMAP_MAYMOVE,
+ fixed_addr);
+ if (new_addr == MAP_FAILED)
+ return mremap_failure_exit (errno);
+ TEST_VERIFY_EXIT (fixed_addr == new_addr);
+ old_addr[0] = 3;
+ old_addr[old_size - 1] = 4;
+ new_addr[0] = 1;
+ new_addr[new_size - 1] = 2;
+ xmunmap (new_addr, new_size);
+ xmunmap (old_addr, old_size);
+
+ return 0;
+}
+
+#include <support/test-driver.c>
# Pass GL(dl_x86_feature_1) to _dl_cet_setup_features.\n\
movl %edx, %edi\n\
# Align stack for the _dl_cet_setup_features call.\n\
- andq $-16, %rsp\n\
+ and $-16, %" RSP_LP "\n\
call _dl_cet_setup_features\n\
# Restore %rax and %rsp from %r12 and %r13.\n\
- movq %r12, %rax\n\
- movq %r13, %rsp\n\
+ mov %" R12_LP ", %" RAX_LP "\n\
+ mov %" R13_LP ", %" RSP_LP "\n\
"
#define __NR_lsm_set_self_attr 1073742284
#define __NR_lstat 1073741830
#define __NR_madvise 1073741852
+#define __NR_map_shadow_stack 1073742277
#define __NR_mbind 1073742061
#define __NR_membarrier 1073742148
#define __NR_memfd_create 1073742143
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
+#ifndef __NR_map_shadow_stack
+# define __NR_map_shadow_stack 1073742277
+#endif
+
/* X32 uses the same 64-bit syscall interface for set_thread_area. */
#ifndef __NR_set_thread_area
# define __NR_set_thread_area 1073742029
CHECK_GLIBC_IFUNC_PREFERRED_BOTH (n, cpu_features,
Avoid_Non_Temporal_Memset, 25);
}
+ break;
case 26:
{
CHECK_GLIBC_IFUNC_PREFERRED_NEED_BOTH
.globl _start\n\
.globl _dl_start_user\n\
_start:\n\
- movq %rsp, %rdi\n\
+ mov %" RSP_LP ", %" RDI_LP "\n\
call _dl_start\n\
_dl_start_user:\n\
# Save the user entry point address in %r12.\n\
- movq %rax, %r12\n\
+ mov %" RAX_LP ", %" R12_LP "\n\
# Save %rsp value in %r13.\n\
- movq %rsp, %r13\n\
+ mov %" RSP_LP ", % " R13_LP "\n\
"\
RTLD_START_ENABLE_X86_FEATURES \
"\
# Read the original argument count.\n\
- movq (%rsp), %rdx\n\
+ mov (%rsp), %" RDX_LP "\n\
# Call _dl_init (struct link_map *main_map, int argc, char **argv, char **env)\n\
# argc -> rsi\n\
- movq %rdx, %rsi\n\
+ mov %" RDX_LP ", %" RSI_LP "\n\
# And align stack for the _dl_init call. \n\
- andq $-16, %rsp\n\
+ and $-16, %" RSP_LP "\n\
# _dl_loaded -> rdi\n\
- movq _rtld_local(%rip), %rdi\n\
+ mov _rtld_local(%rip), %" RDI_LP "\n\
# env -> rcx\n\
- leaq 16(%r13,%rdx,8), %rcx\n\
+ lea 2*" LP_SIZE "(%r13,%rdx," LP_SIZE "), %" RCX_LP "\n\
# argv -> rdx\n\
- leaq 8(%r13), %rdx\n\
+ lea " LP_SIZE "(%r13), %" RDX_LP "\n\
# Clear %rbp to mark outermost frame obviously even for constructors.\n\
xorl %ebp, %ebp\n\
# Call the function to run the initializers.\n\
call _dl_init\n\
# Pass our finalizer function to the user in %rdx, as per ELF ABI.\n\
- leaq _dl_fini(%rip), %rdx\n\
+ lea _dl_fini(%rip), %" RDX_LP "\n\
# And make sure %rsp points to argc stored on the stack.\n\
- movq %r13, %rsp\n\
+ mov %" R13_LP ", %" RSP_LP "\n\
# Jump to the user's entry point.\n\
jmp *%r12\n\
.previous\n\
/* Names of the architecture-specific auditing callback functions. */
+#ifdef __LP64__
#define ARCH_LA_PLTENTER x86_64_gnu_pltenter
#define ARCH_LA_PLTEXIT x86_64_gnu_pltexit
+#else
+#define ARCH_LA_PLTENTER x32_gnu_pltenter
+#define ARCH_LA_PLTEXIT x32_gnu_pltexit
+#endif
#endif /* !dl_machine_h */
VPCMPNE %VMM(1), %VMM(0), %k1
VPTEST %VMM(1), %VMM(1), %k0{%k1}
KMOV %k0, %VRAX
-# ifdef USE_AS_WCSCHR
+ sar %cl, %VRAX
+#ifdef USE_AS_WCSCHR
sub $VEC_MATCH_MASK, %VRAX
-# else
+#else
inc %VRAX
-# endif
+#endif
/* Ignore number of character for alignment adjustment. */
- shr %cl, %VRAX
jz L(align_more)
bsf %VRAX, %VRAX
+++ /dev/null
-/* Machine-dependent ELF dynamic relocation inline functions. x32 version.
- Copyright (C) 2012-2024 Free Software Foundation, Inc.
- This file is part of the GNU C Library.
-
- The GNU C Library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- The GNU C Library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with the GNU C Library; if not, see
- <https://www.gnu.org/licenses/>. */
-
-/* Must allow <sysdeps/x86_64/dl-machine.h> to be included more than once.
- See #ifdef RESOLVE_MAP in sysdeps/x86_64/dl-machine.h. */
-#include <sysdeps/x86_64/dl-machine.h>
-
-#ifndef _X32_DL_MACHINE_H
-#define _X32_DL_MACHINE_H
-
-#undef ARCH_LA_PLTENTER
-#undef ARCH_LA_PLTEXIT
-#undef RTLD_START
-
-/* Names of the architecture-specific auditing callback functions. */
-#define ARCH_LA_PLTENTER x32_gnu_pltenter
-#define ARCH_LA_PLTEXIT x32_gnu_pltexit
-
-/* Initial entry point code for the dynamic linker.
- The C function `_dl_start' is the real entry point;
- its return value is the user program's entry point. */
-#define RTLD_START asm ("\n\
-.text\n\
- .p2align 4\n\
-.globl _start\n\
-.globl _dl_start_user\n\
-_start:\n\
- movl %esp, %edi\n\
- call _dl_start\n\
-_dl_start_user:\n\
- # Save the user entry point address in %r12.\n\
- movl %eax, %r12d\n\
- # Read the original argument count.\n\
- movl (%rsp), %edx\n\
- # Call _dl_init (struct link_map *main_map, int argc, char **argv, char **env)\n\
- # argc -> rsi\n\
- movl %edx, %esi\n\
- # Save %rsp value in %r13.\n\
- movl %esp, %r13d\n\
- # And align stack for the _dl_init call.\n\
- and $-16, %esp\n\
- # _dl_loaded -> rdi\n\
- movl _rtld_local(%rip), %edi\n\
- # env -> rcx\n\
- lea 8(%r13,%rdx,4), %ecx\n\
- # argv -> rdx\n\
- lea 4(%r13), %edx\n\
- # Clear %rbp to mark outermost frame obviously even for constructors.\n\
- xorl %ebp, %ebp\n\
- # Call the function to run the initializers.\n\
- call _dl_init\n\
- # Pass our finalizer function to the user in %rdx, as per ELF ABI.\n\
- lea _dl_fini(%rip), %edx\n\
- # And make sure %rsp points to argc stored on the stack.\n\
- movl %r13d, %esp\n\
- # Jump to the user's entry point.\n\
- jmp *%r12\n\
-.previous\n\
-");
-
-#endif /* !_X32_DL_MACHINE_H */
test-wcsncmp \
test-wcsncpy \
test-wcsnlen \
+ test-wcsnlen-nonarray \
test-wcspbrk \
test-wcsrchr \
test-wcsspn \
wcsmbs-tst1 \
# tests
+# This test runs for a long time.
+xtests += test-wcsncmp-nonarray
+
+
include ../Rules
ifeq ($(run-built-tests),yes)
__NTH (wcscpy (__fortify_clang_overload_arg (wchar_t *, __restrict, __dest),
const wchar_t *__restrict __src))
{
- size_t sz = __glibc_objsize (__dest);
- if (sz != (size_t) -1)
- return __wcscpy_chk (__dest, __src, sz / sizeof (wchar_t));
+ size_t __sz = __glibc_objsize (__dest);
+ if (__sz != (size_t) -1)
+ return __wcscpy_chk (__dest, __src, __sz / sizeof (wchar_t));
return __wcscpy_alias (__dest, __src);
}
__NTH (wcpcpy (__fortify_clang_overload_arg (wchar_t *, __restrict, __dest),
const wchar_t *__restrict __src))
{
- size_t sz = __glibc_objsize (__dest);
- if (sz != (size_t) -1)
- return __wcpcpy_chk (__dest, __src, sz / sizeof (wchar_t));
+ size_t __sz = __glibc_objsize (__dest);
+ if (__sz != (size_t) -1)
+ return __wcpcpy_chk (__dest, __src, __sz / sizeof (wchar_t));
return __wcpcpy_alias (__dest, __src);
}
__NTH (wcscat (__fortify_clang_overload_arg (wchar_t *, __restrict, __dest),
const wchar_t *__restrict __src))
{
- size_t sz = __glibc_objsize (__dest);
- if (sz != (size_t) -1)
- return __wcscat_chk (__dest, __src, sz / sizeof (wchar_t));
+ size_t __sz = __glibc_objsize (__dest);
+ if (__sz != (size_t) -1)
+ return __wcscat_chk (__dest, __src, __sz / sizeof (wchar_t));
return __wcscat_alias (__dest, __src);
}
__NTH (wcsncat (__fortify_clang_overload_arg (wchar_t *, __restrict, __dest),
const wchar_t *__restrict __src, size_t __n))
{
- size_t sz = __glibc_objsize (__dest);
- if (sz != (size_t) -1)
- return __wcsncat_chk (__dest, __src, __n, sz / sizeof (wchar_t));
+ size_t __sz = __glibc_objsize (__dest);
+ if (__sz != (size_t) -1)
+ return __wcsncat_chk (__dest, __src, __n, __sz / sizeof (wchar_t));
return __wcsncat_alias (__dest, __src, __n);
}
__NTH (swprintf (wchar_t *__restrict __s, size_t __n,
const wchar_t *__restrict __fmt, ...))
{
- size_t sz = __glibc_objsize (__s);
- if (sz != (size_t) -1 || __USE_FORTIFY_LEVEL > 1)
+ size_t __sz = __glibc_objsize (__s);
+ if (__sz != (size_t) -1 || __USE_FORTIFY_LEVEL > 1)
return __swprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
- sz / sizeof (wchar_t), __fmt, __va_arg_pack ());
+ __sz / sizeof (wchar_t), __fmt, __va_arg_pack ());
return __swprintf_alias (__s, __n, __fmt, __va_arg_pack ());
}
#elif __fortify_use_clang
__NTH (vswprintf (wchar_t *__restrict __s, size_t __n,
const wchar_t *__restrict __fmt, __gnuc_va_list __ap))
{
- size_t sz = __glibc_objsize (__s);
- if (sz != (size_t) -1 || __USE_FORTIFY_LEVEL > 1)
+ size_t __sz = __glibc_objsize (__s);
+ if (__sz != (size_t) -1 || __USE_FORTIFY_LEVEL > 1)
return __vswprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
- sz / sizeof (wchar_t), __fmt, __ap);
+ __sz / sizeof (wchar_t), __fmt, __ap);
return __vswprintf_alias (__s, __n, __fmt, __ap);
}
"fgetws called with length bigger "
"than size of destination buffer")
{
- size_t sz = __glibc_objsize (__s);
- if (__glibc_safe_or_unknown_len (__n, sizeof (wchar_t), sz))
+ size_t __sz = __glibc_objsize (__s);
+ if (__glibc_safe_or_unknown_len (__n, sizeof (wchar_t), __sz))
return __fgetws_alias (__s, __n, __stream);
#if !__fortify_use_clang
- if (__glibc_unsafe_len (__n, sizeof (wchar_t), sz))
- return __fgetws_chk_warn (__s, sz / sizeof (wchar_t), __n, __stream);
+ if (__glibc_unsafe_len (__n, sizeof (wchar_t), __sz))
+ return __fgetws_chk_warn (__s, __sz / sizeof (wchar_t), __n, __stream);
#endif
- return __fgetws_chk (__s, sz / sizeof (wchar_t), __n, __stream);
+ return __fgetws_chk (__s, __sz / sizeof (wchar_t), __n, __stream);
}
#ifdef __USE_GNU
"fgetws_unlocked called with length bigger "
"than size of destination buffer")
{
- size_t sz = __glibc_objsize (__s);
- if (__glibc_safe_or_unknown_len (__n, sizeof (wchar_t), sz))
+ size_t __sz = __glibc_objsize (__s);
+ if (__glibc_safe_or_unknown_len (__n, sizeof (wchar_t), __sz))
return __fgetws_unlocked_alias (__s, __n, __stream);
# if !__fortify_use_clang
- if (__glibc_unsafe_len (__n, sizeof (wchar_t), sz))
- return __fgetws_unlocked_chk_warn (__s, sz / sizeof (wchar_t), __n,
+ if (__glibc_unsafe_len (__n, sizeof (wchar_t), __sz))
+ return __fgetws_unlocked_chk_warn (__s, __sz / sizeof (wchar_t), __n,
__stream);
# endif
- return __fgetws_unlocked_chk (__s, sz / sizeof (wchar_t), __n, __stream);
+ return __fgetws_unlocked_chk (__s, __sz / sizeof (wchar_t), __n, __stream);
}
#endif
--- /dev/null
+#include <wchar.h>
+#define TEST_IDENTIFIER wcsncmp
+#define TEST_NAME "wcsncmp"
+typedef wchar_t CHAR;
+#include "../string/test-Xncmp-nonarray.c"
--- /dev/null
+#include <wchar.h>
+#define TEST_IDENTIFIER wcsnlen
+#define TEST_NAME "wcsnlen"
+typedef wchar_t CHAR;
+#include "../string/test-Xnlen-nonarray.c"
projects / glibc.git / commitdiff