olga / rpms / glibc

Forked from rpms/glibc 5 years ago
Clone
Source Code
GIT

Blame SOURCES/glibc-rh1705899-6.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-armhfp c7-beta c8 c8-beta
  1.   0f053eb882044d50880446a88a8f40283f9c0d26
  2.   SOURCES
  3.   glibc-rh1705899-6.patch
Blob History Raw
0f053e 
commit 2d1c89a5d7c872a1109768f50e2508cf9a4b0348
0f053e 
Author: Florian Weimer <fweimer@redhat.com>
0f053e 
Date:   Wed Jun 20 09:45:19 2018 +0200
0f053e
0f053e 
    libio: Avoid ptrdiff_t overflow in IO_validate_vtable
0f053e
0f053e 
    If the candidate pointer is sufficiently far away from
0f053e 
    __start___libc_IO_vtables, the result might not fit into ptrdiff_t.
0f053e
0f053e 
diff --git a/libio/libioP.h b/libio/libioP.h
0f053e 
index b60244ac5fc3d908..f1576381500ffc85 100644
0f053e 
--- a/libio/libioP.h
0f053e 
+++ b/libio/libioP.h
0f053e 
@@ -957,8 +957,8 @@ IO_validate_vtable (const struct _IO_jump_t *vtable)
0f053e 
   /* Fast path: The vtable pointer is within the __libc_IO_vtables
0f053e 
      section.  */
0f053e 
   uintptr_t section_length = __stop___libc_IO_vtables - __start___libc_IO_vtables;
0f053e 
-  const char *ptr = (const char *) vtable;
0f053e 
-  uintptr_t offset = ptr - __start___libc_IO_vtables;
0f053e 
+  uintptr_t ptr = (uintptr_t) vtable;
0f053e 
+  uintptr_t offset = ptr - (uintptr_t) __start___libc_IO_vtables;
0f053e 
   if (__glibc_unlikely (offset >= section_length))
0f053e 
     /* The vtable pointer is not in the expected section.  Use the
0f053e 
        slow path, which will terminate the process if necessary.  */

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation