diff options
author | Leonhard Holz <leonhard.holz@web.de> | 2015-01-13 11:33:56 +0530 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2015-02-16 05:23:17 -0500 |
commit | f9e0f439b72e0b2fb035be1bc60aaceeed7f6ed0 (patch) | |
tree | 87ec52e7a403d4632387e7cd9c9d0fd340b7f1d2 /NEWS | |
parent | b0694b9e98ee64cb25490de0921ce307f3872749 (diff) | |
download | glibc-f9e0f439b72e0b2fb035be1bc60aaceeed7f6ed0.tar.gz |
Fix memory handling in strxfrm_l [BZ #16009]
[Modified from the original email by Siddhesh Poyarekar]
This patch solves bug #16009 by implementing an additional path in
strxfrm that does not depend on caching the weight and rule indices.
In detail the following changed:
* The old main loop was factored out of strxfrm_l into the function
do_xfrm_cached to be able to alternativly use the non-caching version
do_xfrm.
* strxfrm_l allocates a a fixed size array on the stack. If this is not
sufficiant to store the weight and rule indices, the non-caching path is
taken. As the cache size is not dependent on the input there can be no
problems with integer overflows or stack allocations greater than
__MAX_ALLOCA_CUTOFF. Note that malloc-ing is not possible because the
definition of strxfrm does not allow an oom errorhandling.
* The uncached path determines the weight and rule index for every char
and for every pass again.
* Passing all the locale data array by array resulted in very long
parameter lists, so I introduced a structure that holds them.
* Checking for zero src string has been moved a bit upwards, it is
before the locale data initialization now.
* To verify that the non-caching path works correct I added a test run
to localedata/sort-test.sh & localedata/xfrm-test.c where all strings
are patched up with spaces so that they are too large for the caching path.
(cherry picked from commit 0f9e585480edcdf1e30dc3d79e24b84aeee516fa)
Conflicts:
ChangeLog
NEWS
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -9,7 +9,7 @@ Version 2.20.1 * The following bugs are resolved with this release: - 16617, 17266, 17370, 17371, 17460, 17485, 17555, 17625, 17630. + 16009, 16617, 17266, 17370, 17371, 17460, 17485, 17555, 17625, 17630. * CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag under certain input conditions resulting in the execution of a shell for |