[OE-core] [PATCH 5/6] glibc: remove unused CVE patches
Robert Yang
liezhi.yang at windriver.com
Wed Apr 6 06:58:44 UTC 2016
They were CEVs and should be already in the source after upgraded.
Signed-off-by: Robert Yang <liezhi.yang at windriver.com>
---
meta/recipes-core/glibc/glibc/CVE-2015-8776.patch | 155 ---
meta/recipes-core/glibc/glibc/CVE-2015-8777.patch | 123 ---
meta/recipes-core/glibc/glibc/CVE-2015-8779.patch | 262 -----
.../recipes-core/glibc/glibc/CVE-2015-9761_1.patch | 1039 --------------------
.../recipes-core/glibc/glibc/CVE-2015-9761_2.patch | 385 --------
5 files changed, 1964 deletions(-)
delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-8776.patch
delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-8777.patch
delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-8779.patch
delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-8776.patch b/meta/recipes-core/glibc/glibc/CVE-2015-8776.patch
deleted file mode 100644
index 684f344..0000000
--- a/meta/recipes-core/glibc/glibc/CVE-2015-8776.patch
+++ /dev/null
@@ -1,155 +0,0 @@
-From d36c75fc0d44deec29635dd239b0fbd206ca49b7 Mon Sep 17 00:00:00 2001
-From: Paul Pluzhnikov <ppluzhnikov at google.com>
-Date: Sat, 26 Sep 2015 13:27:48 -0700
-Subject: [PATCH] Fix BZ #18985 -- out of range data to strftime() causes a
- segfault
-
-Upstream-Status: Backport
-CVE: CVE-2015-8776
-[Yocto # 8980]
-
-https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d36c75fc0d44deec29635dd239b0fbd206ca49b7
-
-Signed-off-by: Armin Kuster <akuster at mvista.com>
-
----
- ChangeLog | 8 ++++++++
- NEWS | 2 +-
- time/strftime_l.c | 20 +++++++++++++-------
- time/tst-strftime.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++-
- 4 files changed, 73 insertions(+), 9 deletions(-)
-
-Index: git/ChangeLog
-===================================================================
---- git.orig/ChangeLog
-+++ git/ChangeLog
-@@ -1,3 +1,11 @@
-+2015-09-26 Paul Pluzhnikov <ppluzhnikov at google.com>
-+
-+ [BZ #18985]
-+ * time/strftime_l.c (a_wkday, f_wkday, a_month, f_month): Range check.
-+ (__strftime_internal): Likewise.
-+ * time/tst-strftime.c (do_bz18985): New test.
-+ (do_test): Call it.
-+
- 2015-12-04 Joseph Myers <joseph at codesourcery.com>
-
- [BZ #16961]
-Index: git/time/strftime_l.c
-===================================================================
---- git.orig/time/strftime_l.c
-+++ git/time/strftime_l.c
-@@ -514,13 +514,17 @@ __strftime_internal (s, maxsize, format,
- only a few elements. Dereference the pointers only if the format
- requires this. Then it is ok to fail if the pointers are invalid. */
- # define a_wkday \
-- ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(ABDAY_1) + tp->tm_wday))
-+ ((const CHAR_T *) (tp->tm_wday < 0 || tp->tm_wday > 6 \
-+ ? "?" : _NL_CURRENT (LC_TIME, NLW(ABDAY_1) + tp->tm_wday)))
- # define f_wkday \
-- ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(DAY_1) + tp->tm_wday))
-+ ((const CHAR_T *) (tp->tm_wday < 0 || tp->tm_wday > 6 \
-+ ? "?" : _NL_CURRENT (LC_TIME, NLW(DAY_1) + tp->tm_wday)))
- # define a_month \
-- ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(ABMON_1) + tp->tm_mon))
-+ ((const CHAR_T *) (tp->tm_mon < 0 || tp->tm_mon > 11 \
-+ ? "?" : _NL_CURRENT (LC_TIME, NLW(ABMON_1) + tp->tm_mon)))
- # define f_month \
-- ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(MON_1) + tp->tm_mon))
-+ ((const CHAR_T *) (tp->tm_mon < 0 || tp->tm_mon > 11 \
-+ ? "?" : _NL_CURRENT (LC_TIME, NLW(MON_1) + tp->tm_mon)))
- # define ampm \
- ((const CHAR_T *) _NL_CURRENT (LC_TIME, tp->tm_hour > 11 \
- ? NLW(PM_STR) : NLW(AM_STR)))
-@@ -530,8 +534,10 @@ __strftime_internal (s, maxsize, format,
- # define ap_len STRLEN (ampm)
- #else
- # if !HAVE_STRFTIME
--# define f_wkday (weekday_name[tp->tm_wday])
--# define f_month (month_name[tp->tm_mon])
-+# define f_wkday (tp->tm_wday < 0 || tp->tm_wday > 6 \
-+ ? "?" : weekday_name[tp->tm_wday])
-+# define f_month (tp->tm_mon < 0 || tp->tm_mon > 11 \
-+ ? "?" : month_name[tp->tm_mon])
- # define a_wkday f_wkday
- # define a_month f_month
- # define ampm (L_("AMPM") + 2 * (tp->tm_hour > 11))
-@@ -1325,7 +1331,7 @@ __strftime_internal (s, maxsize, format,
- *tzset_called = true;
- }
- # endif
-- zone = tzname[tp->tm_isdst];
-+ zone = tp->tm_isdst <= 1 ? tzname[tp->tm_isdst] : "?";
- }
- #endif
- if (! zone)
-Index: git/time/tst-strftime.c
-===================================================================
---- git.orig/time/tst-strftime.c
-+++ git/time/tst-strftime.c
-@@ -4,6 +4,56 @@
- #include <time.h>
-
-
-+static int
-+do_bz18985 (void)
-+{
-+ char buf[1000];
-+ struct tm ttm;
-+ int rc, ret = 0;
-+
-+ memset (&ttm, 1, sizeof (ttm));
-+ ttm.tm_zone = NULL; /* Dereferenced directly if non-NULL. */
-+ rc = strftime (buf, sizeof (buf), "%a %A %b %B %c %z %Z", &ttm);
-+
-+ if (rc == 66)
-+ {
-+ const char expected[]
-+ = "? ? ? ? ? ? 16843009 16843009:16843009:16843009 16844909 +467836 ?";
-+ if (0 != strcmp (buf, expected))
-+ {
-+ printf ("expected:\n %s\ngot:\n %s\n", expected, buf);
-+ ret += 1;
-+ }
-+ }
-+ else
-+ {
-+ printf ("expected 66, got %d\n", rc);
-+ ret += 1;
-+ }
-+
-+ /* Check negative values as well. */
-+ memset (&ttm, 0xFF, sizeof (ttm));
-+ ttm.tm_zone = NULL; /* Dereferenced directly if non-NULL. */
-+ rc = strftime (buf, sizeof (buf), "%a %A %b %B %c %z %Z", &ttm);
-+
-+ if (rc == 30)
-+ {
-+ const char expected[] = "? ? ? ? ? ? -1 -1:-1:-1 1899 ";
-+ if (0 != strcmp (buf, expected))
-+ {
-+ printf ("expected:\n %s\ngot:\n %s\n", expected, buf);
-+ ret += 1;
-+ }
-+ }
-+ else
-+ {
-+ printf ("expected 30, got %d\n", rc);
-+ ret += 1;
-+ }
-+
-+ return ret;
-+}
-+
- static struct
- {
- const char *fmt;
-@@ -104,7 +154,7 @@ do_test (void)
- }
- }
-
-- return result;
-+ return result + do_bz18985 ();
- }
-
- #define TEST_FUNCTION do_test ()
diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-8777.patch b/meta/recipes-core/glibc/glibc/CVE-2015-8777.patch
deleted file mode 100644
index eeab72d..0000000
--- a/meta/recipes-core/glibc/glibc/CVE-2015-8777.patch
+++ /dev/null
@@ -1,123 +0,0 @@
-From a014cecd82b71b70a6a843e250e06b541ad524f7 Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer at redhat.com>
-Date: Thu, 15 Oct 2015 09:23:07 +0200
-Subject: [PATCH] Always enable pointer guard [BZ #18928]
-
-Honoring the LD_POINTER_GUARD environment variable in AT_SECURE mode
-has security implications. This commit enables pointer guard
-unconditionally, and the environment variable is now ignored.
-
- [BZ #18928]
- * sysdeps/generic/ldsodefs.h (struct rtld_global_ro): Remove
- _dl_pointer_guard member.
- * elf/rtld.c (_rtld_global_ro): Remove _dl_pointer_guard
- initializer.
- (security_init): Always set up pointer guard.
- (process_envvars): Do not process LD_POINTER_GUARD.
-
-Upstream-Status: Backport
-CVE: CVE-2015-8777
-[Yocto # 8980]
-
-https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=a014cecd82b71b70a6a843e250e06b541ad524f7
-
-Signed-off-by: Armin Kuster <akuster at mvista.com>
-
----
- ChangeLog | 10 ++++++++++
- NEWS | 13 ++++++++-----
- elf/rtld.c | 15 ++++-----------
- sysdeps/generic/ldsodefs.h | 3 ---
- 4 files changed, 22 insertions(+), 19 deletions(-)
-
-Index: git/ChangeLog
-===================================================================
---- git.orig/ChangeLog
-+++ git/ChangeLog
-@@ -1,3 +1,14 @@
-+2015-10-15 Florian Weimer <fweimer at redhat.com>
-+
-+ [BZ #18928]
-+ * sysdeps/generic/ldsodefs.h (struct rtld_global_ro): Remove
-+ _dl_pointer_guard member.
-+ * elf/rtld.c (_rtld_global_ro): Remove _dl_pointer_guard
-+ initializer.
-+ (security_init): Always set up pointer guard.
-+ (process_envvars): Do not process LD_POINTER_GUARD.
-+
-+
- 2015-08-10 Maxim Ostapenko <m.ostapenko at partner.samsung.com>
-
- [BZ #18778]
-Index: git/NEWS
-===================================================================
---- git.orig/NEWS
-+++ git/NEWS
-@@ -34,7 +34,10 @@ Version 2.22
- 18533, 18534, 18536, 18539, 18540, 18542, 18544, 18545, 18546, 18547,
- 18549, 18553, 18557, 18558, 18569, 18583, 18585, 18586, 18592, 18593,
- 18594, 18602, 18612, 18613, 18619, 18633, 18635, 18641, 18643, 18648,
-- 18657, 18676, 18694, 18696.
-+ 18657, 18676, 18694, 18696, 18928.
-+
-+* The LD_POINTER_GUARD environment variable can no longer be used to
-+ disable the pointer guard feature. It is always enabled.
-
- * Cache information can be queried via sysconf() function on s390 e.g. with
- _SC_LEVEL1_ICACHE_SIZE as argument.
-Index: git/elf/rtld.c
-===================================================================
---- git.orig/elf/rtld.c
-+++ git/elf/rtld.c
-@@ -163,7 +163,6 @@ struct rtld_global_ro _rtld_global_ro at
- ._dl_hwcap_mask = HWCAP_IMPORTANT,
- ._dl_lazy = 1,
- ._dl_fpu_control = _FPU_DEFAULT,
-- ._dl_pointer_guard = 1,
- ._dl_pagesize = EXEC_PAGESIZE,
- ._dl_inhibit_cache = 0,
-
-@@ -710,15 +709,12 @@ security_init (void)
- #endif
-
- /* Set up the pointer guard as well, if necessary. */
-- if (GLRO(dl_pointer_guard))
-- {
-- uintptr_t pointer_chk_guard = _dl_setup_pointer_guard (_dl_random,
-- stack_chk_guard);
-+ uintptr_t pointer_chk_guard
-+ = _dl_setup_pointer_guard (_dl_random, stack_chk_guard);
- #ifdef THREAD_SET_POINTER_GUARD
-- THREAD_SET_POINTER_GUARD (pointer_chk_guard);
-+ THREAD_SET_POINTER_GUARD (pointer_chk_guard);
- #endif
-- __pointer_chk_guard_local = pointer_chk_guard;
-- }
-+ __pointer_chk_guard_local = pointer_chk_guard;
-
- /* We do not need the _dl_random value anymore. The less
- information we leave behind, the better, so clear the
-@@ -2478,9 +2474,6 @@ process_envvars (enum mode *modep)
- GLRO(dl_use_load_bias) = envline[14] == '1' ? -1 : 0;
- break;
- }
--
-- if (memcmp (envline, "POINTER_GUARD", 13) == 0)
-- GLRO(dl_pointer_guard) = envline[14] != '0';
- break;
-
- case 14:
-Index: git/sysdeps/generic/ldsodefs.h
-===================================================================
---- git.orig/sysdeps/generic/ldsodefs.h
-+++ git/sysdeps/generic/ldsodefs.h
-@@ -600,9 +600,6 @@ struct rtld_global_ro
- /* List of auditing interfaces. */
- struct audit_ifaces *_dl_audit;
- unsigned int _dl_naudit;
--
-- /* 0 if internal pointer values should not be guarded, 1 if they should. */
-- EXTERN int _dl_pointer_guard;
- };
- # define __rtld_global_attribute__
- # if IS_IN (rtld)
diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-8779.patch b/meta/recipes-core/glibc/glibc/CVE-2015-8779.patch
deleted file mode 100644
index 4dc93c7..0000000
--- a/meta/recipes-core/glibc/glibc/CVE-2015-8779.patch
+++ /dev/null
@@ -1,262 +0,0 @@
-From 0f58539030e436449f79189b6edab17d7479796e Mon Sep 17 00:00:00 2001
-From: Paul Pluzhnikov <ppluzhnikov at google.com>
-Date: Sat, 8 Aug 2015 15:53:03 -0700
-Subject: [PATCH] Fix BZ #17905
-
-Upstream-Status: Backport
-CVE: CVE-2015-8779
-[Yocto # 8980]
-
-https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f58539030e436449f79189b6edab17d7479796e
-
-Signed-off-by: Armin Kuster <akuster at mvista.com>
-
----
- ChangeLog | 8 ++++++++
- NEWS | 2 +-
- catgets/Makefile | 9 ++++++++-
- catgets/catgets.c | 19 ++++++++++++-------
- catgets/open_catalog.c | 23 ++++++++++++++---------
- catgets/tst-catgets.c | 31 +++++++++++++++++++++++++++++++
- 6 files changed, 74 insertions(+), 18 deletions(-)
-
-Index: git/catgets/Makefile
-===================================================================
---- git.orig/catgets/Makefile
-+++ git/catgets/Makefile
-@@ -37,6 +37,7 @@ ifeq (y,$(OPTION_EGLIBC_CATGETS))
- ifeq ($(run-built-tests),yes)
- tests-special += $(objpfx)de/libc.cat $(objpfx)test1.cat $(objpfx)test2.cat \
- $(objpfx)sample.SJIS.cat $(objpfx)test-gencat.out
-+tests-special += $(objpfx)tst-catgets-mem.out
- endif
- endif
- gencat-modules = xmalloc
-@@ -53,9 +54,11 @@ catgets-CPPFLAGS := -DNLSPATH='"$(msgcat
-
- generated += de.msg test1.cat test1.h test2.cat test2.h sample.SJIS.cat \
- test-gencat.h
-+generated += tst-catgets.mtrace tst-catgets-mem.out
-+
- generated-dirs += de
-
--tst-catgets-ENV = NLSPATH="$(objpfx)%l/%N.cat" LANG=de
-+tst-catgets-ENV = NLSPATH="$(objpfx)%l/%N.cat" LANG=de MALLOC_TRACE=$(objpfx)tst-catgets.mtrace
-
- ifeq ($(run-built-tests),yes)
- # This test just checks whether the program produces any error or not.
-@@ -89,4 +92,8 @@ $(objpfx)test-gencat.out: test-gencat.sh
- $(objpfx)sample.SJIS.cat: sample.SJIS $(objpfx)gencat
- $(built-program-cmd) -H $(objpfx)test-gencat.h < $(word 1,$^) > $@; \
- $(evaluate-test)
-+
-+$(objpfx)tst-catgets-mem.out: $(objpfx)tst-catgets.out
-+ $(common-objpfx)malloc/mtrace $(objpfx)tst-catgets.mtrace > $@; \
-+ $(evaluate-test)
- endif
-Index: git/catgets/catgets.c
-===================================================================
---- git.orig/catgets/catgets.c
-+++ git/catgets/catgets.c
-@@ -16,7 +16,6 @@
- License along with the GNU C Library; if not, see
- <http://www.gnu.org/licenses/>. */
-
--#include <alloca.h>
- #include <errno.h>
- #include <locale.h>
- #include <nl_types.h>
-@@ -35,6 +34,7 @@ catopen (const char *cat_name, int flag)
- __nl_catd result;
- const char *env_var = NULL;
- const char *nlspath = NULL;
-+ char *tmp = NULL;
-
- if (strchr (cat_name, '/') == NULL)
- {
-@@ -54,7 +54,10 @@ catopen (const char *cat_name, int flag)
- {
- /* Append the system dependent directory. */
- size_t len = strlen (nlspath) + 1 + sizeof NLSPATH;
-- char *tmp = alloca (len);
-+ tmp = malloc (len);
-+
-+ if (__glibc_unlikely (tmp == NULL))
-+ return (nl_catd) -1;
-
- __stpcpy (__stpcpy (__stpcpy (tmp, nlspath), ":"), NLSPATH);
- nlspath = tmp;
-@@ -65,16 +68,18 @@ catopen (const char *cat_name, int flag)
-
- result = (__nl_catd) malloc (sizeof (*result));
- if (result == NULL)
-- /* We cannot get enough memory. */
-- return (nl_catd) -1;
--
-- if (__open_catalog (cat_name, nlspath, env_var, result) != 0)
-+ {
-+ /* We cannot get enough memory. */
-+ result = (nl_catd) -1;
-+ }
-+ else if (__open_catalog (cat_name, nlspath, env_var, result) != 0)
- {
- /* Couldn't open the file. */
- free ((void *) result);
-- return (nl_catd) -1;
-+ result = (nl_catd) -1;
- }
-
-+ free (tmp);
- return (nl_catd) result;
- }
-
-Index: git/catgets/open_catalog.c
-===================================================================
---- git.orig/catgets/open_catalog.c
-+++ git/catgets/open_catalog.c
-@@ -47,6 +47,7 @@ __open_catalog (const char *cat_name, co
- size_t tab_size;
- const char *lastp;
- int result = -1;
-+ char *buf = NULL;
-
- if (strchr (cat_name, '/') != NULL || nlspath == NULL)
- fd = open_not_cancel_2 (cat_name, O_RDONLY);
-@@ -57,23 +58,23 @@ __open_catalog (const char *cat_name, co
- if (__glibc_unlikely (bufact + (n) >= bufmax)) \
- { \
- char *old_buf = buf; \
-- bufmax += 256 + (n); \
-- buf = (char *) alloca (bufmax); \
-- memcpy (buf, old_buf, bufact); \
-+ bufmax += (bufmax < 256 + (n)) ? 256 + (n) : bufmax; \
-+ buf = realloc (buf, bufmax); \
-+ if (__glibc_unlikely (buf == NULL)) \
-+ { \
-+ free (old_buf); \
-+ return -1; \
-+ } \
- }
-
- /* The RUN_NLSPATH variable contains a colon separated list of
- descriptions where we expect to find catalogs. We have to
- recognize certain % substitutions and stop when we found the
- first existing file. */
-- char *buf;
- size_t bufact;
-- size_t bufmax;
-+ size_t bufmax = 0;
- size_t len;
-
-- buf = NULL;
-- bufmax = 0;
--
- fd = -1;
- while (*run_nlspath != '\0')
- {
-@@ -188,7 +189,10 @@ __open_catalog (const char *cat_name, co
-
- /* Avoid dealing with directories and block devices */
- if (__builtin_expect (fd, 0) < 0)
-- return -1;
-+ {
-+ free (buf);
-+ return -1;
-+ }
-
- if (__builtin_expect (__fxstat64 (_STAT_VER, fd, &st), 0) < 0)
- goto close_unlock_return;
-@@ -325,6 +329,7 @@ __open_catalog (const char *cat_name, co
- /* Release the lock again. */
- close_unlock_return:
- close_not_cancel_no_status (fd);
-+ free (buf);
-
- return result;
- }
-Index: git/catgets/tst-catgets.c
-===================================================================
---- git.orig/catgets/tst-catgets.c
-+++ git/catgets/tst-catgets.c
-@@ -1,7 +1,10 @@
-+#include <assert.h>
- #include <mcheck.h>
- #include <nl_types.h>
- #include <stdio.h>
-+#include <stdlib.h>
- #include <string.h>
-+#include <sys/resource.h>
-
-
- static const char *msgs[] =
-@@ -12,6 +15,33 @@ static const char *msgs[] =
- };
- #define nmsgs (sizeof (msgs) / sizeof (msgs[0]))
-
-+
-+/* Test for unbounded alloca. */
-+static int
-+do_bz17905 (void)
-+{
-+ char *buf;
-+ struct rlimit rl;
-+ nl_catd result;
-+
-+ const int sz = 1024 * 1024;
-+
-+ getrlimit (RLIMIT_STACK, &rl);
-+ rl.rlim_cur = sz;
-+ setrlimit (RLIMIT_STACK, &rl);
-+
-+ buf = malloc (sz + 1);
-+ memset (buf, 'A', sz);
-+ buf[sz] = '\0';
-+ setenv ("NLSPATH", buf, 1);
-+
-+ result = catopen (buf, NL_CAT_LOCALE);
-+ assert (result == (nl_catd) -1);
-+
-+ free (buf);
-+ return 0;
-+}
-+
- #define ROUNDS 5
-
- static int
-@@ -62,6 +92,7 @@ do_test (void)
- }
- }
-
-+ result += do_bz17905 ();
- return result;
- }
-
-Index: git/ChangeLog
-===================================================================
---- git.orig/ChangeLog
-+++ git/ChangeLog
-@@ -1,3 +1,11 @@
-+2015-08-08 Paul Pluzhnikov <ppluzhnikov at google.com>
-+
-+ [BZ #17905]
-+ * catgets/Makefile (tst-catgets-mem): New test.
-+ * catgets/catgets.c (catopen): Don't use unbounded alloca.
-+ * catgets/open_catalog.c (__open_catalog): Likewise.
-+ * catgets/tst-catgets.c (do_bz17905): Test unbounded alloca.
-+
- 2015-10-15 Florian Weimer <fweimer at redhat.com>
-
- [BZ #18928]
-Index: git/NEWS
-===================================================================
---- git.orig/NEWS
-+++ git/NEWS
-@@ -9,7 +9,7 @@ Version 2.22.1
-
- * The following bugs are resolved with this release:
-
-- 18778, 18781, 18787.
-+ 18778, 18781, 18787, 17905.
- �
- Version 2.22
-
diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch b/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
deleted file mode 100644
index 3aca913..0000000
--- a/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
+++ /dev/null
@@ -1,1039 +0,0 @@
-From e02cabecf0d025ec4f4ddee290bdf7aadb873bb3 Mon Sep 17 00:00:00 2001
-From: Joseph Myers <joseph at codesourcery.com>
-Date: Tue, 24 Nov 2015 22:24:52 +0000
-Subject: [PATCH] Refactor strtod parsing of NaN payloads.
-
-The nan* functions handle their string argument by constructing a
-NAN(...) string on the stack as a VLA and passing it to strtod
-functions.
-
-This approach has problems discussed in bug 16961 and bug 16962: the
-stack usage is unbounded, and it gives incorrect results in certain
-cases where the argument is not a valid n-char-sequence.
-
-The natural fix for both issues is to refactor the NaN payload parsing
-out of strtod into a separate function that the nan* functions can
-call directly, so that no temporary string needs constructing on the
-stack at all. This patch does that refactoring in preparation for
-fixing those bugs (but without actually using the new functions from
-nan* - which will also require exporting them from libc at version
-GLIBC_PRIVATE). This patch is not intended to change any user-visible
-behavior, so no tests are added (fixes for the above bugs will of
-course add tests for them).
-
-This patch builds on my recent fixes for strtol and strtod issues in
-Turkish locales. Given those fixes, the parsing of NaN payloads is
-locale-independent; thus, the new functions do not need to take a
-locale_t argument.
-
-Tested for x86_64, x86, mips64 and powerpc.
-
- * stdlib/strtod_nan.c: New file.
- * stdlib/strtod_nan_double.h: Likewise.
- * stdlib/strtod_nan_float.h: Likewise.
- * stdlib/strtod_nan_main.c: Likewise.
- * stdlib/strtod_nan_narrow.h: Likewise.
- * stdlib/strtod_nan_wide.h: Likewise.
- * stdlib/strtof_nan.c: Likewise.
- * stdlib/strtold_nan.c: Likewise.
- * sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h: Likewise.
- * sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h: Likewise.
- * sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h: Likewise.
- * wcsmbs/wcstod_nan.c: Likewise.
- * wcsmbs/wcstof_nan.c: Likewise.
- * wcsmbs/wcstold_nan.c: Likewise.
- * stdlib/Makefile (routines): Add strtof_nan, strtod_nan and
- strtold_nan.
- * wcsmbs/Makefile (routines): Add wcstod_nan, wcstold_nan and
- wcstof_nan.
- * include/stdlib.h (__strtof_nan): Declare and use
- libc_hidden_proto.
- (__strtod_nan): Likewise.
- (__strtold_nan): Likewise.
- (__wcstof_nan): Likewise.
- (__wcstod_nan): Likewise.
- (__wcstold_nan): Likewise.
- * include/wchar.h (____wcstoull_l_internal): Declare.
- * stdlib/strtod_l.c: Do not include <ieee754.h>.
- (____strtoull_l_internal): Remove declaration.
- (STRTOF_NAN): Define macro.
- (SET_MANTISSA): Remove macro.
- (STRTOULL): Likewise.
- (____STRTOF_INTERNAL): Use STRTOF_NAN to parse NaN payload.
- * stdlib/strtof_l.c (____strtoull_l_internal): Remove declaration.
- (STRTOF_NAN): Define macro.
- (SET_MANTISSA): Remove macro.
- * sysdeps/ieee754/ldbl-128/strtold_l.c (STRTOF_NAN): Define macro.
- (SET_MANTISSA): Remove macro.
- * sysdeps/ieee754/ldbl-128ibm/strtold_l.c (STRTOF_NAN): Define
- macro.
- (SET_MANTISSA): Remove macro.
- * sysdeps/ieee754/ldbl-64-128/strtold_l.c (STRTOF_NAN): Define
- macro.
- (SET_MANTISSA): Remove macro.
- * sysdeps/ieee754/ldbl-96/strtold_l.c (STRTOF_NAN): Define macro.
- (SET_MANTISSA): Remove macro.
- * wcsmbs/wcstod_l.c (____wcstoull_l_internal): Remove declaration.
- * wcsmbs/wcstof_l.c (____wcstoull_l_internal): Likewise.
- * wcsmbs/wcstold_l.c (____wcstoull_l_internal): Likewise.
-
-Upstream-Status: Backport
-CVE: CVE-2015-9761 patch #1
-[Yocto # 8980]
-
-https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02cabecf0d025ec4f4ddee290bdf7aadb873bb3
-
-Signed-off-by: Armin Kuster <akuster at mvista.com>
-
----
- ChangeLog | 49 ++++++++++++++++++
- include/stdlib.h | 18 +++++++
- include/wchar.h | 3 ++
- stdlib/Makefile | 1 +
- stdlib/strtod_l.c | 48 ++++--------------
- stdlib/strtod_nan.c | 24 +++++++++
- stdlib/strtod_nan_double.h | 30 +++++++++++
- stdlib/strtod_nan_float.h | 29 +++++++++++
- stdlib/strtod_nan_main.c | 63 ++++++++++++++++++++++++
- stdlib/strtod_nan_narrow.h | 22 +++++++++
- stdlib/strtod_nan_wide.h | 22 +++++++++
- stdlib/strtof_l.c | 11 +----
- stdlib/strtof_nan.c | 24 +++++++++
- stdlib/strtold_nan.c | 30 +++++++++++
- sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h | 33 +++++++++++++
- sysdeps/ieee754/ldbl-128/strtold_l.c | 13 +----
- sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h | 30 +++++++++++
- sysdeps/ieee754/ldbl-128ibm/strtold_l.c | 10 +---
- sysdeps/ieee754/ldbl-64-128/strtold_l.c | 13 +----
- sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h | 30 +++++++++++
- sysdeps/ieee754/ldbl-96/strtold_l.c | 10 +---
- wcsmbs/Makefile | 1 +
- wcsmbs/wcstod_l.c | 3 --
- wcsmbs/wcstod_nan.c | 23 +++++++++
- wcsmbs/wcstof_l.c | 3 --
- wcsmbs/wcstof_nan.c | 23 +++++++++
- wcsmbs/wcstold_l.c | 3 --
- wcsmbs/wcstold_nan.c | 30 +++++++++++
- 28 files changed, 504 insertions(+), 95 deletions(-)
- create mode 100644 stdlib/strtod_nan.c
- create mode 100644 stdlib/strtod_nan_double.h
- create mode 100644 stdlib/strtod_nan_float.h
- create mode 100644 stdlib/strtod_nan_main.c
- create mode 100644 stdlib/strtod_nan_narrow.h
- create mode 100644 stdlib/strtod_nan_wide.h
- create mode 100644 stdlib/strtof_nan.c
- create mode 100644 stdlib/strtold_nan.c
- create mode 100644 sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
- create mode 100644 sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
- create mode 100644 sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
- create mode 100644 wcsmbs/wcstod_nan.c
- create mode 100644 wcsmbs/wcstof_nan.c
- create mode 100644 wcsmbs/wcstold_nan.c
-
-Index: git/include/stdlib.h
-===================================================================
---- git.orig/include/stdlib.h
-+++ git/include/stdlib.h
-@@ -203,6 +203,24 @@ libc_hidden_proto (strtoll)
- libc_hidden_proto (strtoul)
- libc_hidden_proto (strtoull)
-
-+extern float __strtof_nan (const char *, char **, char) internal_function;
-+extern double __strtod_nan (const char *, char **, char) internal_function;
-+extern long double __strtold_nan (const char *, char **, char)
-+ internal_function;
-+extern float __wcstof_nan (const wchar_t *, wchar_t **, wchar_t)
-+ internal_function;
-+extern double __wcstod_nan (const wchar_t *, wchar_t **, wchar_t)
-+ internal_function;
-+extern long double __wcstold_nan (const wchar_t *, wchar_t **, wchar_t)
-+ internal_function;
-+
-+libc_hidden_proto (__strtof_nan)
-+libc_hidden_proto (__strtod_nan)
-+libc_hidden_proto (__strtold_nan)
-+libc_hidden_proto (__wcstof_nan)
-+libc_hidden_proto (__wcstod_nan)
-+libc_hidden_proto (__wcstold_nan)
-+
- extern char *__ecvt (double __value, int __ndigit, int *__restrict __decpt,
- int *__restrict __sign);
- extern char *__fcvt (double __value, int __ndigit, int *__restrict __decpt,
-Index: git/include/wchar.h
-===================================================================
---- git.orig/include/wchar.h
-+++ git/include/wchar.h
-@@ -52,6 +52,9 @@ extern unsigned long long int __wcstoull
- __restrict __endptr,
- int __base,
- int __group) __THROW;
-+extern unsigned long long int ____wcstoull_l_internal (const wchar_t *,
-+ wchar_t **, int, int,
-+ __locale_t);
- libc_hidden_proto (__wcstof_internal)
- libc_hidden_proto (__wcstod_internal)
- libc_hidden_proto (__wcstold_internal)
-Index: git/stdlib/Makefile
-===================================================================
---- git.orig/stdlib/Makefile
-+++ git/stdlib/Makefile
-@@ -51,6 +51,7 @@ routines-y := \
- strtol_l strtoul_l strtoll_l strtoull_l \
- strtof strtod strtold \
- strtof_l strtod_l strtold_l \
-+ strtof_nan strtod_nan strtold_nan \
- system canonicalize \
- a64l l64a \
- getsubopt xpg_basename \
-Index: git/stdlib/strtod_l.c
-===================================================================
---- git.orig/stdlib/strtod_l.c
-+++ git/stdlib/strtod_l.c
-@@ -21,8 +21,6 @@
- #include <xlocale.h>
-
- extern double ____strtod_l_internal (const char *, char **, int, __locale_t);
--extern unsigned long long int ____strtoull_l_internal (const char *, char **,
-- int, int, __locale_t);
-
- /* Configuration part. These macros are defined by `strtold.c',
- `strtof.c', `wcstod.c', `wcstold.c', and `wcstof.c' to produce the
-@@ -34,27 +32,20 @@ extern unsigned long long int ____strtou
- # ifdef USE_WIDE_CHAR
- # define STRTOF wcstod_l
- # define __STRTOF __wcstod_l
-+# define STRTOF_NAN __wcstod_nan
- # else
- # define STRTOF strtod_l
- # define __STRTOF __strtod_l
-+# define STRTOF_NAN __strtod_nan
- # endif
- # define MPN2FLOAT __mpn_construct_double
- # define FLOAT_HUGE_VAL HUGE_VAL
--# define SET_MANTISSA(flt, mant) \
-- do { union ieee754_double u; \
-- u.d = (flt); \
-- u.ieee_nan.mantissa0 = (mant) >> 32; \
-- u.ieee_nan.mantissa1 = (mant); \
-- if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
-- (flt) = u.d; \
-- } while (0)
- #endif
- /* End of configuration part. */
- �
- #include <ctype.h>
- #include <errno.h>
- #include <float.h>
--#include <ieee754.h>
- #include "../locale/localeinfo.h"
- #include <locale.h>
- #include <math.h>
-@@ -105,7 +96,6 @@ extern unsigned long long int ____strtou
- # define TOLOWER_C(Ch) __towlower_l ((Ch), _nl_C_locobj_ptr)
- # define STRNCASECMP(S1, S2, N) \
- __wcsncasecmp_l ((S1), (S2), (N), _nl_C_locobj_ptr)
--# define STRTOULL(S, E, B) ____wcstoull_l_internal ((S), (E), (B), 0, loc)
- #else
- # define STRING_TYPE char
- # define CHAR_TYPE char
-@@ -117,7 +107,6 @@ extern unsigned long long int ____strtou
- # define TOLOWER_C(Ch) __tolower_l ((Ch), _nl_C_locobj_ptr)
- # define STRNCASECMP(S1, S2, N) \
- __strncasecmp_l ((S1), (S2), (N), _nl_C_locobj_ptr)
--# define STRTOULL(S, E, B) ____strtoull_l_internal ((S), (E), (B), 0, loc)
- #endif
-
-
-@@ -668,33 +657,14 @@ ____STRTOF_INTERNAL (nptr, endptr, group
- if (*cp == L_('('))
- {
- const STRING_TYPE *startp = cp;
-- do
-- ++cp;
-- while ((*cp >= L_('0') && *cp <= L_('9'))
-- || ({ CHAR_TYPE lo = TOLOWER (*cp);
-- lo >= L_('a') && lo <= L_('z'); })
-- || *cp == L_('_'));
--
-- if (*cp != L_(')'))
-- /* The closing brace is missing. Only match the NAN
-- part. */
-- cp = startp;
-+ STRING_TYPE *endp;
-+ retval = STRTOF_NAN (cp + 1, &endp, L_(')'));
-+ if (*endp == L_(')'))
-+ /* Consume the closing parenthesis. */
-+ cp = endp + 1;
- else
-- {
-- /* This is a system-dependent way to specify the
-- bitmask used for the NaN. We expect it to be
-- a number which is put in the mantissa of the
-- number. */
-- STRING_TYPE *endp;
-- unsigned long long int mant;
--
-- mant = STRTOULL (startp + 1, &endp, 0);
-- if (endp == cp)
-- SET_MANTISSA (retval, mant);
--
-- /* Consume the closing brace. */
-- ++cp;
-- }
-+ /* Only match the NAN part. */
-+ cp = startp;
- }
-
- if (endptr != NULL)
-Index: git/stdlib/strtod_nan.c
-===================================================================
---- /dev/null
-+++ git/stdlib/strtod_nan.c
-@@ -0,0 +1,24 @@
-+/* Convert string for NaN payload to corresponding NaN. Narrow
-+ strings, double.
-+ Copyright (C) 2015 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
-+#include <strtod_nan_narrow.h>
-+#include <strtod_nan_double.h>
-+
-+#define STRTOD_NAN __strtod_nan
-+#include <strtod_nan_main.c>
-Index: git/stdlib/strtod_nan_double.h
-===================================================================
---- /dev/null
-+++ git/stdlib/strtod_nan_double.h
-@@ -0,0 +1,30 @@
-+/* Convert string for NaN payload to corresponding NaN. For double.
-+ Copyright (C) 1997-2015 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
-+#define FLOAT double
-+#define SET_MANTISSA(flt, mant) \
-+ do \
-+ { \
-+ union ieee754_double u; \
-+ u.d = (flt); \
-+ u.ieee_nan.mantissa0 = (mant) >> 32; \
-+ u.ieee_nan.mantissa1 = (mant); \
-+ if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
-+ (flt) = u.d; \
-+ } \
-+ while (0)
-Index: git/stdlib/strtod_nan_float.h
-===================================================================
---- /dev/null
-+++ git/stdlib/strtod_nan_float.h
-@@ -0,0 +1,29 @@
-+/* Convert string for NaN payload to corresponding NaN. For float.
-+ Copyright (C) 1997-2015 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
-+#define FLOAT float
-+#define SET_MANTISSA(flt, mant) \
-+ do \
-+ { \
-+ union ieee754_float u; \
-+ u.f = (flt); \
-+ u.ieee_nan.mantissa = (mant); \
-+ if (u.ieee.mantissa != 0) \
-+ (flt) = u.f; \
-+ } \
-+ while (0)
-Index: git/stdlib/strtod_nan_main.c
-===================================================================
---- /dev/null
-+++ git/stdlib/strtod_nan_main.c
-@@ -0,0 +1,63 @@
-+/* Convert string for NaN payload to corresponding NaN.
-+ Copyright (C) 1997-2015 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
-+#include <ieee754.h>
-+#include <locale.h>
-+#include <math.h>
-+#include <stdlib.h>
-+#include <wchar.h>
-+
-+
-+/* If STR starts with an optional n-char-sequence as defined by ISO C
-+ (a sequence of ASCII letters, digits and underscores), followed by
-+ ENDC, return a NaN whose payload is set based on STR. Otherwise,
-+ return a default NAN. If ENDPTR is not NULL, set *ENDPTR to point
-+ to the character after the initial n-char-sequence. */
-+
-+internal_function
-+FLOAT
-+STRTOD_NAN (const STRING_TYPE *str, STRING_TYPE **endptr, STRING_TYPE endc)
-+{
-+ const STRING_TYPE *cp = str;
-+
-+ while ((*cp >= L_('0') && *cp <= L_('9'))
-+ || (*cp >= L_('A') && *cp <= L_('Z'))
-+ || (*cp >= L_('a') && *cp <= L_('z'))
-+ || *cp == L_('_'))
-+ ++cp;
-+
-+ FLOAT retval = NAN;
-+ if (*cp != endc)
-+ goto out;
-+
-+ /* This is a system-dependent way to specify the bitmask used for
-+ the NaN. We expect it to be a number which is put in the
-+ mantissa of the number. */
-+ STRING_TYPE *endp;
-+ unsigned long long int mant;
-+
-+ mant = STRTOULL (str, &endp, 0);
-+ if (endp == cp)
-+ SET_MANTISSA (retval, mant);
-+
-+ out:
-+ if (endptr != NULL)
-+ *endptr = (STRING_TYPE *) cp;
-+ return retval;
-+}
-+libc_hidden_def (STRTOD_NAN)
-Index: git/stdlib/strtod_nan_narrow.h
-===================================================================
---- /dev/null
-+++ git/stdlib/strtod_nan_narrow.h
-@@ -0,0 +1,22 @@
-+/* Convert string for NaN payload to corresponding NaN. Narrow strings.
-+ Copyright (C) 1997-2015 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
-+#define STRING_TYPE char
-+#define L_(Ch) Ch
-+#define STRTOULL(S, E, B) ____strtoull_l_internal ((S), (E), (B), 0, \
-+ _nl_C_locobj_ptr)
-Index: git/stdlib/strtod_nan_wide.h
-===================================================================
---- /dev/null
-+++ git/stdlib/strtod_nan_wide.h
-@@ -0,0 +1,22 @@
-+/* Convert string for NaN payload to corresponding NaN. Wide strings.
-+ Copyright (C) 1997-2015 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
-+#define STRING_TYPE wchar_t
-+#define L_(Ch) L##Ch
-+#define STRTOULL(S, E, B) ____wcstoull_l_internal ((S), (E), (B), 0, \
-+ _nl_C_locobj_ptr)
-Index: git/stdlib/strtof_l.c
-===================================================================
---- git.orig/stdlib/strtof_l.c
-+++ git/stdlib/strtof_l.c
-@@ -20,26 +20,19 @@
- #include <xlocale.h>
-
- extern float ____strtof_l_internal (const char *, char **, int, __locale_t);
--extern unsigned long long int ____strtoull_l_internal (const char *, char **,
-- int, int, __locale_t);
-
- #define FLOAT float
- #define FLT FLT
- #ifdef USE_WIDE_CHAR
- # define STRTOF wcstof_l
- # define __STRTOF __wcstof_l
-+# define STRTOF_NAN __wcstof_nan
- #else
- # define STRTOF strtof_l
- # define __STRTOF __strtof_l
-+# define STRTOF_NAN __strtof_nan
- #endif
- #define MPN2FLOAT __mpn_construct_float
- #define FLOAT_HUGE_VAL HUGE_VALF
--#define SET_MANTISSA(flt, mant) \
-- do { union ieee754_float u; \
-- u.f = (flt); \
-- u.ieee_nan.mantissa = (mant); \
-- if (u.ieee.mantissa != 0) \
-- (flt) = u.f; \
-- } while (0)
-
- #include "strtod_l.c"
-Index: git/stdlib/strtof_nan.c
-===================================================================
---- /dev/null
-+++ git/stdlib/strtof_nan.c
-@@ -0,0 +1,24 @@
-+/* Convert string for NaN payload to corresponding NaN. Narrow
-+ strings, float.
-+ Copyright (C) 2015 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
-+#include <strtod_nan_narrow.h>
-+#include <strtod_nan_float.h>
-+
-+#define STRTOD_NAN __strtof_nan
-+#include <strtod_nan_main.c>
-Index: git/stdlib/strtold_nan.c
-===================================================================
---- /dev/null
-+++ git/stdlib/strtold_nan.c
-@@ -0,0 +1,30 @@
-+/* Convert string for NaN payload to corresponding NaN. Narrow
-+ strings, long double.
-+ Copyright (C) 2015 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
-+#include <math.h>
-+
-+/* This function is unused if long double and double have the same
-+ representation. */
-+#ifndef __NO_LONG_DOUBLE_MATH
-+# include <strtod_nan_narrow.h>
-+# include <strtod_nan_ldouble.h>
-+
-+# define STRTOD_NAN __strtold_nan
-+# include <strtod_nan_main.c>
-+#endif
-Index: git/sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
-===================================================================
---- /dev/null
-+++ git/sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
-@@ -0,0 +1,33 @@
-+/* Convert string for NaN payload to corresponding NaN. For ldbl-128.
-+ Copyright (C) 1997-2015 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
-+#define FLOAT long double
-+#define SET_MANTISSA(flt, mant) \
-+ do \
-+ { \
-+ union ieee854_long_double u; \
-+ u.d = (flt); \
-+ u.ieee_nan.mantissa0 = 0; \
-+ u.ieee_nan.mantissa1 = 0; \
-+ u.ieee_nan.mantissa2 = (mant) >> 32; \
-+ u.ieee_nan.mantissa3 = (mant); \
-+ if ((u.ieee.mantissa0 | u.ieee.mantissa1 \
-+ | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \
-+ (flt) = u.d; \
-+ } \
-+ while (0)
-Index: git/sysdeps/ieee754/ldbl-128/strtold_l.c
-===================================================================
---- git.orig/sysdeps/ieee754/ldbl-128/strtold_l.c
-+++ git/sysdeps/ieee754/ldbl-128/strtold_l.c
-@@ -25,22 +25,13 @@
- #ifdef USE_WIDE_CHAR
- # define STRTOF wcstold_l
- # define __STRTOF __wcstold_l
-+# define STRTOF_NAN __wcstold_nan
- #else
- # define STRTOF strtold_l
- # define __STRTOF __strtold_l
-+# define STRTOF_NAN __strtold_nan
- #endif
- #define MPN2FLOAT __mpn_construct_long_double
- #define FLOAT_HUGE_VAL HUGE_VALL
--#define SET_MANTISSA(flt, mant) \
-- do { union ieee854_long_double u; \
-- u.d = (flt); \
-- u.ieee_nan.mantissa0 = 0; \
-- u.ieee_nan.mantissa1 = 0; \
-- u.ieee_nan.mantissa2 = (mant) >> 32; \
-- u.ieee_nan.mantissa3 = (mant); \
-- if ((u.ieee.mantissa0 | u.ieee.mantissa1 \
-- | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \
-- (flt) = u.d; \
-- } while (0)
-
- #include <strtod_l.c>
-Index: git/sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
-===================================================================
---- /dev/null
-+++ git/sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
-@@ -0,0 +1,30 @@
-+/* Convert string for NaN payload to corresponding NaN. For ldbl-128ibm.
-+ Copyright (C) 1997-2015 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
-+#define FLOAT long double
-+#define SET_MANTISSA(flt, mant) \
-+ do \
-+ { \
-+ union ibm_extended_long_double u; \
-+ u.ld = (flt); \
-+ u.d[0].ieee_nan.mantissa0 = (mant) >> 32; \
-+ u.d[0].ieee_nan.mantissa1 = (mant); \
-+ if ((u.d[0].ieee.mantissa0 | u.d[0].ieee.mantissa1) != 0) \
-+ (flt) = u.ld; \
-+ } \
-+ while (0)
-Index: git/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
-===================================================================
---- git.orig/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
-+++ git/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
-@@ -30,25 +30,19 @@ extern long double ____new_wcstold_l (co
- # define STRTOF __new_wcstold_l
- # define __STRTOF ____new_wcstold_l
- # define ____STRTOF_INTERNAL ____wcstold_l_internal
-+# define STRTOF_NAN __wcstold_nan
- #else
- extern long double ____new_strtold_l (const char *, char **, __locale_t);
- # define STRTOF __new_strtold_l
- # define __STRTOF ____new_strtold_l
- # define ____STRTOF_INTERNAL ____strtold_l_internal
-+# define STRTOF_NAN __strtold_nan
- #endif
- extern __typeof (__STRTOF) STRTOF;
- libc_hidden_proto (__STRTOF)
- libc_hidden_proto (STRTOF)
- #define MPN2FLOAT __mpn_construct_long_double
- #define FLOAT_HUGE_VAL HUGE_VALL
--# define SET_MANTISSA(flt, mant) \
-- do { union ibm_extended_long_double u; \
-- u.ld = (flt); \
-- u.d[0].ieee_nan.mantissa0 = (mant) >> 32; \
-- u.d[0].ieee_nan.mantissa1 = (mant); \
-- if ((u.d[0].ieee.mantissa0 | u.d[0].ieee.mantissa1) != 0) \
-- (flt) = u.ld; \
-- } while (0)
-
- #include <strtod_l.c>
-
-Index: git/sysdeps/ieee754/ldbl-64-128/strtold_l.c
-===================================================================
---- git.orig/sysdeps/ieee754/ldbl-64-128/strtold_l.c
-+++ git/sysdeps/ieee754/ldbl-64-128/strtold_l.c
-@@ -30,28 +30,19 @@ extern long double ____new_wcstold_l (co
- # define STRTOF __new_wcstold_l
- # define __STRTOF ____new_wcstold_l
- # define ____STRTOF_INTERNAL ____wcstold_l_internal
-+# define STRTOF_NAN __wcstold_nan
- #else
- extern long double ____new_strtold_l (const char *, char **, __locale_t);
- # define STRTOF __new_strtold_l
- # define __STRTOF ____new_strtold_l
- # define ____STRTOF_INTERNAL ____strtold_l_internal
-+# define STRTOF_NAN __strtold_nan
- #endif
- extern __typeof (__STRTOF) STRTOF;
- libc_hidden_proto (__STRTOF)
- libc_hidden_proto (STRTOF)
- #define MPN2FLOAT __mpn_construct_long_double
- #define FLOAT_HUGE_VAL HUGE_VALL
--#define SET_MANTISSA(flt, mant) \
-- do { union ieee854_long_double u; \
-- u.d = (flt); \
-- u.ieee_nan.mantissa0 = 0; \
-- u.ieee_nan.mantissa1 = 0; \
-- u.ieee_nan.mantissa2 = (mant) >> 32; \
-- u.ieee_nan.mantissa3 = (mant); \
-- if ((u.ieee.mantissa0 | u.ieee.mantissa1 \
-- | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \
-- (flt) = u.d; \
-- } while (0)
-
- #include <strtod_l.c>
-
-Index: git/sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
-===================================================================
---- /dev/null
-+++ git/sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
-@@ -0,0 +1,30 @@
-+/* Convert string for NaN payload to corresponding NaN. For ldbl-96.
-+ Copyright (C) 1997-2015 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
-+#define FLOAT long double
-+#define SET_MANTISSA(flt, mant) \
-+ do \
-+ { \
-+ union ieee854_long_double u; \
-+ u.d = (flt); \
-+ u.ieee_nan.mantissa0 = (mant) >> 32; \
-+ u.ieee_nan.mantissa1 = (mant); \
-+ if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
-+ (flt) = u.d; \
-+ } \
-+ while (0)
-Index: git/sysdeps/ieee754/ldbl-96/strtold_l.c
-===================================================================
---- git.orig/sysdeps/ieee754/ldbl-96/strtold_l.c
-+++ git/sysdeps/ieee754/ldbl-96/strtold_l.c
-@@ -25,19 +25,13 @@
- #ifdef USE_WIDE_CHAR
- # define STRTOF wcstold_l
- # define __STRTOF __wcstold_l
-+# define STRTOF_NAN __wcstold_nan
- #else
- # define STRTOF strtold_l
- # define __STRTOF __strtold_l
-+# define STRTOF_NAN __strtold_nan
- #endif
- #define MPN2FLOAT __mpn_construct_long_double
- #define FLOAT_HUGE_VAL HUGE_VALL
--#define SET_MANTISSA(flt, mant) \
-- do { union ieee854_long_double u; \
-- u.d = (flt); \
-- u.ieee_nan.mantissa0 = (mant) >> 32; \
-- u.ieee_nan.mantissa1 = (mant); \
-- if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
-- (flt) = u.d; \
-- } while (0)
-
- #include <stdlib/strtod_l.c>
-Index: git/wcsmbs/Makefile
-===================================================================
---- git.orig/wcsmbs/Makefile
-+++ git/wcsmbs/Makefile
-@@ -39,6 +39,7 @@ routines-$(OPTION_POSIX_C_LANG_WIDE_CHAR
- wcstol wcstoul wcstoll wcstoull wcstod wcstold wcstof \
- wcstol_l wcstoul_l wcstoll_l wcstoull_l \
- wcstod_l wcstold_l wcstof_l \
-+ wcstod_nan wcstold_nan wcstof_nan \
- wcscoll wcsxfrm \
- wcwidth wcswidth \
- wcscoll_l wcsxfrm_l \
-Index: git/wcsmbs/wcstod_l.c
-===================================================================
---- git.orig/wcsmbs/wcstod_l.c
-+++ git/wcsmbs/wcstod_l.c
-@@ -23,9 +23,6 @@
-
- extern double ____wcstod_l_internal (const wchar_t *, wchar_t **, int,
- __locale_t);
--extern unsigned long long int ____wcstoull_l_internal (const wchar_t *,
-- wchar_t **, int, int,
-- __locale_t);
-
- #define USE_WIDE_CHAR 1
-
-Index: git/wcsmbs/wcstod_nan.c
-===================================================================
---- /dev/null
-+++ git/wcsmbs/wcstod_nan.c
-@@ -0,0 +1,23 @@
-+/* Convert string for NaN payload to corresponding NaN. Wide strings, double.
-+ Copyright (C) 2015 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
-+#include "../stdlib/strtod_nan_wide.h"
-+#include "../stdlib/strtod_nan_double.h"
-+
-+#define STRTOD_NAN __wcstod_nan
-+#include "../stdlib/strtod_nan_main.c"
-Index: git/wcsmbs/wcstof_l.c
-===================================================================
---- git.orig/wcsmbs/wcstof_l.c
-+++ git/wcsmbs/wcstof_l.c
-@@ -25,8 +25,5 @@
-
- extern float ____wcstof_l_internal (const wchar_t *, wchar_t **, int,
- __locale_t);
--extern unsigned long long int ____wcstoull_l_internal (const wchar_t *,
-- wchar_t **, int, int,
-- __locale_t);
-
- #include <stdlib/strtof_l.c>
-Index: git/wcsmbs/wcstof_nan.c
-===================================================================
---- /dev/null
-+++ git/wcsmbs/wcstof_nan.c
-@@ -0,0 +1,23 @@
-+/* Convert string for NaN payload to corresponding NaN. Wide strings, float.
-+ Copyright (C) 2015 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
-+#include "../stdlib/strtod_nan_wide.h"
-+#include "../stdlib/strtod_nan_float.h"
-+
-+#define STRTOD_NAN __wcstof_nan
-+#include "../stdlib/strtod_nan_main.c"
-Index: git/wcsmbs/wcstold_l.c
-===================================================================
---- git.orig/wcsmbs/wcstold_l.c
-+++ git/wcsmbs/wcstold_l.c
-@@ -24,8 +24,5 @@
-
- extern long double ____wcstold_l_internal (const wchar_t *, wchar_t **, int,
- __locale_t);
--extern unsigned long long int ____wcstoull_l_internal (const wchar_t *,
-- wchar_t **, int, int,
-- __locale_t);
-
- #include <strtold_l.c>
-Index: git/wcsmbs/wcstold_nan.c
-===================================================================
---- /dev/null
-+++ git/wcsmbs/wcstold_nan.c
-@@ -0,0 +1,30 @@
-+/* Convert string for NaN payload to corresponding NaN. Wide strings,
-+ long double.
-+ Copyright (C) 2015 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
-+#include <math.h>
-+
-+/* This function is unused if long double and double have the same
-+ representation. */
-+#ifndef __NO_LONG_DOUBLE_MATH
-+# include "../stdlib/strtod_nan_wide.h"
-+# include <strtod_nan_ldouble.h>
-+
-+# define STRTOD_NAN __wcstold_nan
-+# include "../stdlib/strtod_nan_main.c"
-+#endif
-Index: git/ChangeLog
-===================================================================
---- git.orig/ChangeLog
-+++ git/ChangeLog
-@@ -1,3 +1,57 @@
-+2015-11-24 Joseph Myers <joseph at codesourcery.com>
-+
-+ * stdlib/strtod_nan.c: New file.
-+ * stdlib/strtod_nan_double.h: Likewise.
-+ * stdlib/strtod_nan_float.h: Likewise.
-+ * stdlib/strtod_nan_main.c: Likewise.
-+ * stdlib/strtod_nan_narrow.h: Likewise.
-+ * stdlib/strtod_nan_wide.h: Likewise.
-+ * stdlib/strtof_nan.c: Likewise.
-+ * stdlib/strtold_nan.c: Likewise.
-+ * sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h: Likewise.
-+ * sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h: Likewise.
-+ * sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h: Likewise.
-+ * wcsmbs/wcstod_nan.c: Likewise.
-+ * wcsmbs/wcstof_nan.c: Likewise.
-+ * wcsmbs/wcstold_nan.c: Likewise.
-+ * stdlib/Makefile (routines): Add strtof_nan, strtod_nan and
-+ strtold_nan.
-+ * wcsmbs/Makefile (routines): Add wcstod_nan, wcstold_nan and
-+ wcstof_nan.
-+ * include/stdlib.h (__strtof_nan): Declare and use
-+ libc_hidden_proto.
-+ (__strtod_nan): Likewise.
-+ (__strtold_nan): Likewise.
-+ (__wcstof_nan): Likewise.
-+ (__wcstod_nan): Likewise.
-+ (__wcstold_nan): Likewise.
-+ * include/wchar.h (____wcstoull_l_internal): Declare.
-+ * stdlib/strtod_l.c: Do not include <ieee754.h>.
-+ (____strtoull_l_internal): Remove declaration.
-+ (STRTOF_NAN): Define macro.
-+ (SET_MANTISSA): Remove macro.
-+ (STRTOULL): Likewise.
-+ (____STRTOF_INTERNAL): Use STRTOF_NAN to parse NaN payload.
-+ * stdlib/strtof_l.c (____strtoull_l_internal): Remove declaration.
-+ (STRTOF_NAN): Define macro.
-+ (SET_MANTISSA): Remove macro.
-+ * sysdeps/ieee754/ldbl-128/strtold_l.c (STRTOF_NAN): Define macro.
-+ (SET_MANTISSA): Remove macro.
-+ * sysdeps/ieee754/ldbl-128ibm/strtold_l.c (STRTOF_NAN): Define
-+ macro.
-+ (SET_MANTISSA): Remove macro.
-+ * sysdeps/ieee754/ldbl-64-128/strtold_l.c (STRTOF_NAN): Define
-+ macro.
-+ (SET_MANTISSA): Remove macro.
-+ * sysdeps/ieee754/ldbl-96/strtold_l.c (STRTOF_NAN): Define macro.
-+ (SET_MANTISSA): Remove macro.
-+ * wcsmbs/wcstod_l.c (____wcstoull_l_internal): Remove declaration.
-+ * wcsmbs/wcstof_l.c (____wcstoull_l_internal): Likewise.
-+ * wcsmbs/wcstold_l.c (____wcstoull_l_internal): Likewise.
-+
-+ [BZ #19266]
-+ * stdlib/strtod_l.c (____STRTOF_INTERNAL): Check directly for
-+ upper case and lower case letters inside NAN(), not using TOLOWER.
- 2015-08-08 Paul Pluzhnikov <ppluzhnikov at google.com>
-
- [BZ #17905]
diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch b/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
deleted file mode 100644
index e30307f..0000000
--- a/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
+++ /dev/null
@@ -1,385 +0,0 @@
-From 8f5e8b01a1da2a207228f2072c934fa5918554b8 Mon Sep 17 00:00:00 2001
-From: Joseph Myers <joseph at codesourcery.com>
-Date: Fri, 4 Dec 2015 20:36:28 +0000
-Subject: [PATCH] Fix nan functions handling of payload strings (bug 16961, bug
- 16962).
-
-The nan, nanf and nanl functions handle payload strings by doing e.g.:
-
- if (tagp[0] != '\0')
- {
- char buf[6 + strlen (tagp)];
- sprintf (buf, "NAN(%s)", tagp);
- return strtod (buf, NULL);
- }
-
-This is an unbounded stack allocation based on the length of the
-argument. Furthermore, if the argument starts with an n-char-sequence
-followed by ')', that n-char-sequence is wrongly treated as
-significant for determining the payload of the resulting NaN, when ISO
-C says the call should be equivalent to strtod ("NAN", NULL), without
-being affected by that initial n-char-sequence. This patch fixes both
-those problems by using the __strtod_nan etc. functions recently
-factored out of strtod etc. for that purpose, with those functions
-being exported from libc at version GLIBC_PRIVATE.
-
-Tested for x86_64, x86, mips64 and powerpc.
-
- [BZ #16961]
- [BZ #16962]
- * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
- string on the stack for strtod.
- * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
- a string on the stack for strtof.
- * math/s_nanl.c (__nanl): Use __strtold_nan instead of
- constructing a string on the stack for strtold.
- * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
- __strtold_nan to GLIBC_PRIVATE.
- * math/test-nan-overflow.c: New file.
- * math/test-nan-payload.c: Likewise.
- * math/Makefile (tests): Add test-nan-overflow and
- test-nan-payload.
-
-Upstream-Status: Backport
-CVE: CVE-2015-9761 patch #2
-[Yocto # 8980]
-
-https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f5e8b01a1da2a207228f2072c934fa5918554b8
-
-Signed-off-by: Armin Kuster <akuster at mvista.com>
-
----
- ChangeLog | 17 +++++++
- NEWS | 6 +++
- math/Makefile | 3 +-
- math/s_nan.c | 9 +---
- math/s_nanf.c | 9 +---
- math/s_nanl.c | 9 +---
- math/test-nan-overflow.c | 66 +++++++++++++++++++++++++
- math/test-nan-payload.c | 122 +++++++++++++++++++++++++++++++++++++++++++++++
- stdlib/Versions | 1 +
- 9 files changed, 217 insertions(+), 25 deletions(-)
- create mode 100644 math/test-nan-overflow.c
- create mode 100644 math/test-nan-payload.c
-
-Index: git/ChangeLog
-===================================================================
---- git.orig/ChangeLog
-+++ git/ChangeLog
-@@ -1,3 +1,20 @@
-+2015-12-04 Joseph Myers <joseph at codesourcery.com>
-+
-+ [BZ #16961]
-+ [BZ #16962]
-+ * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
-+ string on the stack for strtod.
-+ * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
-+ a string on the stack for strtof.
-+ * math/s_nanl.c (__nanl): Use __strtold_nan instead of
-+ constructing a string on the stack for strtold.
-+ * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
-+ __strtold_nan to GLIBC_PRIVATE.
-+ * math/test-nan-overflow.c: New file.
-+ * math/test-nan-payload.c: Likewise.
-+ * math/Makefile (tests): Add test-nan-overflow and
-+ test-nan-payload.
-+
- 2015-11-24 Joseph Myers <joseph at codesourcery.com>
-
- * stdlib/strtod_nan.c: New file.
-Index: git/NEWS
-===================================================================
---- git.orig/NEWS
-+++ git/NEWS
-@@ -99,6 +99,12 @@ Version 2.22
- �
- Version 2.21
-
-+Security related changes:
-+
-+* The nan, nanf and nanl functions no longer have unbounded stack usage
-+ depending on the length of the string passed as an argument to the
-+ functions. Reported by Joseph Myers.
-+
- * The following bugs are resolved with this release:
-
- 6652, 10672, 12674, 12847, 12926, 13862, 14132, 14138, 14171, 14498,
-Index: git/math/Makefile
-===================================================================
---- git.orig/math/Makefile
-+++ git/math/Makefile
-@@ -110,6 +110,7 @@ tests = test-matherr test-fenv atest-exp
- test-tgmath-ret bug-nextafter bug-nexttoward bug-tgmath1 \
- test-tgmath-int test-tgmath2 test-powl tst-CMPLX tst-CMPLX2 test-snan \
- test-fenv-tls test-fenv-preserve test-fenv-return test-fenvinline \
-+ test-nan-overflow test-nan-payload \
- $(tests-static)
- tests-static = test-fpucw-static test-fpucw-ieee-static
- # We do the `long double' tests only if this data type is available and
-Index: git/math/s_nan.c
-===================================================================
---- git.orig/math/s_nan.c
-+++ git/math/s_nan.c
-@@ -28,14 +28,7 @@
- double
- __nan (const char *tagp)
- {
-- if (tagp[0] != '\0')
-- {
-- char buf[6 + strlen (tagp)];
-- sprintf (buf, "NAN(%s)", tagp);
-- return strtod (buf, NULL);
-- }
--
-- return NAN;
-+ return __strtod_nan (tagp, NULL, 0);
- }
- weak_alias (__nan, nan)
- #ifdef NO_LONG_DOUBLE
-Index: git/math/s_nanf.c
-===================================================================
---- git.orig/math/s_nanf.c
-+++ git/math/s_nanf.c
-@@ -28,13 +28,6 @@
- float
- __nanf (const char *tagp)
- {
-- if (tagp[0] != '\0')
-- {
-- char buf[6 + strlen (tagp)];
-- sprintf (buf, "NAN(%s)", tagp);
-- return strtof (buf, NULL);
-- }
--
-- return NAN;
-+ return __strtof_nan (tagp, NULL, 0);
- }
- weak_alias (__nanf, nanf)
-Index: git/math/s_nanl.c
-===================================================================
---- git.orig/math/s_nanl.c
-+++ git/math/s_nanl.c
-@@ -28,13 +28,6 @@
- long double
- __nanl (const char *tagp)
- {
-- if (tagp[0] != '\0')
-- {
-- char buf[6 + strlen (tagp)];
-- sprintf (buf, "NAN(%s)", tagp);
-- return strtold (buf, NULL);
-- }
--
-- return NAN;
-+ return __strtold_nan (tagp, NULL, 0);
- }
- weak_alias (__nanl, nanl)
-Index: git/math/test-nan-overflow.c
-===================================================================
---- /dev/null
-+++ git/math/test-nan-overflow.c
-@@ -0,0 +1,66 @@
-+/* Test nan functions stack overflow (bug 16962).
-+ Copyright (C) 2015 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
-+#include <math.h>
-+#include <stdio.h>
-+#include <string.h>
-+#include <sys/resource.h>
-+
-+#define STACK_LIM 1048576
-+#define STRING_SIZE (2 * STACK_LIM)
-+
-+static int
-+do_test (void)
-+{
-+ int result = 0;
-+ struct rlimit lim;
-+ getrlimit (RLIMIT_STACK, &lim);
-+ lim.rlim_cur = STACK_LIM;
-+ setrlimit (RLIMIT_STACK, &lim);
-+ char *nanstr = malloc (STRING_SIZE);
-+ if (nanstr == NULL)
-+ {
-+ puts ("malloc failed, cannot test");
-+ return 77;
-+ }
-+ memset (nanstr, '0', STRING_SIZE - 1);
-+ nanstr[STRING_SIZE - 1] = 0;
-+#define NAN_TEST(TYPE, FUNC) \
-+ do \
-+ { \
-+ char *volatile p = nanstr; \
-+ volatile TYPE v = FUNC (p); \
-+ if (isnan (v)) \
-+ puts ("PASS: " #FUNC); \
-+ else \
-+ { \
-+ puts ("FAIL: " #FUNC); \
-+ result = 1; \
-+ } \
-+ } \
-+ while (0)
-+ NAN_TEST (float, nanf);
-+ NAN_TEST (double, nan);
-+#ifndef NO_LONG_DOUBLE
-+ NAN_TEST (long double, nanl);
-+#endif
-+ return result;
-+}
-+
-+#define TEST_FUNCTION do_test ()
-+#include "../test-skeleton.c"
-Index: git/math/test-nan-payload.c
-===================================================================
---- /dev/null
-+++ git/math/test-nan-payload.c
-@@ -0,0 +1,122 @@
-+/* Test nan functions payload handling (bug 16961).
-+ Copyright (C) 2015 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
-+#include <float.h>
-+#include <math.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+
-+/* Avoid built-in functions. */
-+#define WRAP_NAN(FUNC, STR) \
-+ ({ const char *volatile wns = (STR); FUNC (wns); })
-+#define WRAP_STRTO(FUNC, STR) \
-+ ({ const char *volatile wss = (STR); FUNC (wss, NULL); })
-+
-+#define CHECK_IS_NAN(TYPE, A) \
-+ do \
-+ { \
-+ if (isnan (A)) \
-+ puts ("PASS: " #TYPE " " #A); \
-+ else \
-+ { \
-+ puts ("FAIL: " #TYPE " " #A); \
-+ result = 1; \
-+ } \
-+ } \
-+ while (0)
-+
-+#define CHECK_SAME_NAN(TYPE, A, B) \
-+ do \
-+ { \
-+ if (memcmp (&(A), &(B), sizeof (A)) == 0) \
-+ puts ("PASS: " #TYPE " " #A " = " #B); \
-+ else \
-+ { \
-+ puts ("FAIL: " #TYPE " " #A " = " #B); \
-+ result = 1; \
-+ } \
-+ } \
-+ while (0)
-+
-+#define CHECK_DIFF_NAN(TYPE, A, B) \
-+ do \
-+ { \
-+ if (memcmp (&(A), &(B), sizeof (A)) != 0) \
-+ puts ("PASS: " #TYPE " " #A " != " #B); \
-+ else \
-+ { \
-+ puts ("FAIL: " #TYPE " " #A " != " #B); \
-+ result = 1; \
-+ } \
-+ } \
-+ while (0)
-+
-+/* Cannot test payloads by memcmp for formats where NaNs have padding
-+ bits. */
-+#define CAN_TEST_EQ(MANT_DIG) ((MANT_DIG) != 64 && (MANT_DIG) != 106)
-+
-+#define RUN_TESTS(TYPE, SFUNC, FUNC, MANT_DIG) \
-+ do \
-+ { \
-+ TYPE n123 = WRAP_NAN (FUNC, "123"); \
-+ CHECK_IS_NAN (TYPE, n123); \
-+ TYPE s123 = WRAP_STRTO (SFUNC, "NAN(123)"); \
-+ CHECK_IS_NAN (TYPE, s123); \
-+ TYPE n456 = WRAP_NAN (FUNC, "456"); \
-+ CHECK_IS_NAN (TYPE, n456); \
-+ TYPE s456 = WRAP_STRTO (SFUNC, "NAN(456)"); \
-+ CHECK_IS_NAN (TYPE, s456); \
-+ TYPE n123x = WRAP_NAN (FUNC, "123)"); \
-+ CHECK_IS_NAN (TYPE, n123x); \
-+ TYPE nemp = WRAP_NAN (FUNC, ""); \
-+ CHECK_IS_NAN (TYPE, nemp); \
-+ TYPE semp = WRAP_STRTO (SFUNC, "NAN()"); \
-+ CHECK_IS_NAN (TYPE, semp); \
-+ TYPE sx = WRAP_STRTO (SFUNC, "NAN"); \
-+ CHECK_IS_NAN (TYPE, sx); \
-+ if (CAN_TEST_EQ (MANT_DIG)) \
-+ CHECK_SAME_NAN (TYPE, n123, s123); \
-+ if (CAN_TEST_EQ (MANT_DIG)) \
-+ CHECK_SAME_NAN (TYPE, n456, s456); \
-+ if (CAN_TEST_EQ (MANT_DIG)) \
-+ CHECK_SAME_NAN (TYPE, nemp, semp); \
-+ if (CAN_TEST_EQ (MANT_DIG)) \
-+ CHECK_SAME_NAN (TYPE, n123x, sx); \
-+ CHECK_DIFF_NAN (TYPE, n123, n456); \
-+ CHECK_DIFF_NAN (TYPE, n123, nemp); \
-+ CHECK_DIFF_NAN (TYPE, n123, n123x); \
-+ CHECK_DIFF_NAN (TYPE, n456, nemp); \
-+ CHECK_DIFF_NAN (TYPE, n456, n123x); \
-+ } \
-+ while (0)
-+
-+static int
-+do_test (void)
-+{
-+ int result = 0;
-+ RUN_TESTS (float, strtof, nanf, FLT_MANT_DIG);
-+ RUN_TESTS (double, strtod, nan, DBL_MANT_DIG);
-+#ifndef NO_LONG_DOUBLE
-+ RUN_TESTS (long double, strtold, nanl, LDBL_MANT_DIG);
-+#endif
-+ return result;
-+}
-+
-+#define TEST_FUNCTION do_test ()
-+#include "../test-skeleton.c"
-Index: git/stdlib/Versions
-===================================================================
---- git.orig/stdlib/Versions
-+++ git/stdlib/Versions
-@@ -118,5 +118,6 @@ libc {
- # Used from other libraries
- __libc_secure_getenv;
- __call_tls_dtors;
-+ __strtof_nan; __strtod_nan; __strtold_nan;
- }
- }
--
2.8.0
More information about the Openembedded-core
mailing list