diff options
| author | Koen Vandeputte <koen.vandeputte@ncentric.com> | 2016-12-22 17:17:04 +0100 |
|---|---|---|
| committer | Felix Fietkau <nbd@nbd.name> | 2016-12-26 11:17:33 +0100 |
| commit | 2912f9f2a2e5997df069d38e20d85ff4cc51acef (patch) | |
| tree | 783e8cd472936ac1ca9378f16fb3189a486e7a48 /toolchain/musl/patches/039-fix-integer-overflow-in-float-printf-needed-precision-computation.patch | |
| parent | b97c933ffb5aae338351a1db12a3f7cf5234f5c7 (diff) | |
| download | mtk-20170518-2912f9f2a2e5997df069d38e20d85ff4cc51acef.zip mtk-20170518-2912f9f2a2e5997df069d38e20d85ff4cc51acef.tar.gz mtk-20170518-2912f9f2a2e5997df069d38e20d85ff4cc51acef.tar.bz2 | |
musl: backport various post-1.1.15 fixes
Backport most important fixes up to latest HEAD
- Taken post-commit reverts/fixes into account
Compile tested
Run-tested on cns3xxx & imx6 targets
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Diffstat (limited to 'toolchain/musl/patches/039-fix-integer-overflow-in-float-printf-needed-precision-computation.patch')
| -rw-r--r-- | toolchain/musl/patches/039-fix-integer-overflow-in-float-printf-needed-precision-computation.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/toolchain/musl/patches/039-fix-integer-overflow-in-float-printf-needed-precision-computation.patch b/toolchain/musl/patches/039-fix-integer-overflow-in-float-printf-needed-precision-computation.patch new file mode 100644 index 0000000..cfbd94f --- /dev/null +++ b/toolchain/musl/patches/039-fix-integer-overflow-in-float-printf-needed-precision-computation.patch @@ -0,0 +1,35 @@ +From 70d2687d85c314963cf280759b23fd4573ff0d82 Mon Sep 17 00:00:00 2001 +From: Rich Felker <dalias@aerifal.cx> +Date: Wed, 19 Oct 2016 20:17:16 -0400 +Subject: fix integer overflow in float printf needed-precision computation + +if the requested precision is close to INT_MAX, adding +LDBL_MANT_DIG/3+8 overflows. in practice the resulting undefined +behavior manifests as a large negative result, which is then used to +compute the new end pointer (z) with a wildly out-of-bounds value +(more overflow, more undefined behavior). the end result is at least +incorrect output and character count (return value); worse things do +not seem to happen, but detailed analysis has not been done. + +this patch fixes the overflow by performing the intermediate +computation as unsigned; after division by 9, the final result +necessarily fits in int. +--- + src/stdio/vfprintf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/stdio/vfprintf.c b/src/stdio/vfprintf.c +index e439a07..cd17ad7 100644 +--- a/src/stdio/vfprintf.c ++++ b/src/stdio/vfprintf.c +@@ -312,7 +312,7 @@ static int fmt_fp(FILE *f, long double y, int w, int p, int fl, int t) + } + while (e2<0) { + uint32_t carry=0, *b; +- int sh=MIN(9,-e2), need=1+(p+LDBL_MANT_DIG/3+8)/9; ++ int sh=MIN(9,-e2), need=1+(p+LDBL_MANT_DIG/3U+8)/9; + for (d=a; d<z; d++) { + uint32_t rm = *d & (1<<sh)-1; + *d = (*d>>sh) + carry; +-- +cgit v0.11.2 |