summaryrefslogtreecommitdiff
path: root/toolchain/musl/patches/040-fix-integer-overflows-and-uncaught-eoverflow-in-printf-core.patch
diff options
context:
space:
mode:
authorChristian Lamparter <chunkeey@googlemail.com>2017-01-03 17:51:04 +0100
committerFelix Fietkau <nbd@nbd.name>2017-01-16 20:40:00 +0100
commita8a5cb9595cd64a48c1cea6a1478c11e022474a9 (patch)
treeea0417332a8bbea1bc2b1d2e810044558c54da51 /toolchain/musl/patches/040-fix-integer-overflows-and-uncaught-eoverflow-in-printf-core.patch
parentda5d060ac9171029cfde61ee45aa417696e45da0 (diff)
downloadmtk-20170518-a8a5cb9595cd64a48c1cea6a1478c11e022474a9.zip
mtk-20170518-a8a5cb9595cd64a48c1cea6a1478c11e022474a9.tar.gz
mtk-20170518-a8a5cb9595cd64a48c1cea6a1478c11e022474a9.tar.bz2
musl: update musl to 1.1.16+ and switch to download from git
This patch updates musl to 1.1.16+ [0] and removes all the backported patches. This is a major release and tagged as such. For more information visit musl-libc.org or read the WHATSNEW. Furthermore, this patch also changes musl to download directly from git. This makes it easier to update musl in the future. The patch custom Add-format-attribute-to-some-function-declarations.patch was assigned a new 400- number. This should avoid confusion since 0xx numbers are usually assigned to backports. [0] <http://git.musl-libc.org/cgit/musl/commit/?id=769f53598e781ffc89191520f3f8a93cb58db91f> Cc: Hannu Nyman <hannu.nyman@iki.fi> Cc: Koen Vandeputte <koen.vandeputte@ncentric.com> Cc: Jo-Philipp Wich <jo@mein.io> Cc: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Diffstat (limited to 'toolchain/musl/patches/040-fix-integer-overflows-and-uncaught-eoverflow-in-printf-core.patch')
-rw-r--r--toolchain/musl/patches/040-fix-integer-overflows-and-uncaught-eoverflow-in-printf-core.patch390
1 files changed, 0 insertions, 390 deletions
diff --git a/toolchain/musl/patches/040-fix-integer-overflows-and-uncaught-eoverflow-in-printf-core.patch b/toolchain/musl/patches/040-fix-integer-overflows-and-uncaught-eoverflow-in-printf-core.patch
deleted file mode 100644
index 837fee9..0000000
--- a/toolchain/musl/patches/040-fix-integer-overflows-and-uncaught-eoverflow-in-printf-core.patch
+++ /dev/null
@@ -1,390 +0,0 @@
-From 167dfe9672c116b315e72e57a55c7769f180dffa Mon Sep 17 00:00:00 2001
-From: Rich Felker <dalias@aerifal.cx>
-Date: Thu, 20 Oct 2016 00:22:09 -0400
-Subject: fix integer overflows and uncaught EOVERFLOW in printf core
-
-this patch fixes a large number of missed internal signed-overflow
-checks and errors in determining when the return value (output length)
-would exceed INT_MAX, which should result in EOVERFLOW. some of the
-issues fixed were reported by Alexander Cherepanov; others were found
-in subsequent review of the code.
-
-aside from the signed overflows being undefined behavior, the
-following specific bugs were found to exist in practice:
-
-- overflows computing length of floating point formats with huge
- explicit precisions, integer formats with prefix characters and huge
- explicit precisions, or string arguments or format strings longer
- than INT_MAX, resulted in wrong return value and wrong %n results.
-
-- literal width and precision values outside the range of int were
- misinterpreted, yielding wrong behavior in at least one well-defined
- case: string formats with precision greater than INT_MAX were
- sometimes truncated.
-
-- in cases where EOVERFLOW is produced, incorrect values could be
- written for %n specifiers past the point of exceeding INT_MAX.
-
-in addition to fixing these bugs, we now stop producing output
-immediately when output length would exceed INT_MAX, rather than
-continuing and returning an error only at the end.
----
- src/stdio/vfprintf.c | 72 +++++++++++++++++++++++++++++++++++----------------
- src/stdio/vfwprintf.c | 63 +++++++++++++++++++++++++++-----------------
- 2 files changed, 89 insertions(+), 46 deletions(-)
-
-diff --git a/src/stdio/vfprintf.c b/src/stdio/vfprintf.c
-index cd17ad7..e2ab2dc 100644
---- a/src/stdio/vfprintf.c
-+++ b/src/stdio/vfprintf.c
-@@ -272,6 +272,8 @@ static int fmt_fp(FILE *f, long double y, int w, int p, int fl, int t)
- if (s-buf==1 && (y||p>0||(fl&ALT_FORM))) *s++='.';
- } while (y);
-
-+ if (p > INT_MAX-2-(ebuf-estr)-pl)
-+ return -1;
- if (p && s-buf-2 < p)
- l = (p+2) + (ebuf-estr);
- else
-@@ -383,17 +385,22 @@ static int fmt_fp(FILE *f, long double y, int w, int p, int fl, int t)
- p = MIN(p,MAX(0,9*(z-r-1)+e-j));
- }
- }
-+ if (p > INT_MAX-1-(p || (fl&ALT_FORM)))
-+ return -1;
- l = 1 + p + (p || (fl&ALT_FORM));
- if ((t|32)=='f') {
-+ if (e > INT_MAX-l) return -1;
- if (e>0) l+=e;
- } else {
- estr=fmt_u(e<0 ? -e : e, ebuf);
- while(ebuf-estr<2) *--estr='0';
- *--estr = (e<0 ? '-' : '+');
- *--estr = t;
-+ if (ebuf-estr > INT_MAX-l) return -1;
- l += ebuf-estr;
- }
-
-+ if (l > INT_MAX-pl) return -1;
- pad(f, ' ', w, pl+l, fl);
- out(f, prefix, pl);
- pad(f, '0', w, pl+l, fl^ZERO_PAD);
-@@ -437,8 +444,10 @@ static int fmt_fp(FILE *f, long double y, int w, int p, int fl, int t)
-
- static int getint(char **s) {
- int i;
-- for (i=0; isdigit(**s); (*s)++)
-- i = 10*i + (**s-'0');
-+ for (i=0; isdigit(**s); (*s)++) {
-+ if (i > INT_MAX/10U || **s-'0' > INT_MAX-10*i) i = -1;
-+ else i = 10*i + (**s-'0');
-+ }
- return i;
- }
-
-@@ -446,12 +455,12 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg,
- {
- char *a, *z, *s=(char *)fmt;
- unsigned l10n=0, fl;
-- int w, p;
-+ int w, p, xp;
- union arg arg;
- int argpos;
- unsigned st, ps;
- int cnt=0, l=0;
-- int i;
-+ size_t i;
- char buf[sizeof(uintmax_t)*3+3+LDBL_MANT_DIG/4];
- const char *prefix;
- int t, pl;
-@@ -459,18 +468,19 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg,
- char mb[4];
-
- for (;;) {
-+ /* This error is only specified for snprintf, but since it's
-+ * unspecified for other forms, do the same. Stop immediately
-+ * on overflow; otherwise %n could produce wrong results. */
-+ if (l > INT_MAX - cnt) goto overflow;
-+
- /* Update output count, end loop when fmt is exhausted */
-- if (cnt >= 0) {
-- if (l > INT_MAX - cnt) {
-- errno = EOVERFLOW;
-- cnt = -1;
-- } else cnt += l;
-- }
-+ cnt += l;
- if (!*s) break;
-
- /* Handle literal text and %% format specifiers */
- for (a=s; *s && *s!='%'; s++);
- for (z=s; s[0]=='%' && s[1]=='%'; z++, s+=2);
-+ if (z-a > INT_MAX-cnt) goto overflow;
- l = z-a;
- if (f) out(f, a, l);
- if (l) continue;
-@@ -498,9 +508,9 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg,
- } else if (!l10n) {
- w = f ? va_arg(*ap, int) : 0;
- s++;
-- } else return -1;
-+ } else goto inval;
- if (w<0) fl|=LEFT_ADJ, w=-w;
-- } else if ((w=getint(&s))<0) return -1;
-+ } else if ((w=getint(&s))<0) goto overflow;
-
- /* Read precision */
- if (*s=='.' && s[1]=='*') {
-@@ -511,24 +521,29 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg,
- } else if (!l10n) {
- p = f ? va_arg(*ap, int) : 0;
- s+=2;
-- } else return -1;
-+ } else goto inval;
-+ xp = (p>=0);
- } else if (*s=='.') {
- s++;
- p = getint(&s);
-- } else p = -1;
-+ xp = 1;
-+ } else {
-+ p = -1;
-+ xp = 0;
-+ }
-
- /* Format specifier state machine */
- st=0;
- do {
-- if (OOB(*s)) return -1;
-+ if (OOB(*s)) goto inval;
- ps=st;
- st=states[st]S(*s++);
- } while (st-1<STOP);
-- if (!st) return -1;
-+ if (!st) goto inval;
-
- /* Check validity of argument type (nl/normal) */
- if (st==NOARG) {
-- if (argpos>=0) return -1;
-+ if (argpos>=0) goto inval;
- } else {
- if (argpos>=0) nl_type[argpos]=st, arg=nl_arg[argpos];
- else if (f) pop_arg(&arg, st, ap);
-@@ -584,6 +599,7 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg,
- case 'u':
- a = fmt_u(arg.i, z);
- }
-+ if (xp && p<0) goto overflow;
- if (p>=0) fl &= ~ZERO_PAD;
- if (!arg.i && !p) {
- a=z;
-@@ -599,9 +615,9 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg,
- if (1) a = strerror(errno); else
- case 's':
- a = arg.p ? arg.p : "(null)";
-- z = memchr(a, 0, p);
-- if (!z) z=a+p;
-- else p=z-a;
-+ z = a + strnlen(a, p<0 ? INT_MAX : p);
-+ if (p<0 && *z) goto overflow;
-+ p = z-a;
- fl &= ~ZERO_PAD;
- break;
- case 'C':
-@@ -611,8 +627,9 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg,
- p = -1;
- case 'S':
- ws = arg.p;
-- for (i=l=0; i<0U+p && *ws && (l=wctomb(mb, *ws++))>=0 && l<=0U+p-i; i+=l);
-+ for (i=l=0; i<p && *ws && (l=wctomb(mb, *ws++))>=0 && l<=p-i; i+=l);
- if (l<0) return -1;
-+ if (i > INT_MAX) goto overflow;
- p = i;
- pad(f, ' ', w, p, fl);
- ws = arg.p;
-@@ -623,12 +640,16 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg,
- continue;
- case 'e': case 'f': case 'g': case 'a':
- case 'E': case 'F': case 'G': case 'A':
-+ if (xp && p<0) goto overflow;
- l = fmt_fp(f, arg.f, w, p, fl, t);
-+ if (l<0) goto overflow;
- continue;
- }
-
- if (p < z-a) p = z-a;
-+ if (p > INT_MAX-pl) goto overflow;
- if (w < pl+p) w = pl+p;
-+ if (w > INT_MAX-cnt) goto overflow;
-
- pad(f, ' ', w, pl+p, fl);
- out(f, prefix, pl);
-@@ -646,8 +667,15 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg,
- for (i=1; i<=NL_ARGMAX && nl_type[i]; i++)
- pop_arg(nl_arg+i, nl_type[i], ap);
- for (; i<=NL_ARGMAX && !nl_type[i]; i++);
-- if (i<=NL_ARGMAX) return -1;
-+ if (i<=NL_ARGMAX) goto inval;
- return 1;
-+
-+inval:
-+ errno = EINVAL;
-+ return -1;
-+overflow:
-+ errno = EOVERFLOW;
-+ return -1;
- }
-
- int vfprintf(FILE *restrict f, const char *restrict fmt, va_list ap)
-diff --git a/src/stdio/vfwprintf.c b/src/stdio/vfwprintf.c
-index f9f1ecf..b8fff20 100644
---- a/src/stdio/vfwprintf.c
-+++ b/src/stdio/vfwprintf.c
-@@ -154,8 +154,10 @@ static void out(FILE *f, const wchar_t *s, size_t l)
-
- static int getint(wchar_t **s) {
- int i;
-- for (i=0; iswdigit(**s); (*s)++)
-- i = 10*i + (**s-'0');
-+ for (i=0; iswdigit(**s); (*s)++) {
-+ if (i > INT_MAX/10U || **s-'0' > INT_MAX-10*i) i = -1;
-+ else i = 10*i + (**s-'0');
-+ }
- return i;
- }
-
-@@ -168,8 +170,8 @@ static const char sizeprefix['y'-'a'] = {
- static int wprintf_core(FILE *f, const wchar_t *fmt, va_list *ap, union arg *nl_arg, int *nl_type)
- {
- wchar_t *a, *z, *s=(wchar_t *)fmt;
-- unsigned l10n=0, litpct, fl;
-- int w, p;
-+ unsigned l10n=0, fl;
-+ int w, p, xp;
- union arg arg;
- int argpos;
- unsigned st, ps;
-@@ -181,20 +183,19 @@ static int wprintf_core(FILE *f, const wchar_t *fmt, va_list *ap, union arg *nl_
- wchar_t wc;
-
- for (;;) {
-+ /* This error is only specified for snprintf, but since it's
-+ * unspecified for other forms, do the same. Stop immediately
-+ * on overflow; otherwise %n could produce wrong results. */
-+ if (l > INT_MAX - cnt) goto overflow;
-+
- /* Update output count, end loop when fmt is exhausted */
-- if (cnt >= 0) {
-- if (l > INT_MAX - cnt) {
-- if (!ferror(f)) errno = EOVERFLOW;
-- cnt = -1;
-- } else cnt += l;
-- }
-+ cnt += l;
- if (!*s) break;
-
- /* Handle literal text and %% format specifiers */
- for (a=s; *s && *s!='%'; s++);
-- litpct = wcsspn(s, L"%")/2; /* Optimize %%%% runs */
-- z = s+litpct;
-- s += 2*litpct;
-+ for (z=s; s[0]=='%' && s[1]=='%'; z++, s+=2);
-+ if (z-a > INT_MAX-cnt) goto overflow;
- l = z-a;
- if (f) out(f, a, l);
- if (l) continue;
-@@ -222,9 +223,9 @@ static int wprintf_core(FILE *f, const wchar_t *fmt, va_list *ap, union arg *nl_
- } else if (!l10n) {
- w = f ? va_arg(*ap, int) : 0;
- s++;
-- } else return -1;
-+ } else goto inval;
- if (w<0) fl|=LEFT_ADJ, w=-w;
-- } else if ((w=getint(&s))<0) return -1;
-+ } else if ((w=getint(&s))<0) goto overflow;
-
- /* Read precision */
- if (*s=='.' && s[1]=='*') {
-@@ -235,24 +236,29 @@ static int wprintf_core(FILE *f, const wchar_t *fmt, va_list *ap, union arg *nl_
- } else if (!l10n) {
- p = f ? va_arg(*ap, int) : 0;
- s+=2;
-- } else return -1;
-+ } else goto inval;
-+ xp = (p>=0);
- } else if (*s=='.') {
- s++;
- p = getint(&s);
-- } else p = -1;
-+ xp = 1;
-+ } else {
-+ p = -1;
-+ xp = 0;
-+ }
-
- /* Format specifier state machine */
- st=0;
- do {
-- if (OOB(*s)) return -1;
-+ if (OOB(*s)) goto inval;
- ps=st;
- st=states[st]S(*s++);
- } while (st-1<STOP);
-- if (!st) return -1;
-+ if (!st) goto inval;
-
- /* Check validity of argument type (nl/normal) */
- if (st==NOARG) {
-- if (argpos>=0) return -1;
-+ if (argpos>=0) goto inval;
- } else {
- if (argpos>=0) nl_type[argpos]=st, arg=nl_arg[argpos];
- else if (f) pop_arg(&arg, st, ap);
-@@ -285,8 +291,9 @@ static int wprintf_core(FILE *f, const wchar_t *fmt, va_list *ap, union arg *nl_
- continue;
- case 'S':
- a = arg.p;
-- z = wmemchr(a, 0, p);
-- if (z) p=z-a;
-+ z = a + wcsnlen(a, p<0 ? INT_MAX : p);
-+ if (p<0 && *z) goto overflow;
-+ p = z-a;
- if (w<p) w=p;
- if (!(fl&LEFT_ADJ)) fprintf(f, "%*s", w-p, "");
- out(f, a, p);
-@@ -298,9 +305,9 @@ static int wprintf_core(FILE *f, const wchar_t *fmt, va_list *ap, union arg *nl_
- case 's':
- if (!arg.p) arg.p = "(null)";
- bs = arg.p;
-- if (p<0) p = INT_MAX;
-- for (i=l=0; l<p && (i=mbtowc(&wc, bs, MB_LEN_MAX))>0; bs+=i, l++);
-+ for (i=l=0; l<(p<0?INT_MAX:p) && (i=mbtowc(&wc, bs, MB_LEN_MAX))>0; bs+=i, l++);
- if (i<0) return -1;
-+ if (p<0 && *bs) goto overflow;
- p=l;
- if (w<p) w=p;
- if (!(fl&LEFT_ADJ)) fprintf(f, "%*s", w-p, "");
-@@ -315,6 +322,7 @@ static int wprintf_core(FILE *f, const wchar_t *fmt, va_list *ap, union arg *nl_
- continue;
- }
-
-+ if (xp && p<0) goto overflow;
- snprintf(charfmt, sizeof charfmt, "%%%s%s%s%s%s*.*%c%c",
- "#"+!(fl & ALT_FORM),
- "+"+!(fl & MARK_POS),
-@@ -341,6 +349,13 @@ static int wprintf_core(FILE *f, const wchar_t *fmt, va_list *ap, union arg *nl_
- for (; i<=NL_ARGMAX && !nl_type[i]; i++);
- if (i<=NL_ARGMAX) return -1;
- return 1;
-+
-+inval:
-+ errno = EINVAL;
-+ return -1;
-+overflow:
-+ errno = EOVERFLOW;
-+ return -1;
- }
-
- int vfwprintf(FILE *restrict f, const wchar_t *restrict fmt, va_list ap)
---
-cgit v0.11.2
generated by cgit v1.1 at 2025-04-08 13:28:42 +0000