Hello community, here is the log from the commit of package glibc for openSUSE:Leap:15.2 checked in at 2020-02-16 18:25:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/glibc (Old) and /work/SRC/openSUSE:Leap:15.2/.glibc.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "glibc" Sun Feb 16 18:25:20 2020 rev:70 rq:767702 version:2.26 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/glibc/glibc.changes 2020-01-19 15:47:40.777709501 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.glibc.new.26092/glibc.changes 2020-02-16 18:25:25.206627021 +0100 @@ -1,0 +2,6 @@ +Tue Jan 21 15:19:26 UTC 2020 - Andreas Schwab <[email protected]> + +- backtrace-powerpc.patch: Fix array overflow in backtrace on PowerPC + (bsc#1158996, BZ #25423) + +------------------------------------------------------------------- New: ---- backtrace-powerpc.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ glibc.spec ++++++ --- /var/tmp/diff_new_pack.YRo9LD/_old 2020-02-16 18:25:27.750628311 +0100 +++ /var/tmp/diff_new_pack.YRo9LD/_new 2020-02-16 18:25:27.754628314 +0100 @@ -417,6 +417,8 @@ # PATCH-FIX-UPSTREAM Use posix_spawn on popen (BZ #22834) Patch1073: posix-Add-internal-symbols-for-posix_spawn-interface.patch Patch1074: glibc-2.29-posix-Use-posix_spawn-on-popen.patch +# PATCH-FIX-UPSTREAM Fix array overflow in backtrace on PowerPC (BZ #25423) +Patch1075: backtrace-powerpc.patch ### # Patches awaiting upstream approval @@ -726,6 +728,7 @@ %patch1072 -p1 %patch1073 -p1 %patch1074 -p1 +%patch1075 -p1 %patch2000 -p1 %patch2001 -p1 ++++++ backtrace-powerpc.patch ++++++ >From d93769405996dfc11d216ddbe415946617b5a494 Mon Sep 17 00:00:00 2001 From: Andreas Schwab <[email protected]> Date: Mon, 20 Jan 2020 17:01:50 +0100 Subject: [PATCH] Fix array overflow in backtrace on PowerPC (bug 25423) When unwinding through a signal frame the backtrace function on PowerPC didn't check array bounds when storing the frame address. Fixes commit d400dcac5e ("PowerPC: fix backtrace to handle signal trampolines"). --- debug/tst-backtrace5.c | 12 ++++++++++++ sysdeps/powerpc/powerpc32/backtrace.c | 2 ++ sysdeps/powerpc/powerpc64/backtrace.c | 2 ++ 3 files changed, 16 insertions(+) Index: glibc-2.26/debug/tst-backtrace5.c =================================================================== --- glibc-2.26.orig/debug/tst-backtrace5.c +++ glibc-2.26/debug/tst-backtrace5.c @@ -88,6 +88,18 @@ handle_signal (int signum) } /* Symbol names are not available for static functions, so we do not check do_test. */ + + /* Check that backtrace does not return more than what fits in the array + (bug 25423). */ + for (int j = 0; j < NUM_FUNCTIONS; j++) + { + n = backtrace (addresses, j); + if (n > j) + { + FAIL (); + return; + } + } } NO_INLINE int Index: glibc-2.26/sysdeps/powerpc/powerpc32/backtrace.c =================================================================== --- glibc-2.26.orig/sysdeps/powerpc/powerpc32/backtrace.c +++ glibc-2.26/sysdeps/powerpc/powerpc32/backtrace.c @@ -114,6 +114,8 @@ __backtrace (void **array, int size) } if (gregset) { + if (count + 1 == size) + break; array[++count] = (void*)((*gregset)[PT_NIP]); current = (void*)((*gregset)[PT_R1]); } Index: glibc-2.26/sysdeps/powerpc/powerpc64/backtrace.c =================================================================== --- glibc-2.26.orig/sysdeps/powerpc/powerpc64/backtrace.c +++ glibc-2.26/sysdeps/powerpc/powerpc64/backtrace.c @@ -87,6 +87,8 @@ __backtrace (void **array, int size) if (is_sigtramp_address (current->return_address)) { struct signal_frame_64 *sigframe = (struct signal_frame_64*) current; + if (count + 1 == size) + break; array[++count] = (void*) sigframe->uc.uc_mcontext.gp_regs[PT_NIP]; current = (void*) sigframe->uc.uc_mcontext.gp_regs[PT_R1]; }
