Re: CVS commit: src/lib/libpthread
Hello, I will have a look at them. On 12.02.2020 14:02, Ryo ONODERA wrote: > Hi, > > Kamil Rytarowski writes: > >> Please apple workaround (same like in NSPR) for now if fixing is difficult. >> >> Such bugs can have security implications. > > Adding workarounds will not improve security problems. > And I feel that such workarounds will not be accepted by upstream. > I will add workarounds to some packages. > However I feel that it is not meaningful... > >> On 12.02.2020 09:49, Ryo ONODERA wrote: >>> Hi, >>> >>> I have two problematic pkgsrc packages at least. >>> Of course these programs have misuses and/or bugs, however I feel that >>> dealing pt_magic in pthread_equal() is too hasty for pkgsrc. >>> >>> multimedia/handbrake (internal libbluray): >>> The invalid thread pointer is not NULL. >>> pthread_equal t1: 0x >>> pthread_equal t2: 0x7073b25e2000 >>> >>> Another one is lang/mono6: >>> The invalid thread pointer is not 0x. >>> pthread_equal t1: 0x7b066d4d7800 >>> pthread_equal t2: 0x60f5f000 >>> >>> Of course, it is desirable to fix every misuses and bugs in pkgsrc. >>> However it is impossible for now (at least for me). >>> >>> "Kamil Rytarowski" writes: >>> Module Name: src Committed By: kamil Date: Sat Feb 8 17:06:03 UTC 2020 Modified Files: src/lib/libpthread: pthread.c Log Message: Change the behavior of pthread_equal() On error when not aborting, do not return EINVAL as it has a side effect of being interpreted as matching threads. For invalid threads return unmatched. Check pthreads for NULL, before accessing pt_magic field. This avoids faults on comparision with a NULL pointer. This behavior is in the scope of UB, but should be easier to deal with buggy software. To generate a diff of this commit: cvs rdiff -u -r1.163 -r1.164 src/lib/libpthread/pthread.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/lib/libpthread/pthread.c diff -u src/lib/libpthread/pthread.c:1.163 src/lib/libpthread/pthread.c:1.164 --- src/lib/libpthread/pthread.c:1.163 Wed Feb 5 14:56:04 2020 +++ src/lib/libpthread/pthread.c Sat Feb 8 17:06:03 2020 @@ -1,4 +1,4 @@ -/*$NetBSD: pthread.c,v 1.163 2020/02/05 14:56:04 ryoon Exp $ */ +/*$NetBSD: pthread.c,v 1.164 2020/02/08 17:06:03 kamil Exp $ */ /*- * Copyright (c) 2001, 2002, 2003, 2006, 2007, 2008, 2020 @@ -31,7 +31,7 @@ */ #include -__RCSID("$NetBSD: pthread.c,v 1.163 2020/02/05 14:56:04 ryoon Exp $"); +__RCSID("$NetBSD: pthread.c,v 1.164 2020/02/08 17:06:03 kamil Exp $"); #define __EXPOSE_STACK 1 @@ -770,11 +770,11 @@ pthread_equal(pthread_t t1, pthread_t t2 if (__predict_false(__uselibcstub)) return __libc_thr_equal_stub(t1, t2); - pthread__error(EINVAL, "Invalid thread", - t1->pt_magic == PT_MAGIC); + pthread__error(0, "Invalid thread", + (t1 != NULL) && (t1->pt_magic == PT_MAGIC)); - pthread__error(EINVAL, "Invalid thread", - t2->pt_magic == PT_MAGIC); + pthread__error(0, "Invalid thread", + (t2 != NULL) && (t2->pt_magic == PT_MAGIC)); /* Nothing special here. */ return (t1 == t2); >>> >> >> > signature.asc Description: OpenPGP digital signature
Re: CVS commit: src/lib/libpthread
Hi, Kamil Rytarowski writes: > Please apple workaround (same like in NSPR) for now if fixing is difficult. > > Such bugs can have security implications. Adding workarounds will not improve security problems. And I feel that such workarounds will not be accepted by upstream. I will add workarounds to some packages. However I feel that it is not meaningful... > On 12.02.2020 09:49, Ryo ONODERA wrote: >> Hi, >> >> I have two problematic pkgsrc packages at least. >> Of course these programs have misuses and/or bugs, however I feel that >> dealing pt_magic in pthread_equal() is too hasty for pkgsrc. >> >> multimedia/handbrake (internal libbluray): >> The invalid thread pointer is not NULL. >> pthread_equal t1: 0x >> pthread_equal t2: 0x7073b25e2000 >> >> Another one is lang/mono6: >> The invalid thread pointer is not 0x. >> pthread_equal t1: 0x7b066d4d7800 >> pthread_equal t2: 0x60f5f000 >> >> Of course, it is desirable to fix every misuses and bugs in pkgsrc. >> However it is impossible for now (at least for me). >> >> "Kamil Rytarowski" writes: >> >>> Module Name:src >>> Committed By: kamil >>> Date: Sat Feb 8 17:06:03 UTC 2020 >>> >>> Modified Files: >>> src/lib/libpthread: pthread.c >>> >>> Log Message: >>> Change the behavior of pthread_equal() >>> >>> On error when not aborting, do not return EINVAL as it has a side effect >>> of being interpreted as matching threads. For invalid threads return >>> unmatched. >>> >>> Check pthreads for NULL, before accessing pt_magic field. This avoids >>> faults on comparision with a NULL pointer. >>> >>> This behavior is in the scope of UB, but should be easier to deal with >>> buggy software. >>> >>> >>> To generate a diff of this commit: >>> cvs rdiff -u -r1.163 -r1.164 src/lib/libpthread/pthread.c >>> >>> Please note that diffs are not public domain; they are subject to the >>> copyright notices on the relevant files. >>> >>> Modified files: >>> >>> Index: src/lib/libpthread/pthread.c >>> diff -u src/lib/libpthread/pthread.c:1.163 >>> src/lib/libpthread/pthread.c:1.164 >>> --- src/lib/libpthread/pthread.c:1.163 Wed Feb 5 14:56:04 2020 >>> +++ src/lib/libpthread/pthread.cSat Feb 8 17:06:03 2020 >>> @@ -1,4 +1,4 @@ >>> -/* $NetBSD: pthread.c,v 1.163 2020/02/05 14:56:04 ryoon Exp $ */ >>> +/* $NetBSD: pthread.c,v 1.164 2020/02/08 17:06:03 kamil Exp $ */ >>> >>> /*- >>> * Copyright (c) 2001, 2002, 2003, 2006, 2007, 2008, 2020 >>> @@ -31,7 +31,7 @@ >>> */ >>> >>> #include >>> -__RCSID("$NetBSD: pthread.c,v 1.163 2020/02/05 14:56:04 ryoon Exp $"); >>> +__RCSID("$NetBSD: pthread.c,v 1.164 2020/02/08 17:06:03 kamil Exp $"); >>> >>> #define__EXPOSE_STACK 1 >>> >>> @@ -770,11 +770,11 @@ pthread_equal(pthread_t t1, pthread_t t2 >>> if (__predict_false(__uselibcstub)) >>> return __libc_thr_equal_stub(t1, t2); >>> >>> - pthread__error(EINVAL, "Invalid thread", >>> - t1->pt_magic == PT_MAGIC); >>> + pthread__error(0, "Invalid thread", >>> + (t1 != NULL) && (t1->pt_magic == PT_MAGIC)); >>> >>> - pthread__error(EINVAL, "Invalid thread", >>> - t2->pt_magic == PT_MAGIC); >>> + pthread__error(0, "Invalid thread", >>> + (t2 != NULL) && (t2->pt_magic == PT_MAGIC)); >>> >>> /* Nothing special here. */ >>> return (t1 == t2); >>> >> > > -- Ryo ONODERA // r...@tetera.org PGP fingerprint = 82A2 DC91 76E0 A10A 8ABB FD1B F404 27FA C7D1 15F3
Re: CVS commit: src/lib/libpthread
Please apple workaround (same like in NSPR) for now if fixing is difficult. Such bugs can have security implications. On 12.02.2020 09:49, Ryo ONODERA wrote: > Hi, > > I have two problematic pkgsrc packages at least. > Of course these programs have misuses and/or bugs, however I feel that > dealing pt_magic in pthread_equal() is too hasty for pkgsrc. > > multimedia/handbrake (internal libbluray): > The invalid thread pointer is not NULL. > pthread_equal t1: 0x > pthread_equal t2: 0x7073b25e2000 > > Another one is lang/mono6: > The invalid thread pointer is not 0x. > pthread_equal t1: 0x7b066d4d7800 > pthread_equal t2: 0x60f5f000 > > Of course, it is desirable to fix every misuses and bugs in pkgsrc. > However it is impossible for now (at least for me). > > "Kamil Rytarowski" writes: > >> Module Name: src >> Committed By:kamil >> Date:Sat Feb 8 17:06:03 UTC 2020 >> >> Modified Files: >> src/lib/libpthread: pthread.c >> >> Log Message: >> Change the behavior of pthread_equal() >> >> On error when not aborting, do not return EINVAL as it has a side effect >> of being interpreted as matching threads. For invalid threads return >> unmatched. >> >> Check pthreads for NULL, before accessing pt_magic field. This avoids >> faults on comparision with a NULL pointer. >> >> This behavior is in the scope of UB, but should be easier to deal with >> buggy software. >> >> >> To generate a diff of this commit: >> cvs rdiff -u -r1.163 -r1.164 src/lib/libpthread/pthread.c >> >> Please note that diffs are not public domain; they are subject to the >> copyright notices on the relevant files. >> >> Modified files: >> >> Index: src/lib/libpthread/pthread.c >> diff -u src/lib/libpthread/pthread.c:1.163 src/lib/libpthread/pthread.c:1.164 >> --- src/lib/libpthread/pthread.c:1.163 Wed Feb 5 14:56:04 2020 >> +++ src/lib/libpthread/pthread.c Sat Feb 8 17:06:03 2020 >> @@ -1,4 +1,4 @@ >> -/* $NetBSD: pthread.c,v 1.163 2020/02/05 14:56:04 ryoon Exp $ */ >> +/* $NetBSD: pthread.c,v 1.164 2020/02/08 17:06:03 kamil Exp $ */ >> >> /*- >> * Copyright (c) 2001, 2002, 2003, 2006, 2007, 2008, 2020 >> @@ -31,7 +31,7 @@ >> */ >> >> #include >> -__RCSID("$NetBSD: pthread.c,v 1.163 2020/02/05 14:56:04 ryoon Exp $"); >> +__RCSID("$NetBSD: pthread.c,v 1.164 2020/02/08 17:06:03 kamil Exp $"); >> >> #define __EXPOSE_STACK 1 >> >> @@ -770,11 +770,11 @@ pthread_equal(pthread_t t1, pthread_t t2 >> if (__predict_false(__uselibcstub)) >> return __libc_thr_equal_stub(t1, t2); >> >> -pthread__error(EINVAL, "Invalid thread", >> -t1->pt_magic == PT_MAGIC); >> +pthread__error(0, "Invalid thread", >> +(t1 != NULL) && (t1->pt_magic == PT_MAGIC)); >> >> -pthread__error(EINVAL, "Invalid thread", >> -t2->pt_magic == PT_MAGIC); >> +pthread__error(0, "Invalid thread", >> +(t2 != NULL) && (t2->pt_magic == PT_MAGIC)); >> >> /* Nothing special here. */ >> return (t1 == t2); >> > signature.asc Description: OpenPGP digital signature
CVS commit: src/sbin/mount_msdos
Module Name:src Committed By: leot Date: Wed Feb 12 09:43:19 UTC 2020 Modified Files: src/sbin/mount_msdos: mount_msdos.8 Log Message: Fix a thinko Reported by qjsgkem via #netbsd-code, thanks! To generate a diff of this commit: cvs rdiff -u -r1.40 -r1.41 src/sbin/mount_msdos/mount_msdos.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sbin/mount_msdos
Module Name:src Committed By: leot Date: Wed Feb 12 09:43:19 UTC 2020 Modified Files: src/sbin/mount_msdos: mount_msdos.8 Log Message: Fix a thinko Reported by qjsgkem via #netbsd-code, thanks! To generate a diff of this commit: cvs rdiff -u -r1.40 -r1.41 src/sbin/mount_msdos/mount_msdos.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/mount_msdos/mount_msdos.8 diff -u src/sbin/mount_msdos/mount_msdos.8:1.40 src/sbin/mount_msdos/mount_msdos.8:1.41 --- src/sbin/mount_msdos/mount_msdos.8:1.40 Tue Oct 11 16:10:03 2016 +++ src/sbin/mount_msdos/mount_msdos.8 Wed Feb 12 09:43:19 2020 @@ -1,4 +1,4 @@ -.\" $NetBSD: mount_msdos.8,v 1.40 2016/10/11 16:10:03 sevan Exp $ +.\" $NetBSD: mount_msdos.8,v 1.41 2020/02/12 09:43:19 leot Exp $ .\" .\" Copyright (c) 1993, 1994 Christopher G. Demetriou .\" All rights reserved. @@ -32,7 +32,7 @@ .\" .\" <> .\" -.Dd October 11, 2016 +.Dd February 12, 2020 .Dt MOUNT_MSDOS 8 .Os .Sh NAME @@ -203,7 +203,7 @@ in and rewritten entirely by .Nx 1.0 . .Sh AUTHORS -Initial implimintation as +Initial implementation as .Nm mount_pcfs was written by .An -nosplit
Re: CVS commit: src/lib/libpthread
Hi, I have two problematic pkgsrc packages at least. Of course these programs have misuses and/or bugs, however I feel that dealing pt_magic in pthread_equal() is too hasty for pkgsrc. multimedia/handbrake (internal libbluray): The invalid thread pointer is not NULL. pthread_equal t1: 0x pthread_equal t2: 0x7073b25e2000 Another one is lang/mono6: The invalid thread pointer is not 0x. pthread_equal t1: 0x7b066d4d7800 pthread_equal t2: 0x60f5f000 Of course, it is desirable to fix every misuses and bugs in pkgsrc. However it is impossible for now (at least for me). "Kamil Rytarowski" writes: > Module Name: src > Committed By: kamil > Date: Sat Feb 8 17:06:03 UTC 2020 > > Modified Files: > src/lib/libpthread: pthread.c > > Log Message: > Change the behavior of pthread_equal() > > On error when not aborting, do not return EINVAL as it has a side effect > of being interpreted as matching threads. For invalid threads return > unmatched. > > Check pthreads for NULL, before accessing pt_magic field. This avoids > faults on comparision with a NULL pointer. > > This behavior is in the scope of UB, but should be easier to deal with > buggy software. > > > To generate a diff of this commit: > cvs rdiff -u -r1.163 -r1.164 src/lib/libpthread/pthread.c > > Please note that diffs are not public domain; they are subject to the > copyright notices on the relevant files. > > Modified files: > > Index: src/lib/libpthread/pthread.c > diff -u src/lib/libpthread/pthread.c:1.163 src/lib/libpthread/pthread.c:1.164 > --- src/lib/libpthread/pthread.c:1.163Wed Feb 5 14:56:04 2020 > +++ src/lib/libpthread/pthread.c Sat Feb 8 17:06:03 2020 > @@ -1,4 +1,4 @@ > -/* $NetBSD: pthread.c,v 1.163 2020/02/05 14:56:04 ryoon Exp $ */ > +/* $NetBSD: pthread.c,v 1.164 2020/02/08 17:06:03 kamil Exp $ */ > > /*- > * Copyright (c) 2001, 2002, 2003, 2006, 2007, 2008, 2020 > @@ -31,7 +31,7 @@ > */ > > #include > -__RCSID("$NetBSD: pthread.c,v 1.163 2020/02/05 14:56:04 ryoon Exp $"); > +__RCSID("$NetBSD: pthread.c,v 1.164 2020/02/08 17:06:03 kamil Exp $"); > > #define __EXPOSE_STACK 1 > > @@ -770,11 +770,11 @@ pthread_equal(pthread_t t1, pthread_t t2 > if (__predict_false(__uselibcstub)) > return __libc_thr_equal_stub(t1, t2); > > - pthread__error(EINVAL, "Invalid thread", > - t1->pt_magic == PT_MAGIC); > + pthread__error(0, "Invalid thread", > + (t1 != NULL) && (t1->pt_magic == PT_MAGIC)); > > - pthread__error(EINVAL, "Invalid thread", > - t2->pt_magic == PT_MAGIC); > + pthread__error(0, "Invalid thread", > + (t2 != NULL) && (t2->pt_magic == PT_MAGIC)); > > /* Nothing special here. */ > return (t1 == t2); > -- Ryo ONODERA // r...@tetera.org PGP fingerprint = 82A2 DC91 76E0 A10A 8ABB FD1B F404 27FA C7D1 15F3