Go to file
H.J. Lu 59c463c4ea x86-64 memrchr: Properly handle the length parameter [BZ #24097]
On x32, the size_t parameter may be passed in the lower 32 bits of a
64-bit register with the non-zero upper 32 bits.  The string/memory
functions written in assembly can only use the lower 32 bits of a
64-bit register as length or must clear the upper 32 bits before using
the full 64-bit register for length.

This pach fixes memrchr for x32.  Tested on x86-64 and x32.  On x86-64,
libc.so is the same with and withou the fix.

	[BZ #24097]
	CVE-2019-6488
	* sysdeps/x86_64/memrchr.S: Use RDX_LP for length.
	* sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memrchr.
	* sysdeps/x86_64/x32/tst-size_t-memrchr.c: New file.

(cherry picked from commit ecd8b842cf)
2019-02-02 05:20:08 -08:00
argp
assert Fix position of tests-unsupported definition in assert/Makefile. 2018-01-04 13:33:12 +01:00
benchtests
bits Make endian-conversion macros always return correct types (bug 16458). 2017-01-11 15:28:08 +00:00
catgets Update copyright dates not handled by scripts/update-copyrights. 2017-01-01 00:26:24 +00:00
conform Fix missing test dependency 2017-02-01 17:40:56 +01:00
crypt
csu Update copyright dates not handled by scripts/update-copyrights. 2017-01-01 00:26:24 +00:00
ctype
debug Update copyright dates not handled by scripts/update-copyrights. 2017-01-01 00:26:24 +00:00
dirent
dlfcn
elf tunables: Use direct syscall for access (BZ#21744) 2018-02-12 11:34:47 -02:00
gmon
gnulib
grp Fix cast-after-dereference 2017-10-07 13:30:34 +02:00
gshadow
hesiod
hurd
iconv Update copyright dates not handled by scripts/update-copyrights. 2017-01-01 00:26:24 +00:00
iconvdata Document and fix --enable-bind-now [BZ #21015] 2017-03-02 20:11:27 +01:00
include tunables: Use direct syscall for access (BZ#21744) 2018-02-12 11:34:47 -02:00
inet sunrpc: Improvements for UDP client timeout handling [BZ #20257] 2017-02-28 17:36:00 +01:00
intl
io linux: make getcwd(3) fail if it cannot obtain an absolute path [BZ #22679] 2018-01-16 09:07:08 +01:00
libidn
libio
locale Fix ld-address format-truncation error. 2017-01-11 13:59:01 +00:00
localedata Correct collation rules for Malayalam. 2017-06-11 10:26:45 -04:00
login Update copyright dates not handled by scripts/update-copyrights. 2017-01-01 00:26:24 +00:00
mach
malloc malloc: Always call memcpy in _int_realloc [BZ #24027] 2019-01-01 10:49:43 +01:00
manual Document and fix --enable-bind-now [BZ #21015] 2017-03-02 20:11:27 +01:00
math Update README.libm-test. 2017-01-20 23:25:13 +00:00
mathvec
misc Avoid .symver on common symbols [BZ #21666] 2017-07-26 10:09:00 -07:00
nis
nptl pthread_cond_broadcast: Fix waiters-after-spinning case [BZ #23538] 2018-08-27 19:21:10 +02:00
nptl_db
nscd Update copyright dates not handled by scripts/update-copyrights. 2017-01-01 00:26:24 +00:00
nss nss_files: Avoid large buffers with many host addresses [BZ #22078] 2018-01-04 13:01:31 +01:00
po Add target to incorporate translations from translations.org 2017-01-20 12:32:46 +05:30
posix posix/tst-glob-tilde.c: Add test for bug 22332 2017-12-01 22:20:20 +01:00
pwd
resolv getaddrinfo: Fix error handling in gethosts [BZ #21915] [BZ #21922] 2018-01-04 12:32:36 +01:00
resource
rt
scripts Synchronize support/ infrastructure with master 2018-01-16 08:28:18 +01:00
setjmp
shadow
signal
socket
soft-fp * soft-fp/op-common.h (_FP_MUL, _FP_FMA, _FP_DIV): Add 2017-01-24 23:27:36 +01:00
stdio-common Fix testsuite build for GCC 7 -Wformat-truncation. 2017-01-11 14:02:23 +00:00
stdlib Fix the return type of the getentropy stub 2017-08-04 00:52:48 +02:00
streams
string string/stratcliff.c: Replace int with size_t [BZ #21982] 2017-09-11 08:52:18 -07:00
sunrpc sunrpc: Improvements for UDP client timeout handling [BZ #20257] 2017-02-28 17:36:00 +01:00
support Synchronize support/ infrastructure with master 2018-01-16 08:28:18 +01:00
sysdeps x86-64 memrchr: Properly handle the length parameter [BZ #24097] 2019-02-02 05:20:08 -08:00
sysvipc Fix test-sysvsem on some platforms 2017-01-02 18:53:50 -02:00
termios
time Fix testsuite build for GCC 7 -Wformat-truncation. 2017-01-11 14:02:23 +00:00
timezone
wcsmbs Fix testsuite build for GCC 7 -Wformat-truncation. 2017-01-11 14:02:23 +00:00
wctype
.gitattributes
.gitignore
abi-tags
aclocal.m4
BUGS
ChangeLog x86-64 memrchr: Properly handle the length parameter [BZ #24097] 2019-02-02 05:20:08 -08:00
ChangeLog.1
ChangeLog.2
ChangeLog.3
ChangeLog.4
ChangeLog.5
ChangeLog.6
ChangeLog.7
ChangeLog.8
ChangeLog.9
ChangeLog.10
ChangeLog.11
ChangeLog.12
ChangeLog.13
ChangeLog.14
ChangeLog.15
ChangeLog.16
ChangeLog.17
ChangeLog.old-ports
ChangeLog.old-ports-aarch64
ChangeLog.old-ports-aix
ChangeLog.old-ports-alpha
ChangeLog.old-ports-am33
ChangeLog.old-ports-arm
ChangeLog.old-ports-cris
ChangeLog.old-ports-hppa
ChangeLog.old-ports-ia64
ChangeLog.old-ports-linux-generic
ChangeLog.old-ports-m68k
ChangeLog.old-ports-microblaze
ChangeLog.old-ports-mips
ChangeLog.old-ports-powerpc
ChangeLog.old-ports-tile
config.h.in
config.make.in Make copy of <bits/std_abs.h> from GCC 7 [BZ #21573] 2017-09-11 09:05:13 -07:00
configure Make copy of <bits/std_abs.h> from GCC 7 [BZ #21573] 2017-09-11 09:05:13 -07:00
configure.ac Make copy of <bits/std_abs.h> from GCC 7 [BZ #21573] 2017-09-11 09:05:13 -07:00
CONFORMANCE
COPYING
COPYING.LIB
cppflags-iterator.mk
extra-lib.mk
extra-modules.mk
gen-locales.mk
INSTALL Document and fix --enable-bind-now [BZ #21015] 2017-03-02 20:11:27 +01:00
libc-abis
LICENSES
Makeconfig Document and fix --enable-bind-now [BZ #21015] 2017-03-02 20:11:27 +01:00
Makefile
Makefile.in
Makerules Make copy of <bits/std_abs.h> from GCC 7 [BZ #21573] 2017-09-11 09:05:13 -07:00
NAMESPACE
NEWS x86-64 memchr/wmemchr: Properly handle the length parameter [BZ #24097] 2019-02-01 16:42:32 -08:00
o-iterator.mk
README
README.pretty-printers Fix mutex pretty printer test and pretty printer output. 2017-01-20 14:56:39 +01:00
README.tunables
Rules
shlib-versions
test-skeleton.c
version.h Update for 2.25 release 2017-02-05 20:58:43 +05:30
WUR-REPORT

This directory contains the sources of the GNU C Library.
See the file "version.h" for what release version you have.

The GNU C Library is the standard system C library for all GNU systems,
and is an important part of what makes up a GNU system.  It provides the
system API for all programs written in C and C-compatible languages such
as C++ and Objective C; the runtime facilities of other programming
languages use the C library to access the underlying operating system.

In GNU/Linux systems, the C library works with the Linux kernel to
implement the operating system behavior seen by user applications.
In GNU/Hurd systems, it works with a microkernel and Hurd servers.

The GNU C Library implements much of the POSIX.1 functionality in the
GNU/Hurd system, using configurations i[4567]86-*-gnu.  The current
GNU/Hurd support requires out-of-tree patches that will eventually be
incorporated into an official GNU C Library release.

When working with Linux kernels, this version of the GNU C Library
requires Linux kernel version 3.2 or later on all architectures except
i[4567]86 and x86_64, where Linux kernel version 2.6.32 or later
suffices.

Also note that the shared version of the libgcc_s library must be
installed for the pthread library to work correctly.

The GNU C Library supports these configurations for using Linux kernels:

	aarch64*-*-linux-gnu
	alpha*-*-linux-gnu
	arm-*-linux-gnueabi
	hppa-*-linux-gnu	Not currently functional without patches.
	i[4567]86-*-linux-gnu
	x86_64-*-linux-gnu	Can build either x86_64 or x32
	ia64-*-linux-gnu
	m68k-*-linux-gnu
	microblaze*-*-linux-gnu
	mips-*-linux-gnu
	mips64-*-linux-gnu
	powerpc-*-linux-gnu	Hardware or software floating point, BE only.
	powerpc64*-*-linux-gnu	Big-endian and little-endian.
	s390-*-linux-gnu
	s390x-*-linux-gnu
	sh[34]-*-linux-gnu
	sparc*-*-linux-gnu
	sparc64*-*-linux-gnu
	tilegx-*-linux-gnu
	tilepro-*-linux-gnu

If you are interested in doing a port, please contact the glibc
maintainers; see http://www.gnu.org/software/libc/ for more
information.

See the file INSTALL to find out how to configure, build, and install
the GNU C Library.  You might also consider reading the WWW pages for
the C library at http://www.gnu.org/software/libc/.

The GNU C Library is (almost) completely documented by the Texinfo manual
found in the `manual/' subdirectory.  The manual is still being updated
and contains some known errors and omissions; we regret that we do not
have the resources to work on the manual as much as we would like.  For
corrections to the manual, please file a bug in the `manual' component,
following the bug-reporting instructions below.  Please be sure to check
the manual in the current development sources to see if your problem has
already been corrected.

Please see http://www.gnu.org/software/libc/bugs.html for bug reporting
information.  We are now using the Bugzilla system to track all bug reports.
This web page gives detailed information on how to report bugs properly.

The GNU C Library is free software.  See the file COPYING.LIB for copying
conditions, and LICENSES for notices about a few contributions that require
these additional notices to be distributed.  License copyright years may be
listed using range notation, e.g., 1996-2015, indicating that every year in
the range, inclusive, is a copyrightable year that would otherwise be listed
individually.