From patchwork Fri Jul 14 00:36:31 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: DJ Delorie X-Patchwork-Id: 21611 Received: (qmail 93319 invoked by alias); 14 Jul 2017 00:36:36 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 92743 invoked by uid 89); 14 Jul 2017 00:36:35 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-26.9 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RP_MATCHES_RCVD, SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=HX-Greylist:Fri, felt X-HELO: mx1.redhat.com DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 0757E7F3F1 Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=dj@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 0757E7F3F1 Date: Thu, 13 Jul 2017 20:36:31 -0400 Message-Id: From: DJ Delorie To: libc-alpha@sourceware.org Subject: grp/grp_merge.c alignment fix Fixes https://sourceware.org/bugzilla/show_bug.cgi?id=21654 I have a test for this in my nss_tests patch (posted separately), which is a very large patch set (the individual test requires the new framework) and thus I chose to keep it as a separate patch in case this patch was accepted during the freeze and the testuite change was deferred. Tested on x86_64, where it fails the test I wrote before, and not after, patching. Note: I did not try to rewrite grp_merge.c using Florian's new alloc_buffer code, as I felt that was inappropriate for this stage of development (post-freeze). [BZ #21654] * grp/grp_merge.c (__copy_grp): Make sure pointers-to-not-char are properly aligned. (__merge_grp): Likewise. diff --git a/grp/grp-merge.c b/grp/grp-merge.c index 77c494d..d6a53cd 100644 --- a/grp/grp-merge.c +++ b/grp/grp-merge.c @@ -85,6 +85,14 @@ __copy_grp (const struct group srcgrp, const size_t buflen, } members[i] = NULL; + /* Align for pointers. We can't simply align C because we need to + align destbuf[c]. */ + if (((uintptr_t)destbuf + c) & (__alignof__(char **) - 1)) + { + uintptr_t mis_align = ((uintptr_t)destbuf + c) & (__alignof__(char **) - 1); + c += __alignof__(char **) - mis_align; + } + /* Copy the pointers from the members array into the buffer and assign them to the gr_mem member of destgrp. */ destgrp->gr_mem = (char **) &destbuf[c]; @@ -168,6 +176,14 @@ __merge_grp (struct group *savedgrp, char *savedbuf, char *savedend, /* Add the NULL-terminator. */ members[savedmemcount + memcount] = NULL; + /* Align for pointers. We can't simply align C because we need to + align savedbuf[c]. */ + if (((uintptr_t)savedbuf + c) & (__alignof__(char **) - 1)) + { + uintptr_t mis_align = ((uintptr_t)savedbuf + c) & (__alignof__(char **) - 1); + c += __alignof__(char **) - mis_align; + } + /* Copy the member array back into the buffer after the member list and free the member array. */ savedgrp->gr_mem = (char **) &savedbuf[c];