From patchwork Wed Sep 16 11:07:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lukasz Majewski X-Patchwork-Id: 40414 X-Patchwork-Delegate: l.majewski@majess.pl Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 178A53986401; Wed, 16 Sep 2020 11:08:01 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-out.m-online.net (mail-out.m-online.net [212.18.0.9]) by sourceware.org (Postfix) with ESMTPS id A2CAD3986401 for ; Wed, 16 Sep 2020 11:07:58 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org A2CAD3986401 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=denx.de Authentication-Results: sourceware.org; spf=none smtp.mailfrom=lukma@denx.de Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 4Bry4W6pWsz1qt42; Wed, 16 Sep 2020 13:07:55 +0200 (CEST) Received: from localhost (dynscan1.mnet-online.de [192.168.6.70]) by mail.m-online.net (Postfix) with ESMTP id 4Bry4W5B6Sz1qvJb; Wed, 16 Sep 2020 13:07:55 +0200 (CEST) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024) with ESMTP id 8x6xc1jUxDCN; Wed, 16 Sep 2020 13:07:54 +0200 (CEST) X-Auth-Info: prTs7g8xBkE+yII7WUuQvJQqwa1vludM7FMYGs+w6AI= Received: from localhost.localdomain (85-222-111-42.dynamic.chello.pl [85.222.111.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPSA; Wed, 16 Sep 2020 13:07:54 +0200 (CEST) From: Lukasz Majewski To: Joseph Myers , Paul Eggert , Adhemerval Zanella Subject: [PATCH 2/2] nptl: Provide NULL abstime pointer handling in __futex_abstimed_wait_cancelable32 Date: Wed, 16 Sep 2020 13:07:38 +0200 Message-Id: <20200916110738.9904-2-lukma@denx.de> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200916110738.9904-1-lukma@denx.de> References: <20200916110738.9904-1-lukma@denx.de> MIME-Version: 1.0 X-Spam-Status: No, score=-16.4 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_NUMSUBJECT, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Florian Weimer , GNU C Library , Andreas Schwab , Stepan Golosunov , Alistair Francis Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" This change fixes issue when NULL pointer would be passed to __futex_abstimed_wait_cancelable32. The call log for passing NULL as *abstime pointer. sem_wait (versioned symbol) | \|/ __new_sem_wait | (here the NULL is passed as *abstime) \|/ __new_sem_wait_slow64 | \|/ do_futex_wait | \|/ __futex_abstimed_wait_cancelable64 | \|/ __futex_abstimed_wait_cancellable32 In this function the *abstime is dereferenced when checking if we have time_t in range and when converting to 32 bit struct timespec to pass it to futex syscall, which supports 32 bit time. Reviewed-by: Alistair Francis --- sysdeps/nptl/futex-internal.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/sysdeps/nptl/futex-internal.c b/sysdeps/nptl/futex-internal.c index a4fc1dc52f..3211b4c94f 100644 --- a/sysdeps/nptl/futex-internal.c +++ b/sysdeps/nptl/futex-internal.c @@ -29,17 +29,21 @@ __futex_abstimed_wait_cancelable32 (unsigned int* futex_word, const struct __timespec64* abstime, int private) { - if (! in_time_t_range (abstime->tv_sec)) + struct timespec ts32; + + if (abstime != NULL && ! in_time_t_range (abstime->tv_sec)) return -EOVERFLOW; unsigned int clockbit = (clockid == CLOCK_REALTIME) ? FUTEX_CLOCK_REALTIME : 0; int op = __lll_private_flag (FUTEX_WAIT_BITSET | clockbit, private); - struct timespec ts32 = valid_timespec64_to_timespec (*abstime); + if (abstime != NULL) + ts32 = valid_timespec64_to_timespec (*abstime); + return INTERNAL_SYSCALL_CANCEL (futex, futex_word, op, expected, - &ts32, NULL /* Unused. */, - FUTEX_BITSET_MATCH_ANY); + abstime != NULL ? &ts32 : NULL, + NULL /* Unused. */, FUTEX_BITSET_MATCH_ANY); } static int