[v2] libio: Set _vtable_offset before calling _IO_link_in [BZ #32148]

Message ID 20240907125847.273272-1-hjl.tools@gmail.com
State Superseded
Headers
Series [v2] libio: Set _vtable_offset before calling _IO_link_in [BZ #32148] |

Checks

Context Check Description
redhat-pt-bot/TryBot-apply_patch success Patch applied to master at the time it was sent
redhat-pt-bot/TryBot-32bit success Build for i686
linaro-tcwg-bot/tcwg_glibc_build--master-arm success Build passed
linaro-tcwg-bot/tcwg_glibc_check--master-arm success Test passed
linaro-tcwg-bot/tcwg_glibc_build--master-aarch64 success Build passed
linaro-tcwg-bot/tcwg_glibc_check--master-aarch64 success Test passed

Commit Message

H.J. Lu Sept. 7, 2024, 12:58 p.m. UTC
  Since _IO_vtable_offset is used to detect the old binaries, set it
in _IO_old_file_init_internal before calling _IO_link_in which checks
_IO_vtable_offset.  Add a glibc 2.0 test with copy relocation on
_IO_stderr_@GLIBC_2.0 to verify that fopen won't cause memory corruption.
This fixes BZ #32148.

Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
---
 libio/Makefile           |  7 ++++
 libio/oldfileops.c       |  4 +-
 libio/tst-fopen-compat.c | 84 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 94 insertions(+), 1 deletion(-)
 create mode 100644 libio/tst-fopen-compat.c
  

Patch

diff --git a/libio/Makefile b/libio/Makefile
index 59f3ee0b7c..c93c4c59b8 100644
--- a/libio/Makefile
+++ b/libio/Makefile
@@ -287,11 +287,18 @@  endif
 ifeq ($(build-shared),yes)
 aux	+= oldfileops oldstdfiles
 tests += \
+  tst-fopen-compat \
   tst-stderr-compat \
 # tests
 tests-2.0 += \
+  tst-fopen-compat \
   tst-stderr-compat \
 # tests-2.0
+
+tst-fopen-compat-ARGS = tst-fopen-compat.c
+# Disable PIE to trigger copy relocation.
+CFLAGS-tst-fopen-compat.c += -fno-pie
+tst-fopen-compat-no-pie = yes
 endif
 
 shared-only-routines = oldiofopen oldiofdopen oldiofclose oldfileops	\
diff --git a/libio/oldfileops.c b/libio/oldfileops.c
index 97148dba9b..8f775c9094 100644
--- a/libio/oldfileops.c
+++ b/libio/oldfileops.c
@@ -103,9 +103,11 @@  _IO_old_file_init_internal (struct _IO_FILE_plus *fp)
   fp->file._old_offset = _IO_pos_BAD;
   fp->file._flags |= CLOSED_FILEBUF_FLAGS;
 
-  _IO_link_in (fp);
+  /* NB: _vtable_offset must be set before calling _IO_link_in since
+     _IO_vtable_offset is used to detect the old binaries.  */
   fp->file._vtable_offset = ((int) sizeof (struct _IO_FILE)
 			     - (int) sizeof (struct _IO_FILE_complete));
+  _IO_link_in (fp);
   fp->file._fileno = -1;
 
   if (&_IO_stdin_used != NULL || !_IO_legacy_file ((FILE *) fp))
diff --git a/libio/tst-fopen-compat.c b/libio/tst-fopen-compat.c
new file mode 100644
index 0000000000..fd0c9cbe10
--- /dev/null
+++ b/libio/tst-fopen-compat.c
@@ -0,0 +1,84 @@ 
+/* Verify that fopen works with copy relocation on _IO_stderr_ in binaries
+   linked with glibc 2.0.
+   Copyright (C) 2024 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <shlib-compat.h>
+
+#if TEST_COMPAT (libc, GLIBC_2_0, GLIBC_2_1)
+# define _LIBC
+# define _IO_USE_OLD_IO_FILE
+# include <stdio.h>
+# include <string.h>
+# include <limits.h>
+# include <sys/stat.h>
+# include <support/check.h>
+
+struct _IO_jump_t;
+
+struct _IO_FILE_plus
+{
+  FILE file;
+  const struct _IO_jump_t *vtable;
+};
+
+extern struct _IO_FILE_plus _IO_stderr_;
+compat_symbol_reference (libc, _IO_stderr_, _IO_stderr_, GLIBC_2_0);
+compat_symbol_reference (libc, fopen, fopen, GLIBC_2_0);
+compat_symbol_reference (libc, fclose, fclose, GLIBC_2_0);
+
+static int
+do_test (int argc, char *argv[])
+{
+  static char filename[PATH_MAX + 1];
+  struct stat st;
+  char *name = NULL;
+  int i;
+
+  /* Try to trigger copy relocation.  */
+  TEST_VERIFY_EXIT (_IO_stderr_.file._fileno >= 0);
+
+  for (i = 1; i < argc; i++)
+    {
+      name = argv[i];
+      if (stat (name, &st) == 0)
+	{
+	  TEST_VERIFY_EXIT (strlen (name) <= PATH_MAX);
+	  break;
+	}
+    }
+  TEST_VERIFY_EXIT (name != NULL);
+
+  strcpy (filename, name);
+  FILE *fp = fopen (filename, "r");
+  TEST_VERIFY_EXIT (strcmp (filename, name) == 0);
+  TEST_VERIFY_EXIT (fp != NULL);
+  TEST_VERIFY_EXIT (fclose (fp) == 0);
+  return 0;
+}
+#else
+# include <support/test-driver.h>
+
+static int
+do_test (int argc, char *argv[])
+{
+  return EXIT_UNSUPPORTED;
+}
+#endif
+
+#define TEST_FUNCTION_ARGV do_test
+#include <support/test-driver.c>