Message ID | 913439ddce2d33024fa0d0da5d9f4c6234a30cde.1666877952.git.szabolcs.nagy@arm.com (mailing list archive) |
---|---|
State | Committed |
Commit | eef17d4d9fcd38c5cbb9bc9515ba72d1773b67a2 |
Headers |
Return-Path: <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 2053338AA24F for <patchwork@sourceware.org>; Thu, 27 Oct 2022 15:36:21 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2053338AA24F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1666884981; bh=g3ByCVI7ZrgPnsfhH82oSkxcL6uBsvoYr6NG4tDse0Q=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=Ru2PWqW2DOMb7eFq4oUxKAIFuZrYyHHJ09oGYkzm63Rv8/duu51fBQX7KP5nQQ9QR 3aALPLcDXTb/BthAGdx4kT+1fewRGnffAesXHnb/XLPgsKJ1F250oDLaHZSIAW4T+4 ho+WBmsyqjYVyAJ0KHW9s0ms9JEFNWqn5Sp6j6js= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2078.outbound.protection.outlook.com [40.107.21.78]) by sourceware.org (Postfix) with ESMTPS id 40D11381E5EB for <libc-alpha@sourceware.org>; Thu, 27 Oct 2022 15:33:22 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 40D11381E5EB ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=bWMka09+j5hccRHYTxZJ7RmK3o9Pk2ff4UPE9rzYUb8fmoiXthwip2SRQlVQjVGR51W3XyXJiGotQH1i50bk3Gs14H4cyXCLcHs/qoo8wmXYIhNK5OUb8KHJ7G6hMFvS8vXr0LpuJDs8zIWx4WgPqd2GuSqN1vHTdX3JGiMdTPf2BQAXiXqroe+0/UkiLZRiejvuz/YebJTbTT69V4BKd5lF2VB27kTAW6qdhyn2zUymRLBKQENOsQVtieGy9ZsN39wDHf/+fOEadwURG61AjUtAZL91eABLO6ZSvPTFy4tMEJtDSEeeA/MJ7ZPaOptDo3kX792RMGIfibrhTdIpag== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=g3ByCVI7ZrgPnsfhH82oSkxcL6uBsvoYr6NG4tDse0Q=; b=cGworN+kIsFVkBACFIou3QRBFbVrkLXULZok5d2FyMn35yClDzblhLyQDillPfve0rdg57lkx7JBRtMcvhOrnuu8jEbziKBwqRBrwrpIN1DE4kpzExGU+RjgmfKo9MNmXUX6HtPVeucRDJ4axJWWv+4MI6sSv7numVn0orFh9JVAYTwhb3jkLYFJYvHPIiQoIVJ5rwTPlCibVKGiaTpRBm+wF+bvwHBadP8Hpy57LyZv5VQEP8rkDRQDe3NUas4kiiJY9MFGz2XOexsDsM8Fbxst89tZTF5p4frZSdqBuuN8WLuvVTbVhSrsCjIRGSOPl6lE4SdTQ1P4lIWCN1gRPg== ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=sourceware.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1, 1, smtp.mailfrom=arm.com] dmarc=[1, 1, header.from=arm.com]) Received: from AS9PR04CA0172.eurprd04.prod.outlook.com (2603:10a6:20b:530::18) by GVXPR08MB7752.eurprd08.prod.outlook.com (2603:10a6:150:6::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.21; Thu, 27 Oct 2022 15:33:18 +0000 Received: from AM7EUR03FT047.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:530:cafe::8a) by AS9PR04CA0172.outlook.office365.com (2603:10a6:20b:530::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.15 via Frontend Transport; Thu, 27 Oct 2022 15:33:18 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM7EUR03FT047.mail.protection.outlook.com (100.127.140.69) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.14 via Frontend Transport; Thu, 27 Oct 2022 15:33:18 +0000 Received: ("Tessian outbound 6c699027a257:v130"); Thu, 27 Oct 2022 15:33:18 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: a599590f8e01bc6a X-CR-MTA-TID: 64aa7808 Received: from eab757ee5f72.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id C66F9E9A-9A96-411D-A60D-9C83F4CC7D04.1; Thu, 27 Oct 2022 15:33:10 +0000 Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id eab757ee5f72.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 27 Oct 2022 15:33:10 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F/siGYXwNnJMssx9emKrrlSQWXtUkQBhDc4k9Ku2ZUjgrG176Q0f+H5SsXS0zT54iAsyNW/s2WcuscPOU/nUS7YCapB7CMdap0k84+lQEYr/FR/BRAfXM8tyYnln7nFzc/qndbCh01+/oaSx/FsWej7yJ03xyFcG2ufzyUW9APBTweQQarz9nkVMykA2ALHyB5brZ/tl3tG4mQF1xriwA1OGeJTmJ8TyQzeWgRUBTL0wlk+OlGA2xz0MA7ebVNQg3jN46Rtu+O1nNMnEKmp86+n76kO2y6JLDSxkrEM+1bFG2t2rzcSfxjRHHJmwDKGuAOGa/ZOLXpu8FVGWAA0Hdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=g3ByCVI7ZrgPnsfhH82oSkxcL6uBsvoYr6NG4tDse0Q=; b=NYGKnVTezjO3yTsRsZmht8O/MZto0QoWcYFVaIYZXNblzMikeG9E1/WaYxE317RjGkjcbIpRuQ0aMubuYzwmaMJfCmZXAagRHIzIo5YMPYSUc7/zQ0wTRtEB4QkiRsatyZGMyzaDhAKF5RliV2vifClqhdw4uQp7zT0cNYvoZIjEvEH8AtkPFBBahZ8qr1nDs/GGo8W44GcE9zKJtCauK9CMQq3wtebegk20PEBIlquDDLM8di+Xr4CNe+odugU8TCAaoROgS02t9XJkZPZfSnBnOG009Tt3fxnyMpRWuVmoyNrPGDGVP6BMkzBcHg5GE8vxbpczlpAreHMmuXGZSA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 40.67.248.234) smtp.rcpttodomain=sourceware.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=none (message not signed); arc=none Received: from DB6PR0201CA0033.eurprd02.prod.outlook.com (2603:10a6:4:3f::43) by GV1PR08MB8667.eurprd08.prod.outlook.com (2603:10a6:150:85::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.28; Thu, 27 Oct 2022 15:33:08 +0000 Received: from DBAEUR03FT049.eop-EUR03.prod.protection.outlook.com (2603:10a6:4:3f:cafe::e6) by DB6PR0201CA0033.outlook.office365.com (2603:10a6:4:3f::43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.14 via Frontend Transport; Thu, 27 Oct 2022 15:33:08 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 40.67.248.234 as permitted sender) receiver=protection.outlook.com; client-ip=40.67.248.234; helo=nebula.arm.com; pr=C Received: from nebula.arm.com (40.67.248.234) by DBAEUR03FT049.mail.protection.outlook.com (100.127.142.192) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5723.20 via Frontend Transport; Thu, 27 Oct 2022 15:33:08 +0000 Received: from AZ-NEU-EX03.Arm.com (10.251.24.31) by AZ-NEU-EX03.Arm.com (10.251.24.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.12; Thu, 27 Oct 2022 15:33:07 +0000 Received: from armchair.cambridge.arm.com (10.2.80.71) by mail.arm.com (10.251.24.31) with Microsoft SMTP Server id 15.1.2507.12 via Frontend Transport; Thu, 27 Oct 2022 15:33:06 +0000 To: <libc-alpha@sourceware.org> Subject: [PATCH 11/20] elf: Fix alloca size in _dl_debug_vdprintf Date: Thu, 27 Oct 2022 16:33:06 +0100 Message-ID: <913439ddce2d33024fa0d0da5d9f4c6234a30cde.1666877952.git.szabolcs.nagy@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <cover.1666877952.git.szabolcs.nagy@arm.com> References: <cover.1666877952.git.szabolcs.nagy@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-EOPAttributedMessage: 1 X-MS-TrafficTypeDiagnostic: DBAEUR03FT049:EE_|GV1PR08MB8667:EE_|AM7EUR03FT047:EE_|GVXPR08MB7752:EE_ X-MS-Office365-Filtering-Correlation-Id: f0973f71-d496-49d5-7b47-08dab8309292 x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: rpHRhU9hAupsF4NNd8lJFrAaHvsz7BIGQ8+f70mXaMDQCUSJkCzeucih7ARswvEdUwhEsV0JtDbppoO+HfwkjiR/KJ3FQuip/2h58qak4ZyqBJkl128xYtJd47UFSRYqGo8fPsc+SnSEUQSX18AEOqx4w0X1Kxf/zQorNFoqNB+qFpUG7aVxBjhPIcQeE1R2ec7E+p31u2fhFG9HIiXpHBjm9FkCMPw29Hihkk6dOzjuyB3C7ekRU9dJNPfAxFcmP/baudmuzwhBNDJCJmRMitm+Ub2SWzWZNZfe+ZB285u8UdFln6iN8HUgccGQuscVT1Gq7Me6//K7hbeuuJI/iHvI0ooaRciqNJqjg7S5RB5dErMXU09jvRI6z2img4es4afHblNPf5HC5hlE9nhKFfhoNY6W4FaUusCKPaSUmPpUVjKFK8pNHmzJin0zHab5gz8qNg2tw788BZGu5dkLksRGt7zezQAYdkefnfyRq+gpfjfrGco/Q8F2QegqtpSjFFuucAPgAVAdaddec0in1JXVsqpB0Y5n8YCFTmYTsZBc0QbP+SQB5R6aGxfMnKJvxSxqFzu8YvEWw2bPDpV71BR9wm6M52Yk6tEV1w0e4npSX2qhCLbrTTQ7dilHyL639IAOGmDVj+pEGWlgTbeiNu4di8h5iH/JsgyZ4nR390UMlohAqxUNCZPYwm6NkEO1fEtSv4GLWHO+uGspM8iys+Y7/OBcPl5FwvlKhynQfhTYCZQi9J1W1G4QZN6t2jpsmOLY4LGzlgbe/aZd2ZjpZ9ei93v4f9gB7RFQgqBO3oQxI5OqFjcFh5ZJMhHyHv1G X-Forefront-Antispam-Report-Untrusted: CIP:40.67.248.234; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:nebula.arm.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230022)(4636009)(376002)(136003)(39860400002)(396003)(346002)(451199015)(36840700001)(46966006)(40470700004)(47076005)(36756003)(2906002)(36860700001)(86362001)(44832011)(336012)(40460700003)(41300700001)(2616005)(426003)(186003)(81166007)(356005)(82740400003)(83380400001)(478600001)(6916009)(70206006)(70586007)(26005)(7696005)(316002)(8676002)(82310400005)(5660300002)(40480700001)(8936002)(36900700001); DIR:OUT; SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1PR08MB8667 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM7EUR03FT047.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: bc1db469-0abd-414d-bec2-08dab8308c90 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 5JLHLyuHx+LTyxDkT+5Fd+MfSYS4CSIzArAoJrKVVfkQuzs/DUBionxPsKCXOsfQfc2k1ai8oufLbpVzfRahrxUHqLZk/EawRWnYWYm/NEdUred6cgB5y7ALzs0X4kwJXplqEG5zLRQc0utCVOCFuzqoWVdoAHzc/7ebsvuwVkurZjLfksIu/PF40ng1tq1BfCAwpqUBsPw9DcA2feyPDyGLYDysr7X5RNE9g2D8tAPjBrIoiz9wzC4MWaIKII+5tE17dRH/v6rb26eGvReupDNJmv89T1Xfia95VT7qiF5XQa5bvU3bp5/0pF9QYCu9XhwZQl7mmNd4hMH5qRtl6bcgaJ9kdRm9NWE7jJWqCb7yBeTBu45dibATKTXudGJdA9Wk1tJ4k2qOikMYFbLkXVhiA3APKxVsQ166QD2+6OO1Y3sbMpdurBF4wzChe6tJ7/d3fVAGFp2atrMX7+NhRyaQJzxoodHFOF3zzYkpdh10WAHd1d2xQPssPa7u3dFeDiRoPXuSfC1lJQKEopAbqBngjrMEGp2AGDlh0PgJ5dRLqqeeDvRNRNt99AKJ/daehUUgrtERMjIsqqix+nXAjlgrsGnvhaZk5sP8Iyy3T8bye6g2t48kLQpylPy0Ba5CUpTdiJE7hbt5y/eBbXVotO0nBiclDGOPmWRBgbRyJMY9tadqOjX4hIqy4Ub6i7L9/yu+Z3yh9DnR8XbiezeH5ndc61c11lLx7x3dxoEw3ZFMCweG3j8pHfPB+Nv/z8ugnsyCCqmw//ZsJeuqEiq5YQ== X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230022)(4636009)(346002)(39860400002)(396003)(376002)(136003)(451199015)(36840700001)(46966006)(40470700004)(82740400003)(426003)(82310400005)(40480700001)(81166007)(86362001)(47076005)(478600001)(6916009)(83380400001)(8936002)(7696005)(316002)(36756003)(26005)(40460700003)(70586007)(41300700001)(44832011)(36860700001)(2906002)(336012)(186003)(5660300002)(70206006)(8676002)(2616005); DIR:OUT; SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Oct 2022 15:33:18.2892 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f0973f71-d496-49d5-7b47-08dab8309292 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM7EUR03FT047.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVXPR08MB7752 X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, FORGED_SPF_HELO, GIT_PATCH_0, KAM_DMARC_NONE, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_NONE, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org> List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/libc-alpha/> List-Post: <mailto:libc-alpha@sourceware.org> List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help> List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=subscribe> From: Szabolcs Nagy via Libc-alpha <libc-alpha@sourceware.org> Reply-To: Szabolcs Nagy <szabolcs.nagy@arm.com> Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org> |
Series |
patches from the morello port
|
|
Checks
Context | Check | Description |
---|---|---|
dj/TryBot-apply_patch | success | Patch applied to master at the time it was sent |
Commit Message
Szabolcs Nagy
Oct. 27, 2022, 3:33 p.m. UTC
The alloca size did not consider the optional width parameter for padding which could cause buffer underflow. The width is currently used e.g. by _dl_map_object_from_fd which passes 2 * sizeof(void *) which can be larger than the alloca buffer size on targets where sizeof(void *) >= 2 * sizeof(unsigned long). Even if large width is not used on existing targets it is better to fix the formatting code to avoid surprises. --- elf/dl-printf.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
Comments
* Szabolcs Nagy via Libc-alpha: > The alloca size did not consider the optional width parameter for > padding which could cause buffer underflow. The width is currently used > e.g. by _dl_map_object_from_fd which passes 2 * sizeof(void *) which > can be larger than the alloca buffer size on targets where > sizeof(void *) >= 2 * sizeof(unsigned long). > > Even if large width is not used on existing targets it is better to fix > the formatting code to avoid surprises. > --- > elf/dl-printf.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/elf/dl-printf.c b/elf/dl-printf.c > index 429d2e80c2..00c114002c 100644 > --- a/elf/dl-printf.c > +++ b/elf/dl-printf.c > @@ -163,8 +163,11 @@ _dl_debug_vdprintf (int fd, int tag_p, const char *fmt, va_list arg) > /* We use alloca() to allocate the buffer with the most > pessimistic guess for the size. Using alloca() allows > having more than one integer formatting in a call. */ > - char *buf = (char *) alloca (1 + 3 * sizeof (unsigned long int)); > - char *endp = &buf[1 + 3 * sizeof (unsigned long int)]; > + int size = 1 + 3 * sizeof (unsigned long int); > + if (width + 1 > size) > + size = width + 1; > + char *buf = (char *) alloca (size); > + char *endp = &buf[size]; > char *cp = _itoa (num, endp, *fmt == 'x' ? 16 : 10, 0); > > /* Pad to the width the user specified. */ This looks okay. Reviewed-by: Florian Weimer <fweimer@redhat.com> Thanks, Florian
On 27/10/22 12:33, Szabolcs Nagy via Libc-alpha wrote: > The alloca size did not consider the optional width parameter for > padding which could cause buffer underflow. The width is currently used > e.g. by _dl_map_object_from_fd which passes 2 * sizeof(void *) which > can be larger than the alloca buffer size on targets where > sizeof(void *) >= 2 * sizeof(unsigned long). > > Even if large width is not used on existing targets it is better to fix > the formatting code to avoid surprises. > --- > elf/dl-printf.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/elf/dl-printf.c b/elf/dl-printf.c > index 429d2e80c2..00c114002c 100644 > --- a/elf/dl-printf.c > +++ b/elf/dl-printf.c > @@ -163,8 +163,11 @@ _dl_debug_vdprintf (int fd, int tag_p, const char *fmt, va_list arg) > /* We use alloca() to allocate the buffer with the most > pessimistic guess for the size. Using alloca() allows > having more than one integer formatting in a call. */ > - char *buf = (char *) alloca (1 + 3 * sizeof (unsigned long int)); > - char *endp = &buf[1 + 3 * sizeof (unsigned long int)]; > + int size = 1 + 3 * sizeof (unsigned long int); > + if (width + 1 > size) > + size = width + 1; > + char *buf = (char *) alloca (size); > + char *endp = &buf[size]; > char *cp = _itoa (num, endp, *fmt == 'x' ? 16 : 10, 0); > > /* Pad to the width the user specified. */ Would be better to just limit a maximum width and use a fixed-size buffer instead (and assert if size is larger)?
The 10/28/2022 10:56, Adhemerval Zanella Netto wrote: > On 27/10/22 12:33, Szabolcs Nagy via Libc-alpha wrote: > > The alloca size did not consider the optional width parameter for > > padding which could cause buffer underflow. The width is currently used > > e.g. by _dl_map_object_from_fd which passes 2 * sizeof(void *) which > > can be larger than the alloca buffer size on targets where > > sizeof(void *) >= 2 * sizeof(unsigned long). > > > > Even if large width is not used on existing targets it is better to fix > > the formatting code to avoid surprises. > > --- > > elf/dl-printf.c | 7 +++++-- > > 1 file changed, 5 insertions(+), 2 deletions(-) > > > > diff --git a/elf/dl-printf.c b/elf/dl-printf.c > > index 429d2e80c2..00c114002c 100644 > > --- a/elf/dl-printf.c > > +++ b/elf/dl-printf.c > > @@ -163,8 +163,11 @@ _dl_debug_vdprintf (int fd, int tag_p, const char *fmt, va_list arg) > > /* We use alloca() to allocate the buffer with the most > > pessimistic guess for the size. Using alloca() allows > > having more than one integer formatting in a call. */ > > - char *buf = (char *) alloca (1 + 3 * sizeof (unsigned long int)); > > - char *endp = &buf[1 + 3 * sizeof (unsigned long int)]; > > + int size = 1 + 3 * sizeof (unsigned long int); > > + if (width + 1 > size) > > + size = width + 1; > > + char *buf = (char *) alloca (size); > > + char *endp = &buf[size]; > > char *cp = _itoa (num, endp, *fmt == 'x' ? 16 : 10, 0); > > > > /* Pad to the width the user specified. */ > > > Would be better to just limit a maximum width and use a fixed-size buffer instead > (and assert if size is larger)? i already committed this. i think it's safe: it's internal api and using huge paddings is unlikely.
On 28/10/22 11:43, Szabolcs Nagy wrote: > The 10/28/2022 10:56, Adhemerval Zanella Netto wrote: >> On 27/10/22 12:33, Szabolcs Nagy via Libc-alpha wrote: >>> The alloca size did not consider the optional width parameter for >>> padding which could cause buffer underflow. The width is currently used >>> e.g. by _dl_map_object_from_fd which passes 2 * sizeof(void *) which >>> can be larger than the alloca buffer size on targets where >>> sizeof(void *) >= 2 * sizeof(unsigned long). >>> >>> Even if large width is not used on existing targets it is better to fix >>> the formatting code to avoid surprises. >>> --- >>> elf/dl-printf.c | 7 +++++-- >>> 1 file changed, 5 insertions(+), 2 deletions(-) >>> >>> diff --git a/elf/dl-printf.c b/elf/dl-printf.c >>> index 429d2e80c2..00c114002c 100644 >>> --- a/elf/dl-printf.c >>> +++ b/elf/dl-printf.c >>> @@ -163,8 +163,11 @@ _dl_debug_vdprintf (int fd, int tag_p, const char *fmt, va_list arg) >>> /* We use alloca() to allocate the buffer with the most >>> pessimistic guess for the size. Using alloca() allows >>> having more than one integer formatting in a call. */ >>> - char *buf = (char *) alloca (1 + 3 * sizeof (unsigned long int)); >>> - char *endp = &buf[1 + 3 * sizeof (unsigned long int)]; >>> + int size = 1 + 3 * sizeof (unsigned long int); >>> + if (width + 1 > size) >>> + size = width + 1; >>> + char *buf = (char *) alloca (size); >>> + char *endp = &buf[size]; >>> char *cp = _itoa (num, endp, *fmt == 'x' ? 16 : 10, 0); >>> >>> /* Pad to the width the user specified. */ >> >> >> Would be better to just limit a maximum width and use a fixed-size buffer instead >> (and assert if size is larger)? > > i already committed this. i think it's safe: > it's internal api and using huge paddings is unlikely. The idea is to remove all internal alloca usage where possible, and I think this is a good spot to continue the work.
diff --git a/elf/dl-printf.c b/elf/dl-printf.c index 429d2e80c2..00c114002c 100644 --- a/elf/dl-printf.c +++ b/elf/dl-printf.c @@ -163,8 +163,11 @@ _dl_debug_vdprintf (int fd, int tag_p, const char *fmt, va_list arg) /* We use alloca() to allocate the buffer with the most pessimistic guess for the size. Using alloca() allows having more than one integer formatting in a call. */ - char *buf = (char *) alloca (1 + 3 * sizeof (unsigned long int)); - char *endp = &buf[1 + 3 * sizeof (unsigned long int)]; + int size = 1 + 3 * sizeof (unsigned long int); + if (width + 1 > size) + size = width + 1; + char *buf = (char *) alloca (size); + char *endp = &buf[size]; char *cp = _itoa (num, endp, *fmt == 'x' ? 16 : 10, 0); /* Pad to the width the user specified. */