NSS test harness upgrade

Message ID	xn1spcuyx4.fsf@greed.delorie.com
State	Committed
Headers	Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk Sender: libc-alpha-owner@sourceware.org DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com D1C967CE14 From: DJ Delorie <dj@redhat.com> To: "Carlos O'Donell" <carlos@redhat.com> Cc: stli@linux.vnet.ibm.com, libc-alpha@sourceware.org Subject: Re: [patch] NSS test harness upgrade In-Reply-To: <cd2ecea3-a74a-5617-691b-1ff77c9175ce@redhat.com> (carlos@redhat.com) Date: Wed, 19 Jul 2017 13:19:51 -0400 Message-ID: <xn1spcuyx4.fsf@greed.delorie.com> MIME-Version: 1.0 Content-Type: text/plain

Message ID

xn1spcuyx4.fsf@greed.delorie.com

State

Committed

Headers

Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
Sender: libc-alpha-owner@sourceware.org
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com D1C967CE14
From: DJ Delorie <dj@redhat.com>
To: "Carlos O'Donell" <carlos@redhat.com>
Cc: stli@linux.vnet.ibm.com, libc-alpha@sourceware.org
Subject: Re: [patch] NSS test harness upgrade
In-Reply-To: <cd2ecea3-a74a-5617-691b-1ff77c9175ce@redhat.com>
	(carlos@redhat.com)
Date: Wed, 19 Jul 2017 13:19:51 -0400
Message-ID: <xn1spcuyx4.fsf@greed.delorie.com>
MIME-Version: 1.0
Content-Type: text/plain

Commit Message

DJ Delorie July 19, 2017, 5:19 p.m. UTC

  I've checked in this hopefully obvious patch...

From f8cef4d07d9641e27629bd3ce2d13f5d702fb251 Mon Sep 17 00:00:00 2001
From: DJ Delorie <dj@delorie.com>
Date: Wed, 19 Jul 2017 13:14:34 -0400
Subject: Fix cast-after-dereference

Original code was dereferencing a char*, then casting the value
to size_t.  Should cast the pointer to size_t* then deference.

Comments

Carlos O'Donell July 19, 2017, 7:38 p.m. UTC | #1

On 07/19/2017 01:19 PM, DJ Delorie wrote:
> 
> I've checked in this hopefully obvious patch...

It's not clear, but did you test this on s390x and ppc?

Andreas Schwab July 19, 2017, 9:28 p.m. UTC | #2

On Jul 19 2017, DJ Delorie <dj@redhat.com> wrote:

> -  savedmemcount = (size_t) *(savedend - sizeof (size_t));
> +  savedmemcount = *(size_t *) (savedend - sizeof (size_t));

I don't see where savedend is aligned.

Andreas.

DJ Delorie July 19, 2017, 11:15 p.m. UTC | #3

Andreas Schwab <schwab@linux-m68k.org> writes:
>> -  savedmemcount = (size_t) *(savedend - sizeof (size_t));
>> +  savedmemcount = *(size_t *) (savedend - sizeof (size_t));
>
> I don't see where savedend is aligned.

It's always a multiple of size_t away from the array we align for in
__copy_grp, since that's where the data comes from.

Unless there's *another* place where we put together that weird
undocumented layout of the data - in which case, we shouln't ;-)

Andreas Schwab July 20, 2017, 6:33 a.m. UTC | #4

On Jul 19 2017, DJ Delorie <dj@redhat.com> wrote:

> Andreas Schwab <schwab@linux-m68k.org> writes:
>>> -  savedmemcount = (size_t) *(savedend - sizeof (size_t));
>>> +  savedmemcount = *(size_t *) (savedend - sizeof (size_t));
>>
>> I don't see where savedend is aligned.
>
> It's always a multiple of size_t away from the array we align for in
> __copy_grp, since that's where the data comes from.

Thanks, I see that now.

Andreas.

Stefan Liebler July 20, 2017, 7:02 a.m. UTC | #5

On 07/19/2017 07:19 PM, DJ Delorie wrote:
> 
> I've checked in this hopefully obvious patch...
> 
>  From f8cef4d07d9641e27629bd3ce2d13f5d702fb251 Mon Sep 17 00:00:00 2001
> From: DJ Delorie <dj@delorie.com>
> Date: Wed, 19 Jul 2017 13:14:34 -0400
> Subject: Fix cast-after-dereference
> 
> Original code was dereferencing a char*, then casting the value
> to size_t.  Should cast the pointer to size_t* then deference.
> 
> diff --git a/ChangeLog b/ChangeLog
> index d514f08..8618e26 100644
> --- a/ChangeLog
> +++ b/ChangeLog
> @@ -1,3 +1,7 @@
> +2017-07-19  DJ Delorie  <dj@delorie.com>
> +
> +	* grp/grp-merge.c (libc_hidden_def): Fix cast-after-dereference.
> +
>   2017-07-19  H.J. Lu  <hongjiu.lu@intel.com>
> 
>   	[BZ #21741]
> diff --git a/grp/grp-merge.c b/grp/grp-merge.c
> index 6590e5d..035e7a6 100644
> --- a/grp/grp-merge.c
> +++ b/grp/grp-merge.c
> @@ -137,7 +137,7 @@ __merge_grp (struct group *savedgrp, char *savedbuf, char *savedend,
> 
>     /* Get the count of group members from the last sizeof (size_t) bytes in the
>        mergegrp buffer.  */
> -  savedmemcount = (size_t) *(savedend - sizeof (size_t));
> +  savedmemcount = *(size_t *) (savedend - sizeof (size_t));
> 
>     /* Get the count of new members to add.  */
>     for (memcount = 0; mergegrp->gr_mem[memcount]; memcount++)
> 

I've pulled this patch and rerun the test on the mentioned systems.
The test is now passing.

Thanks.
Stefan

diff mbox

Patch

diff --git a/ChangeLog b/ChangeLog
index d514f08..8618e26 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@ 
+2017-07-19  DJ Delorie  <dj@delorie.com>
+
+	* grp/grp-merge.c (libc_hidden_def): Fix cast-after-dereference.
+
 2017-07-19  H.J. Lu  <hongjiu.lu@intel.com>
 
 	[BZ #21741]
diff --git a/grp/grp-merge.c b/grp/grp-merge.c
index 6590e5d..035e7a6 100644
--- a/grp/grp-merge.c
+++ b/grp/grp-merge.c
@@ -137,7 +137,7 @@  __merge_grp (struct group *savedgrp, char *savedbuf, char *savedend,
 
   /* Get the count of group members from the last sizeof (size_t) bytes in the
      mergegrp buffer.  */
-  savedmemcount = (size_t) *(savedend - sizeof (size_t));
+  savedmemcount = *(size_t *) (savedend - sizeof (size_t));
 
   /* Get the count of new members to add.  */
   for (memcount = 0; mergegrp->gr_mem[memcount]; memcount++)