The inline and library functions that the CMSG_NXTHDR macro may expand
to increment the pointer to the header before checking the stride of
the increment against available space. Since C only allows incrementing
pointers to one past the end of an array, the increment must be done
after a length check. This commit fixes that and includes a regression
test for CMSG_FIRSTHDR and CMSG_NXTHDR.
The Linux, Hurd, and generic headers are all changed.
Tested on Linux on armv7hl, i686, x86_64, aarch64, ppc64le, and s390x.
[BZ #28846]
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.
I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah. I don't
know why I run into these diagnostics whereas others evidently do not.
remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
* sysdeps/mach/hurd/bits/socket.h: Include <bits/wordsize.h> instead
of <limits.h>
(__need_NULL): Do not define.
(__ss_aligntype): Use __WORDSIZE instead of ULONG_MAX to determine
alignment.
[!__USE_MISC] (pseudo_AF_XTP, pseudo_AF_RTIP, pseudo_AF_PIP,
CMGROUP_MAX, cmsgcred): Do not define.
(CMSG_FIRSTHDR, __cmsg_nxthdr): Use (struct cmsghdr *) 0 instead of
NULL.
* bits/socket.h: Likewise.
Some headers did not include all of their prerequisite headers.
* rpcsvc/nislib.h: Include rpcsvc/nis.h.
* sysdeps/unix/sysv/linux/netrose/rose.h:
Include sys/socket.h and netax25/ax25.h.
<endian.h> only defines BYTE_ORDER, BIG_ENDIAN, LITTLE_ENDIAN,
etc. under __USE_MISC; glibc's headers should use __BYTE_ORDER,
__BIG_ENDIAN, __LITTLE_ENDIAN, etc. instead.
* inet/netinet/icmp6.h, inet/netinet/ip6.h
* resolv/arpa/nameser_compat.h:
Use __BYTE_ORDER etc. instead of BYTE_ORDER etc.
sys/types.h only conditionally defines caddr_t and clockid_t.
* sysdeps/unix/sysv/linux/sys/quota.h:
Use __caddr_t instead of caddr_t.
* sysdeps/unix/sysv/linux/sys/timerfd.h:
Use __clockid_t instead of clockid_t.
Remove a #warning that was the sole actual problem with using sys/ipc.h
without _GNU_SOURCE/_XOPEN_SOURCE.
* sysvipc/sys/ipc.h: Remove unnecessary #warning.
_LIBC, __USE_XOPEN2K8, and __STDC_VERSION__ are not always defined.
It seems to me that _LIBC should not appear in installed headers, but
avoiding that for argp specifically would require more surgery than
feels appropriate for this patch set. It's possible that
"#ifdef _LIBC" would be sufficient, but I wanted to be conservative.
All three versions of bits/socket.h want to know whether __flexarr
will produce a real flexible array member -- specifically, one that
doesn't alter sizeof(the structure containing it). They were testing
for this with a complicated #if condition that did not agree with
sys/cdefs.h and that tripped -Wundef warnings under -std=c90.
I added a new macro to sys/cdefs.h, __glibc_c99_flexarr_available,
which reveals exactly what these headers want to know. I also took
the opportunity to flatten the rather messy conditional nest defining
__flexarr.
* argp/argp.h: Check whether _LIBC is defined before expanding it.
* posix/glob.h: Check whether __USE_XOPEN2K8 is defined instead
of expanding it.
* misc/sys/cdefs.h: Tidy up conditional nest defining __flexarr.
Define __glibc_c99_flexarr_available to 1 when the compiler
supports C99-compatible flexible array members, 0 otherwise.
* sysdeps/unix/sysv/linux/bits/socket.h
* sysdeps/mach/hurd/bits/socket.h
* bits/socket.h: Use __glibc_c99_flexarr_available in
definitions of struct cmsghdr and CMSG_DATA.
This avoids aliasing issues with GCC 6 in -fno-strict-aliasing
mode. (With implicit padding, not all data is copied.)
This change makes it explicit that struct sockaddr_storage is
only 126 bytes large on m68k (unlike elsewhere, where we end up
with the requested 128 bytes). The new test case makes sure that
this does not happen on other architectures.
