Go to file
Szabolcs Nagy 17bfe5954b Fix OOB read in stdlib thousand grouping parsing [BZ #29727]
__correctly_grouped_prefixmb only worked with thousands_len == 1,
otherwise it read past the end of cp or thousands.

This affects scanf formats like %'d, %'f and the internal but
exposed __strto{l,ul,f,d,..}_internal with grouping flag set
and an LC_NUMERIC locale where thousands_len > 1.

Avoid OOB access by considering thousands_len when initializing cp.
This fixes bug 29727.

Found by the morello port with strict bounds checking where

FAIL: stdlib/tst-strtod4
FAIL: stdlib/tst-strtod5i

crashed using a locale with thousands_len==3.
2022-11-02 15:42:27 +00:00
argp configure: Use -Wno-ignored-attributes if compiler warns about multiple aliases 2022-11-01 09:51:06 -03:00
assert Use atomic_exchange_release/acquire 2022-09-26 16:58:08 +01:00
benchtests Disable use of -fsignaling-nans if compiler does not support it 2022-11-01 09:46:08 -03:00
bits Expose all MAP_ constants in <sys/mman.h> unconditionally (bug 29375) 2022-10-10 09:30:24 +02:00
catgets Use '%z' instead of '%Z' on printf functions 2022-09-22 08:48:04 -03:00
ChangeLog.old Create ChangeLog.old/ChangeLog.25. 2022-07-29 18:03:09 -04:00
conform hurd: drop SA_SIGINFO availability xfail 2022-01-15 17:43:07 +01:00
crypt crypt: Remove unused variable on cert test 2022-03-31 09:00:54 -03:00
csu csu: Disable stack protector for static-reloc for static-pie 2022-10-06 12:52:46 -03:00
ctype Update copyright dates with scripts/update-copyrights 2022-01-01 11:40:24 -08:00
debug Fix invalid pointer dereference in wcpcpy_chk 2022-10-28 11:15:28 +01:00
dirent configure: Use -Wno-ignored-attributes if compiler warns about multiple aliases 2022-11-01 09:51:06 -03:00
dlfcn dlfcn: Pass caller pointer to static dlopen implementation (bug 29446) 2022-08-04 17:54:48 +02:00
elf elf: Remove allocate use on _dl_debug_printf 2022-11-02 11:30:24 -03:00
gmon Use '%z' instead of '%Z' on printf functions 2022-09-22 08:48:04 -03:00
gnulib Update copyright dates with scripts/update-copyrights 2022-01-01 11:40:24 -08:00
grp Add access function attributes to grp and shadow headers 2022-03-14 20:02:30 +05:30
gshadow Add access function attributes to grp and shadow headers 2022-03-14 20:02:30 +05:30
hesiod Update copyright dates with scripts/update-copyrights 2022-01-01 11:40:24 -08:00
htl Use C11 atomics instead of atomic_decrement_and_test 2022-09-23 15:59:56 +01:00
hurd Use PTR_MANGLE and PTR_DEMANGLE unconditionally in C sources 2022-10-18 17:04:10 +02:00
iconv Use PTR_MANGLE and PTR_DEMANGLE unconditionally in C sources 2022-10-18 17:04:10 +02:00
iconvdata gconv: Correct Big5-HKSCS conversion to preserve all state bits. [BZ #25744] 2022-07-06 09:27:13 -03:00
include allocate_once: Apply asm redirection before first use 2022-11-01 09:51:10 -03:00
inet configure: Use -Wno-ignored-attributes if compiler warns about multiple aliases 2022-11-01 09:51:06 -03:00
intl intl: Fix clang -Wunused-but-set-variable on plural.c 2022-11-01 09:45:34 -03:00
io configure: Use -Wno-ignored-attributes if compiler warns about multiple aliases 2022-11-01 09:51:06 -03:00
libio configure: Use -Wno-ignored-attributes if compiler warns about multiple aliases 2022-11-01 09:51:06 -03:00
locale locale: prevent maybe-uninitialized errors with -Os [BZ #19444] 2022-10-05 18:04:13 -03:00
localedata Update to Unicode 15.0.0 [BZ #29604] 2022-10-06 08:58:33 +02:00
login configure: Use -Wno-ignored-attributes if compiler warns about multiple aliases 2022-11-01 09:51:06 -03:00
mach Use atomic_exchange_release/acquire 2022-09-26 16:58:08 +01:00
malloc malloc: Use uintptr_t for pointer alignment 2022-11-01 09:48:22 +00:00
manual manual: Add missing % in int conversion list 2022-10-25 09:12:30 +02:00
math Disable use of -fsignaling-nans if compiler does not support it 2022-11-01 09:46:08 -03:00
mathvec Update copyright dates with scripts/update-copyrights 2022-01-01 11:40:24 -08:00
misc configure: Use -Wno-ignored-attributes if compiler warns about multiple aliases 2022-11-01 09:51:06 -03:00
nis nis: Fix nis_print_directory 2022-10-20 10:54:27 -03:00
nptl nptl: Fix pthread_create.c build with clang 2022-11-01 09:51:10 -03:00
nptl_db nptl_db: disable DT_RELR on libthread_db.so 2022-06-08 11:17:47 -05:00
nscd nscd: Drop local address tuple variable [BZ #29607] 2022-10-04 18:40:25 -04:00
nss Use PTR_MANGLE and PTR_DEMANGLE unconditionally in C sources 2022-10-18 17:04:10 +02:00
po Update libc.pot for 2.36 release. 2022-07-29 16:41:57 -04:00
posix configure: Use -Wno-ignored-attributes if compiler warns about multiple aliases 2022-11-01 09:51:06 -03:00
pwd Update copyright dates with scripts/update-copyrights 2022-01-01 11:40:24 -08:00
resolv configure: Use -Wno-ignored-attributes if compiler warns about multiple aliases 2022-11-01 09:51:06 -03:00
resource configure: Use -Wno-ignored-attributes if compiler warns about multiple aliases 2022-11-01 09:51:06 -03:00
rt rt: Initialize mq_send input on tst-mqueue{5,6} 2022-10-05 18:04:13 -03:00
scripts scripts: Use bool in tunables initializer 2022-10-28 11:14:54 +01:00
setjmp Update copyright dates with scripts/update-copyrights 2022-01-01 11:40:24 -08:00
shadow Add access function attributes to grp and shadow headers 2022-03-14 20:02:30 +05:30
signal Refactor internal-signals.h 2022-06-30 14:56:21 -03:00
socket configure: Use -Wno-ignored-attributes if compiler warns about multiple aliases 2022-11-01 09:51:06 -03:00
soft-fp soft-fp: Add fixhf[uns][di|si] and float[uns][di|si]hf 2022-08-08 11:28:40 -03:00
stdio-common configure: Use -Wno-ignored-attributes if compiler warns about multiple aliases 2022-11-01 09:51:06 -03:00
stdlib Fix OOB read in stdlib thousand grouping parsing [BZ #29727] 2022-11-02 15:42:27 +00:00
string configure: Use -Wno-ignored-attributes if compiler warns about multiple aliases 2022-11-01 09:51:06 -03:00
sunrpc sunrpc: Suppress GCC -Os warning on user2netname 2022-10-05 18:04:13 -03:00
support support: Add xpthread_cond_signal wrapper 2022-10-03 11:19:36 -03:00
sysdeps linux: Fix fstatat on MIPSn64 (BZ #29730) 2022-11-02 16:35:05 +01:00
sysvipc Update copyright dates with scripts/update-copyrights 2022-01-01 11:40:24 -08:00
termios configure: Use -Wno-ignored-attributes if compiler warns about multiple aliases 2022-11-01 09:51:06 -03:00
time configure: Use -Wno-ignored-attributes if compiler warns about multiple aliases 2022-11-01 09:51:06 -03:00
timezone timezone: Fix tst-bz28707 Makefile rule 2022-01-12 10:30:10 -03:00
wcsmbs configure: Use -Wno-ignored-attributes if compiler warns about multiple aliases 2022-11-01 09:51:06 -03:00
wctype configure: Use -Wno-ignored-attributes if compiler warns about multiple aliases 2022-11-01 09:51:06 -03:00
.clang-format Add .clang-format style file 2022-04-11 10:51:03 -05:00
.gitattributes Assume __NR_openat is always defined 2016-03-23 23:35:08 +01:00
.gitignore Add *.pyc to .gitignore 2015-05-18 15:26:26 +05:30
abi-tags Remove the bulk of the NaCl port. 2017-05-20 08:09:10 -04:00
aclocal.m4 Correctly determine libc.so 'OUTPUT_FORMAT' when cross-compiling. 2022-10-28 17:19:02 -04:00
config.h.in LoongArch: Add LoongArch entries to config.h.in 2022-07-26 12:35:12 -03:00
config.make.in Revert "Detect ld.so and libc.so version inconsistency during startup" 2022-08-25 18:46:43 +02:00
configure configure: Use -Wno-ignored-attributes if compiler warns about multiple aliases 2022-11-01 09:51:06 -03:00
configure.ac configure: Use -Wno-ignored-attributes if compiler warns about multiple aliases 2022-11-01 09:51:06 -03:00
CONTRIBUTED-BY Remove "Contributed by" lines 2021-09-03 22:06:44 +05:30
COPYING Update to latest versions of GPL-2.0 and LGPL-2.1 2013-09-09 12:52:48 +10:00
COPYING.LIB Update to latest versions of GPL-2.0 and LGPL-2.1 2013-09-09 12:52:48 +10:00
extra-lib.mk Rename cppflags-iterator.mk to libof-iterator.mk, remove extra-modules.mk. 2017-05-09 07:06:29 -04:00
gen-locales.mk Improve gen-locales.mk and gen-locale.sh to make test files with @ options work 2018-02-27 17:01:57 +01:00
INSTALL Revert "Detect ld.so and libc.so version inconsistency during startup" 2022-08-25 18:46:43 +02:00
libc-abis riscv: support GNU indirect function 2021-01-10 21:25:13 -05:00
libof-iterator.mk Rename cppflags-iterator.mk to libof-iterator.mk, remove extra-modules.mk. 2017-05-09 07:06:29 -04:00
LICENSES arc4random: simplify design for better safety 2022-07-27 08:58:27 -03:00
MAINTAINERS Add MAINTAINERS 2017-05-11 13:38:30 -04:00
Makeconfig Remove lingering libSegfault Makefile entries 2022-10-26 15:55:43 -03:00
Makefile grep: egrep -> grep -E, fgrep -> grep -F 2022-06-05 12:09:02 -07:00
Makefile.help Update copyright dates with scripts/update-copyrights 2022-01-01 11:40:24 -08:00
Makefile.in New make target to only build benchmark binaries 2016-04-20 10:23:28 +05:30
Makerules Makerules: fix MAKEFLAGS assignment for upcoming make-4.4 [BZ# 29564] 2022-09-13 13:45:32 -04:00
NEWS NEWS: Fix grammar 2022-10-06 13:19:33 +02:00
o-iterator.mk Fri Mar 17 12:58:37 1995 Roland McGrath <roland@churchy.gnu.ai.mit.edu> 1995-03-17 18:42:51 +00:00
README LoongArch: Update NEWS and README for the LoongArch port. 2022-07-26 12:35:12 -03:00
Rules Update copyright dates with scripts/update-copyrights 2022-01-01 11:40:24 -08:00
SHARED-FILES Mention today's regex merge in SHARED-FILES 2021-09-21 18:00:10 -07:00
shlib-versions nss: Do not mention NSS test modules in <gnu/lib-names.h> 2022-03-11 08:24:04 +01:00
test-skeleton.c Update copyright dates with scripts/update-copyrights 2022-01-01 11:40:24 -08:00
version.h Open master branch for glibc 2.37 development 2022-07-30 15:34:51 -04:00

This directory contains the sources of the GNU C Library.
See the file "version.h" for what release version you have.

The GNU C Library is the standard system C library for all GNU systems,
and is an important part of what makes up a GNU system.  It provides the
system API for all programs written in C and C-compatible languages such
as C++ and Objective C; the runtime facilities of other programming
languages use the C library to access the underlying operating system.

In GNU/Linux systems, the C library works with the Linux kernel to
implement the operating system behavior seen by user applications.
In GNU/Hurd systems, it works with a microkernel and Hurd servers.

The GNU C Library implements much of the POSIX.1 functionality in the
GNU/Hurd system, using configurations i[4567]86-*-gnu.

When working with Linux kernels, this version of the GNU C Library
requires Linux kernel version 3.2 or later.

Also note that the shared version of the libgcc_s library must be
installed for the pthread library to work correctly.

The GNU C Library supports these configurations for using Linux kernels:

	aarch64*-*-linux-gnu
	alpha*-*-linux-gnu
	arc*-*-linux-gnu
	arm-*-linux-gnueabi
	csky-*-linux-gnuabiv2
	hppa-*-linux-gnu
	i[4567]86-*-linux-gnu
	x86_64-*-linux-gnu	Can build either x86_64 or x32
	ia64-*-linux-gnu
	loongarch64-*-linux-gnu Hardware floating point, LE only.
	m68k-*-linux-gnu
	microblaze*-*-linux-gnu
	mips-*-linux-gnu
	mips64-*-linux-gnu
	or1k-*-linux-gnu
	powerpc-*-linux-gnu	Hardware or software floating point, BE only.
	powerpc64*-*-linux-gnu	Big-endian and little-endian.
	s390-*-linux-gnu
	s390x-*-linux-gnu
	riscv32-*-linux-gnu
	riscv64-*-linux-gnu
	sh[34]-*-linux-gnu
	sparc*-*-linux-gnu
	sparc64*-*-linux-gnu

If you are interested in doing a port, please contact the glibc
maintainers; see https://www.gnu.org/software/libc/ for more
information.

See the file INSTALL to find out how to configure, build, and install
the GNU C Library.  You might also consider reading the WWW pages for
the C library at https://www.gnu.org/software/libc/.

The GNU C Library is (almost) completely documented by the Texinfo manual
found in the `manual/' subdirectory.  The manual is still being updated
and contains some known errors and omissions; we regret that we do not
have the resources to work on the manual as much as we would like.  For
corrections to the manual, please file a bug in the `manual' component,
following the bug-reporting instructions below.  Please be sure to check
the manual in the current development sources to see if your problem has
already been corrected.

Please see https://www.gnu.org/software/libc/bugs.html for bug reporting
information.  We are now using the Bugzilla system to track all bug reports.
This web page gives detailed information on how to report bugs properly.

The GNU C Library is free software.  See the file COPYING.LIB for copying
conditions, and LICENSES for notices about a few contributions that require
these additional notices to be distributed.  License copyright years may be
listed using range notation, e.g., 1996-2015, indicating that every year in
the range, inclusive, is a copyrightable year that would otherwise be listed
individually.