mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-28 15:51:07 +00:00
bcae44ea85
The 680c597e9c
commit made loader reject ill-formatted strings by
first tracking all set tunables and then applying them. However, it does
not take into consideration if the same tunable is set multiple times,
where parse_tunables_string appends the found tunable without checking
if it was already in the list. It leads to a stack-based buffer overflow
if the tunable is specified more than the total number of tunables. For
instance:
GLIBC_TUNABLES=glibc.malloc.check=2:... (repeat over the number of
total support for different tunable).
Instead, use the index of the tunable list to get the expected tunable
entry. Since now the initial list is zero-initialized, the compiler
might emit an extra memset and this requires some minor adjustment
on some ports.
Checked on x86_64-linux-gnu and aarch64-linux-gnu.
Reported-by: Yuto Maeda <maeda@cyberdefense.jp>
Reported-by: Yutaro Shimizu <shimizu@cyberdefense.jp>
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
40 lines
1.3 KiB
ArmAsm
40 lines
1.3 KiB
ArmAsm
/* Memset for aarch64, default version for internal use.
|
|
Copyright (C) 2017-2024 Free Software Foundation, Inc.
|
|
|
|
This file is part of the GNU C Library.
|
|
|
|
The GNU C Library is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU Lesser General Public
|
|
License as published by the Free Software Foundation; either
|
|
version 2.1 of the License, or (at your option) any later version.
|
|
|
|
The GNU C Library is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Lesser General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Lesser General Public
|
|
License along with the GNU C Library. If not, see
|
|
<https://www.gnu.org/licenses/>. */
|
|
|
|
#include <sysdep.h>
|
|
|
|
#if IS_IN (libc)
|
|
# define MEMSET __memset_generic
|
|
|
|
/* Do not hide the generic version of memset, we use it internally. */
|
|
# undef libc_hidden_builtin_def
|
|
# define libc_hidden_builtin_def(name)
|
|
|
|
/* Add a hidden definition for use within libc.so. */
|
|
# ifdef SHARED
|
|
.globl __GI_memset; __GI_memset = __memset_generic
|
|
# endif
|
|
#endif
|
|
|
|
#include <../memset.S>
|
|
|
|
#if IS_IN (rtld)
|
|
strong_alias (memset, __memset_generic)
|
|
#endif
|