mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-10 15:20:10 +00:00
8f5e8b01a1
The nan, nanf and nanl functions handle payload strings by doing e.g.:
if (tagp[0] != '\0')
{
char buf[6 + strlen (tagp)];
sprintf (buf, "NAN(%s)", tagp);
return strtod (buf, NULL);
}
This is an unbounded stack allocation based on the length of the
argument. Furthermore, if the argument starts with an n-char-sequence
followed by ')', that n-char-sequence is wrongly treated as
significant for determining the payload of the resulting NaN, when ISO
C says the call should be equivalent to strtod ("NAN", NULL), without
being affected by that initial n-char-sequence. This patch fixes both
those problems by using the __strtod_nan etc. functions recently
factored out of strtod etc. for that purpose, with those functions
being exported from libc at version GLIBC_PRIVATE.
Tested for x86_64, x86, mips64 and powerpc.
[BZ #16961]
[BZ #16962]
* math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
string on the stack for strtod.
* math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
a string on the stack for strtof.
* math/s_nanl.c (__nanl): Use __strtold_nan instead of
constructing a string on the stack for strtold.
* stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
__strtold_nan to GLIBC_PRIVATE.
* math/test-nan-overflow.c: New file.
* math/test-nan-payload.c: Likewise.
* math/Makefile (tests): Add test-nan-overflow and
test-nan-payload.
124 lines
2.1 KiB
Plaintext
124 lines
2.1 KiB
Plaintext
libc {
|
|
GLIBC_2.0 {
|
|
# functions with required interface outside normal name space
|
|
__xpg_basename;
|
|
|
|
# functions used in inline functions or macros
|
|
__strto*_internal;
|
|
|
|
# compatibility symbol
|
|
__secure_getenv;
|
|
|
|
# a*
|
|
a64l; abort; abs; atexit; atof; atoi; atol; atoll;
|
|
|
|
# b*
|
|
bsearch;
|
|
|
|
# c*
|
|
canonicalize_file_name; clearenv;
|
|
|
|
# d*
|
|
div; drand48; drand48_r;
|
|
|
|
# e*
|
|
erand48; erand48_r; exit;
|
|
|
|
# g*
|
|
getenv; getsubopt;
|
|
|
|
# i*
|
|
initstate; initstate_r;
|
|
|
|
# l*
|
|
l64a; labs; lcong48; lcong48_r; ldiv; llabs; lldiv; lrand48; lrand48_r;
|
|
|
|
# m*
|
|
mblen; mbrlen; mbrtowc; mbsinit; mbsnrtowcs; mbsrtowcs; mbstowcs;
|
|
mbtowc; mcheck; mcount; mrand48; mrand48_r;
|
|
|
|
# n*
|
|
nrand48; nrand48_r;
|
|
|
|
# o*
|
|
on_exit;
|
|
|
|
# p*
|
|
putenv;
|
|
|
|
# q*
|
|
qsort;
|
|
|
|
# r*
|
|
rand; rand_r; random; random_r; realpath; rpmatch;
|
|
|
|
# s*
|
|
seed48; seed48_r; setcontext; setenv; setstate; setstate_r; srand; srand48;
|
|
srand48_r; srandom; srandom_r; step; strfmon; strtod; strtof; strtol;
|
|
strtold; strtoll; strtoq; strtoul; strtoull; strtouq; system;
|
|
|
|
# u*
|
|
unsetenv;
|
|
|
|
# w*
|
|
wcstombs; wctomb;
|
|
}
|
|
GLIBC_2.1 {
|
|
# a*
|
|
addseverity;
|
|
|
|
# f*
|
|
fmtmsg;
|
|
|
|
# g*
|
|
getcontext;
|
|
|
|
# m*
|
|
makecontext;
|
|
|
|
# s*
|
|
strtoimax; strtoumax; swapcontext;
|
|
}
|
|
GLIBC_2.1.1 {
|
|
# _*
|
|
_Exit;
|
|
|
|
# i*
|
|
imaxabs; imaxdiv;
|
|
}
|
|
GLIBC_2.1.3 {
|
|
# used by new G++ ABI
|
|
__cxa_atexit; __cxa_finalize;
|
|
}
|
|
GLIBC_2.3 {
|
|
# Silent change in SUS.
|
|
realpath;
|
|
}
|
|
GLIBC_2.8 {
|
|
qsort_r;
|
|
}
|
|
GLIBC_2.10 {
|
|
quick_exit; __cxa_at_quick_exit;
|
|
}
|
|
GLIBC_2.13 {
|
|
__fentry__;
|
|
}
|
|
GLIBC_2.17 {
|
|
secure_getenv;
|
|
}
|
|
GLIBC_2.18 {
|
|
__cxa_thread_atexit_impl;
|
|
}
|
|
GLIBC_PRIVATE {
|
|
# functions which have an additional interface since they are
|
|
# are cancelable.
|
|
__libc_system;
|
|
# Variable which needs a dynamic symbol table entry.
|
|
__abort_msg;
|
|
# Used from other libraries
|
|
__libc_secure_getenv;
|
|
__call_tls_dtors;
|
|
__strtof_nan; __strtod_nan; __strtold_nan;
|
|
}
|
|
}
|