summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-04-01or1k: fix some TLS issuesYann Sionneau
Before this commit tst-tls-at-ctor test would segfault. After it passes. testsuite run before: https://pastebin.com/504JgQXa testsuite run after: https://pastebin.com/d2aNciVt Stafford Horne already fixed it in glibc: * https://github.com/openrisc/or1k-glibc/blob/bcd87396ebe78228645c0731b06c934dfd88855a/sysdeps/or1k/dl-machine.h#L298 * https://github.com/openrisc/or1k-glibc/blob/bcd87396ebe78228645c0731b06c934dfd88855a/sysdeps/or1k/dl-machine.h#L99
2020-04-01statx: make include conditional, fixes non-csky arch buildroot buildsWaldemar Brodkorb
2020-04-01Resolve bug when using unusual MALLOC_ALIGNMENTEyal Itkin
Safe-Linking alignment checks should be done on the user's buffer and not the mchunkptr. The new check adds support for cases in which: MALLOC_ALIGNMENT != 2*(sizeof(size_t)) The default case for both 32 bits and 64 bits was already supported, and this patch adds support for the described irregular case.
2020-02-19malloc: add missing header for some arch (alpha)Waldemar Brodkorb
2020-02-16bump to 1.0.33 for releasev1.0.33Waldemar Brodkorb
2020-02-16Add Safe-Linking to fastbinsEyal Itkin
Safe-Linking is a security mechanism that protects single-linked lists (such as the fastbins) from being tampered by attackers. The mechanism makes use of randomness from ASLR (mmap_base), and when combined with chunk alignment integrity checks, it protects the pointers from being hijacked by an attacker. While Safe-Unlinking protects double-linked lists (such as the small bins), there wasn't any similar protection for attacks against single-linked lists. This solution protects against 3 common attacks: * Partial pointer override: modifies the lower bytes (Little Endian) * Full pointer override: hijacks the pointer to an attacker's location * Unaligned chunks: pointing the list to an unaligned address The design assumes an attacker doesn't know where the heap is located, and uses the ASLR randomness to "sign" the single-linked pointers. We mark the pointer as P and the location in which it is stored as L, and the calculation will be: * PROTECT(P) := (L >> PAGE_SHIFT) XOR (P) * *L = PROTECT(P) This way, the random bits from the address L (which start at the bits in the PAGE_SHIFT position), will be merged with the LSB of the stored protected pointer. This protection layer prevents an attacker from modifying the pointer into a controlled value. An additional check that the chunks are MALLOC_ALIGNed adds an important layer: * Attackers can't point to illegal (unaligned) memory addresses * Attackers must guess correctly the alignment bits On standard 32 bit Linux machines, an attacker will directly fail 7 out of 8 times, and on 64 bit machines it will fail 15 out of 16 times. The proposed solution adds 3-4 asm instructions per malloc()/free() and therefore has only minor performance implications if it has any. A similar protection was added to Chromium's version of TCMalloc in 2013, and according to their documentation the performance overhead was less than 2%. Signed-off-by: Eyal Itkin <eyalit@checkpoint.com>
2020-02-10include/ctype.h: restore __isctype_l definitionMax Filippov
Recent is*_l fix broke uclibc build because removed __isctype_l definition was used in libc/misc/ctype/ctype.c. Restore it. Fixes: d1a3ca7ca566 ("include/ctype.h: drop is*_l macro definitions") Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2020-02-07aarch64/bits: provide sigstack.hVladimir Murzin
It fixes tst-signal6 and friends. Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
2020-02-07aarch64/sys: update ucontext.hVladimir Murzin
It fixes tst-cancel1 and friends. Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
2020-02-07common/bits: Fix ipc_perm and semid_ds definitions for 64-bit archesVladimir Murzin
It fixes: FAIL sem got 1 expected 0 failed: incorrect sem_nsems! semget(IPC_CREAT) = 0 semctl(k) = 0 sem_nsems = 0 for aarch64. Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
2020-02-07aarch64: always use MMUVladimir Murzin
Only MMU variant is supported. Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
2020-02-04include/ctype.h: drop is*_l macro definitionsMax Filippov
ctype locale-specific macro definitions are broken because they result in dereference of pointer to structure of incomplete type. Drop these macros since they are optional and let applications use functions with the same names. This change fixes parted-3.3 build with uClibc-ng: http://autobuild.buildroot.net/results/b7ba1210d5aa184b133f0171da621d2b0083ec39/build-end.log Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2020-02-03csky: add statx conditionalsWaldemar Brodkorb
Similar to glibc commit https://sourceware.org/git/?p=glibc.git;a=commit;h=6bbfc5c09fc5b5e3d4a0cddbbd4e2e457767dae7 we need to handle Linux kernel change, which removed stat64 family from default syscall set. Signed-off-by: Waldemar Brodkorb <wbx@openadk.org> Signed-off-by: Waldemar Brodkorb <wbrodkorb@conet.de>
2020-01-30Fix map_newlink abort when interface list changes during getifaddrsVincent Hou
map_newlink() may abort when interface list changed between netlink request for getting interfaces and getting addresses. This commit is ported from the same change from glibc commit. Signed-off-by: Vincent Hou <vincent.houyi@gmail.com>
2020-01-30poll: avoid calling select with empty sets which hangs the processYann Sionneau
Avoid calling select with empty sets which hangs the process This makes uClibc-ng act like glibc and musl Without this fix the test_poll of python3 testsuite hangs forever Scenario of the issue: If you call poll with only invalid file descriptors, like in python3 testsuite (https://github.com/python/cpython/blob/master/Lib/test/test_poll.py#L83) You will go through uClibc poll emulation code, which is based on select syscall. Your first call to select will fail, it will return -1 and errno will be set to EBADF: https://github.com/wbx-github/uclibc-ng/blob/master/libc/sysdeps/linux/common/poll.c#L120 Then you will go through the for loop which tests individually each file descriptor by calling select on each one: https://github.com/wbx-github/uclibc-ng/blob/master/libc/sysdeps/linux/common/poll.c#L163 each call will also return -1 with errno being equal to EBADF. Therefore all pollfd will have the POLLNVAL flag in their respective revents field. And, the most important, rset/wset/xset will stay empty. Then the for loop ends, the "continue" makes the while loop run again. The following select() is run again: https://github.com/wbx-github/uclibc-ng/blob/master/libc/sysdeps/linux/common/poll.c#L120 But this time the sets are empty. If the poll was called with timeout set to -1, this select will hang forever because there is no timeout and the sets are empty so no event will ever wake it up. test program: int main(void) { struct pollfd pfd; int ret; int pipe_fds[2]; pipe(pipe_fds); close(pipe_fds[0]); close(pipe_fds[1]); pfd.fd = pipe_fds[0]; pfd.events = POLLIN | POLLOUT | POLLPRI; pfd.revents = 0; ret = poll(&pfd, 1, -1); printf("ret: %d\n", ret); if (ret < 0) printf("error: %s", strerror(errno)); else { puts("revents: "); if (pfd.revents & POLLERR) printf(" POLLERR"); if (pfd.revents & POLLHUP) printf(" POLLHUP"); if (pfd.revents & POLLNVAL) printf(" POLLNVAL"); puts(""); } return 0; } This hangs on uClibc-ng aarch64 and Kalray's arch (kv3) but does the following on musl and glibc: " ret: 1 revents: POLLNVAL " strace output of this program with uClibc *without* the patch applied: pselect6(4, [3], [3], [3], NULL, NULL) = -1 EBADF (Bad file descriptor) pselect6(4, [3], [3], [3], {tv_sec=0, tv_nsec=0}, NULL) = -1 EBADF (Bad file descriptor) pselect6(0, 0x7ffffffb80, 0x7ffffffb68, 0x7ffffffb50, NULL, NULL (never finishes) strace output of this program with uClibc *with* the patch applied: pselect6(4, [3], [3], [3], NULL, NULL) = -1 EBADF (Bad file descriptor) pselect6(4, [3], [3], [3], {tv_sec=0, tv_nsec=0}, NULL) = -1 EBADF (Bad file descriptor) write(1, "ret: 1\n", 7ret: 1 ) = 7 write(1, "revents: \n", 10revents: ) = 10 write(1, " POLLNVAL\n", 10 POLLNVAL ) = 10 exit_group(0) = ? +++ exited with 0 +++
2020-01-28fix getenv bugAta, John (US)
The getenv() library call can trap under certain conditions. It compares the passed in environment variable name (var) with the name=variables (*ep) in the environment area and returns a pointer to the value in the environment if it exists. To accomplish this, it does a memcmp() using the length of the passed in name (len) for each environment variable (*ep) against the passed in name ( var). So memcmp will attempt to scan both strings for len bytes. However, if for some reason, len is equal to or greater than 16 and longer than the length of the *ep in the environment and the *ep resides near the end of a page boundary while the next page is not present or mapped, the memcmp could trap with a sigsegv error while continuing the scan with the optimization read-ahead. However, if strncmp is used instead, there is no problem since both source and destination scanning will stop when either reaches a terminating NULL
2019-11-17riscv64: fix DB_THREAD_SELF, fixes 4 testsuite failuresWaldemar Brodkorb
2019-11-17riscv64: fix comments borrowed from or1k portYann Sionneau
Signed-off-by: Yann Sionneau <ysionneau@kalray.eu>
2019-11-17Makefile.in: build utils without stack smashing protectorEugene Yudin
2019-11-17fix PTRAVE_EVENT_SECCOMP typo in ptrace.hJoris Vink
Hi, This diff fixes a typo in the PTRACE_EVENT_SECCOMP event code. The typo itself was introduced in 2012 when syncing with glibc header files and was itself fixed in 2013 in the glibc headers.
2019-11-08riscv64: implement NPTL/TLSWaldemar Brodkorb
basically from or1k port of uClibc-ng, with fixes for structures in pthreadtypes.h from 64 bit architectures. 18 testsuite failures counted.
2019-11-06riscv64: lazy relocations do not work like sparc/m68kWaldemar Brodkorb
2019-11-05implement fexecve from glibcWaldemar Brodkorb
2019-11-01riscv64: add shared library supportWaldemar Brodkorb
2019-10-30Make __syscall_error return long, as expected by syscall() callersCarlos Santos
The return type of syscall() is long so __syscall_error, which is jumped to by syscall handlers to stash an error number into errno, must return long too otherwhise it returs 4294967295L instead of -1L. For example, syscall for x86_64 is defined in libc/sysdeps/linux/x86_64/syscall.S as syscall: movq %rdi, %rax /* Syscall number -> rax. */ movq %rsi, %rdi /* shift arg1 - arg5. */ movq %rdx, %rsi movq %rcx, %rdx movq %r8, %r10 movq %r9, %r8 movq 8(%rsp),%r9 /* arg6 is on the stack. */ syscall /* Do the system call. */ cmpq $-4095, %rax /* Check %rax for error. */ jae __syscall_error /* Branch forward if it failed. */ ret /* Return to caller. */ In libc/sysdeps/linux/x86_64/__syscall_error.c, __syscall_error is defined as int __syscall_error(void) attribute_hidden; int __syscall_error(void) { register int err_no __asm__ ("%rcx"); __asm__ ("mov %rax, %rcx\n\t" "neg %rcx"); __set_errno(err_no); return -1; } So __syscall_error returns -1 as a 32-bit int in a 64-bit register, %rax (0x00000000ffffffff, whose decimal value is decimal 4294967295) and a test like this always returns false: if (syscall(number, ...) == -1) foo(); Fix the error by making __syscall_error return a long, like syscall(). The problem can be circumvented by the caller by coercing the returned value to int before comparing it to -1: if ((int) syscall(number, ...) == -1) foo(); The same problem probably occurs on other 64-bit systems but so far only x86_64 was tested, so this change must be considered experimental. Signed-off-by: Carlos Santos <unixmania@gmail.com>
2019-10-15bump to 1.0.32 for releasev1.0.32Waldemar Brodkorb
2019-10-15Fix value for O_mask_was_saved based on gdb observationmirabilos
(gdb) print offsetof(struct __jmp_buf_tag, __mask_was_saved) $12 = (int *) 0x1f0 using https://stackoverflow.com/a/39663128/2171120
2019-10-15sparc64: Make structure match kernel uapimirabilos
Update from linux/arch/sparc/include/uapi/asm/uctx.h
2019-10-15sparc64: Use the jmpbuf-offsets.h header instead of duplicating itmirabilos
2019-10-10aarch64: sync with glibc code to see any differences in a better wayWaldemar Brodkorb
2019-10-05or1k: Fix compiling with PIC and latest binutils use PLT for __syscall_errorStafford Horne
This symbol was causing a build failure with the new toolchain. It looks like it has always been wrong. The main issue was checking for PIC rather than __PIC__. Remove all PSEUDO_* macros and ther SYSCALL_ERROR_NAME macro as they are not needed by uclibc-ng, they are used in glibc for building up syscalls there, but not here. Fixes error: /opt/shorne/software/or1k-linux/bin/../lib/gcc/or1k-linux/9.0.1/../../../../or1k-linux/bin/ld: libc/libc_so.a(or1k_clone.os): pc-relative relocation against dynamic symbol __syscall_error /opt/shorne/software/or1k-linux/bin/../lib/gcc/or1k-linux/9.0.1/../../../../or1k-linux/bin/ld: final link failed: bad value Signed-off-by: Stafford Horne <shorne@gmail.com>
2019-09-30malloc: Add missing locks for some paths (valloc/memalign/posix_memalign)Kjetil Oftedal
The internal heap structures were not protected properly in memalign(). If multiple threads were concurrently allocating memory and one of them were requesting aligned memory via valloc,memalign or posix_memalign the internal heap data structures could be corrupted. Signed-off-by: Kjetil Oftedal <oftedal@gmail.com>
2019-09-30PowerPC: Fix termios definitionsAdhemerval Zanella
This patch fixes the incorrect guard by __USE_MISC of struct winsize and struct termio in powerpc termios header. Current states leads to build failures if the program defines _XOPEN_SOURCE, but not _DEFAULT_SOURCE or either _BSD_SOURCE or _SVID_SOURCE. Without any definition, __USE_MISC will not be defined and neither the struct definitions. This patch copies the default Linux ioctl-types.h by adjusting only the character control field (c_cc) size in struct termio. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> [Vadim: adopted for uclibc ]
2019-09-09Revert "package/uclibc: fix termios redefinition issue for PowerPC"Waldemar Brodkorb
This reverts commit 14c36638c1a125b1c2d06857c7e7c44f266d0e8e.
2019-09-06package/uclibc: fix termios redefinition issue for PowerPCVadim Kochan
Fix redefinition of 'struct termios' by syncing termios powerpc headers from glibc, the commit which fixed the same issue in glibc: d4795e4a43e6f0c221bc5dc64c612206a21a177b PowerPC: Fix termios definitions https://sourceware.org/git/?p=glibc.git;a=commit;h=d4795e4a43e6f0c221bc5dc64c612206a21a177b it fixed the following bug request: https://bugzilla.redhat.com/show_bug.cgi?id=1122714 In case of Buildroot it fixes flashrom build for PowerPC. Fixes: http://autobuild.buildroot.net/results/797dde5cbf0e94162c7cc7b557841605c78ac2f3/ Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
2019-07-05mips: avoid calling memcpy() from memmove() for MIPS archPetar Jovanovic
This is a follow up to an incorrect fix for memmove() problem in: commit 785dee78552f9ad06819bf7eb1adc05b43110842 Author: Petar Jovanovic <petar.jovanovic@rt-rk.com> Date: Mon May 6 13:29:02 2019 +0000 mips: fix memmove() call when __ARCH_HAS_BWD_MEMCPY__ is not defined Calling memcpy from memmove should be skipped in two cases: a) if arch's memcpy uses a backward copying (e.g. SH4) b) if arch's memcpy is not fully safe for overlapping regions (MIPS) Signed-off-by: Petar Jovanovic <petar.jovanovic@rt-rk.com>
2019-07-05Fix header installation for recent 64-only archYann Sionneau
Summary: Recent arch do not support Legacy. Thus they don't define ARCH_HAS_DEPRECATED_SYSCALLS But this led to per-arch headers not being installed and common-generic ones taking precedence. So it was impossible to declare arch-specific statfs.h for instance, to force 64-bit mode only. This was leading to the following situation to happen: 1/ an application compiles (say without -D_FILE_OFFSET_BITS set) it therefore uses struct statfs from libc/sysdeps/linux/common-generic/bits/statfs.h where f_type and f_bsize fields are U32: https://elixir.bootlin.com/uclibc-ng/latest/source/libc/sysdeps/linux/common-generic/bits/statfs.h#L18 2/ application calls "statfs" 3/ uClibc issues "statfs64" syscall (because __NR_statfs64 is defined and __NR_statfs is undefined): https://elixir.bootlin.com/uclibc-ng/latest/source/libc/sysdeps/linux/common/statfs.c#L14 4/ if Linux kernel port is not defining CONFIG_COMPAT, it calls do_statfs_native https://elixir.bootlin.com/linux/latest/source/fs/statfs.c#L195 5/ it does copy_to_user of the size of struct statfs defined in the kernel source tree: https://elixir.bootlin.com/linux/latest/source/fs/statfs.c#L161 6/ Generic struct statfs in the kernel is defined like this: https://elixir.bootlin.com/linux/latest/source/include/uapi/asm-generic/statfs.h#L23 f_type and f_bsize fields are long (64 bits) for 64-bit archs. 7/ memory corruption occurs because of this mismatch Solution: Allow to not define __ARCH_HAS_DEPRECATED_SYSCALLS__ *and* declare its own arch-specific statfs.h header, matching the kernel one. (for instance with f_type and f_bsize defined as long) Does this change break other archs? This change allows headers in libc/sysdeps/linux/<ARCH>/bits/ to override ones in libc/sysdeps/linux/common-generic/bits/ The only arch which does not define __ARCH_HAS_DEPRECATED_SYSCALLS__ *and* has a header in libc/sysdeps/linux/<ARCH>/bits/ which can conflict with one in libc/sysdeps/linux/common-generic/bits/ is c6x. The file that can override is ../libc/sysdeps/linux/c6x/bits/kernel_stat.h This, btw, means that, today, this file is there and is not used (during compilation, GNU Make overrides the rule): Makefile.in:152: warning: overriding recipe for target `include/bits/kernel_stat.h' Makefile.in:148: warning: ignoring old recipe for target `include/bits/kernel_stat.h' I was not able to compile uClibc with the only binary toolchain I found for c6x arch (gcc-4.5.1 from code sourcery: https://sourcery.mentor.com/GNUToolchain/release1882) However, I can tell that c6x's kernel_stat.h only defines two structs: kernel_stat and kernel_stat64: https://elixir.bootlin.com/uclibc-ng/latest/source/libc/sysdeps/linux/c6x/bits/kernel_stat.h And I can also tell that those structs are only used when using xstat conversion functions (__xstat32_conv / xstat_conv) which are only used and present in the __ARCH_HAS_DEPRECATED_SYSCALLS__ == y case. However, c6x does not define __ARCH_HAS_DEPRECATED_SYSCALLS__ So I think I can say that this change does not affect c6x nor other archs.
2019-07-05riscv: clear a3/a4 in crt1Christoph Hellwig
We don't support shared libraries and thus _init/_fini. But loading nommu binaries blows they aren't cleared, so do that. Signed-off-by: Christoph Hellwig <hch@lst.de>
2019-07-05riscv: add the MAP_UNINITIALIZED definitionChristoph Hellwig
This avoids a nommu build failure. Signed-off-by: Christoph Hellwig <hch@lst.de>
2019-06-21fix opendir, fpathconf and ttyname_r to use fstat64(), not fstat()Denys Vlasenko
There is no opendir64(), thus even programs built for 64-bit off_t use opendir(). Before this change, internally opendir() uses fstat(), with the following breakage if some of struct stat fields are too narrow: $ strace ls -l execve("/busybox/ls", ["ls", "-l"], 0x7ffcdc43ede8 /* 16 vars */) = 0 ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0 getuid32() = 0 time([1551486393 /* 2019-03-02T00:26:33+0000 */]) = 1551486393 (2019-03-02T00:26:33+0000) ioctl(0, TIOCGWINSZ, {ws_row=38, ws_col=120, ws_xpixel=0, ws_ypixel=0}) = 0 ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0 brk(NULL) = 0x9768000 brk(0x9769000) = 0x9769000 lstat64(".", 0xffa6e374) = 0 open(".", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, 0xffa6e378) = -1 EOVERFLOW (Value too large for defined data type) See https://bugs.busybox.net/show_bug.cgi?id=11651 Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2019-06-21Fix compilation issue when libuargp is compiled without ↵Yann Sionneau
__UCLIBC_HAS_PROGRAM_INVOCATION_NAME__ This fixes the issue reported at https://github.com/wbx-github/uclibc-ng/issues/2 Signed-off-by: Yann Sionneau <yann@sionneau.net>
2019-05-27mips: fix memmove() call when __ARCH_HAS_BWD_MEMCPY__ is not definedPetar Jovanovic
When arch (such as MIPS) does not define __ARCH_HAS_BWD_MEMCPY__, memmove() calls memcpy() which is wrong for overlapping regions. Signed-off-by: Petar Jovanovic <petar.jovanovic@rt-rk.com>
2019-05-27sparc: remove asm constraintRomain Naour
uClibc-ng don't build with gcc 9.1 [1] due to a new check that "catch illegal asm constraint usage" [2]. gcc 9.1 print this error: "invalid hard register usage between earlyclobber operand and input operand" The asm constraint is present in uClibc since it support sparc (back in 2002)[3]. Note: There is no such constraint is Glibc counterpart code [4]. [1] https://gitlab.com/kubu93/toolchains-builder/-/jobs/205435757 [2] https://github.com/gcc-mirror/gcc/commit/b782636f28f5c378897c238081d28d7a4a6ca578 [3] https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=3b6d086531102b6d09ce852feb1e370d5dca3ce9 [4] +https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/sparc/sysdep.h;h=981b2a26b7a91093f821c97876 +e55bc4be2d9f8a;hb=HEAD
2019-05-13preadv/pwritev: fix offset argument typeMax Filippov
preadv/pwritev don't provide separate version for 64-bit wide off_t, and default to 32-bit wide off_t, which results in a mismatch between declaration and definition for user programs built with -D_FILE_OFFSET_BITS=64. Make offset argument of both functions __off64_t. This fixes test misc/tst-preadvwritev on xtensa. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2019-05-13xtensa: don't use l32r opcode explicitlyMax Filippov
xtensa assembler is capable of representing register loads with either movi + addmi, l32r or const16, depending on the core configuration. Don't use '.literal' and 'l32r' directly in the code, use 'movi' and let the assembler relax them. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2019-05-13docs/defines.txt: clarify LFS-related macrosMax Filippov
Add description for _LARGEFILE_SOURCE, _LARGEFILE64_SOURCE, _FILE_OFFSET_BITS and __USE_LARGEFILE, __USE_LARGEFILE64 and __USE_FILE_OFFSET64 macros. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2019-04-14Fix build with SUPPORT_LD_DEBUG_EARLY enabledKonstantin Vasin
2019-04-14Fix _dl_deallocate_tls in !SHARED caseYann Sionneau
This patch seems needed in builds where - SHARED is not defined (no shared lib support) - and USE_TLS is set Without this patch, static_dtv is free'ed. See the following backtrace: 0 __do_check_chunk (p=0x52638 <fork_handler_pool+2296>) at libc/stdlib/malloc-standard/malloc.c:80 1 0x0000000000017fa0 in __do_check_inuse_chunk (p=0x52638 <fork_handler_pool+2296>) at libc/stdlib/malloc-standard/malloc.c:143 2 0x0000000000017354 in free (mem=0x52648 <static_dtv>) at libc/stdlib/malloc-standard/free.c:293 3 0x000000000002d5b0 in _dl_deallocate_tls (tcb=0x58690, dealloc_tcb=false) at libpthread/nptl/sysdeps/generic/dl-tls.c:588 4 0x0000000000021c0c in __deallocate_stack (pd=0x58000) at libpthread/nptl/allocatestack.c:717 5 0x0000000000024408 in __free_tcb (pd=0x58000) at libpthread/nptl/pthread_create.c:217 6 0x00000000000200ac in pthread_join (threadid=360448, thread_return=0x0 <k1c_start>) at libpthread/nptl/pthread_join.c:109 7 0x0000000000010354 in tf (a=0x58000) at tst-basic3.c:42 8 0x00000000000247c8 in start_thread (arg=0x4000200960) at libpthread/nptl/pthread_create.c:285 9 0x0000000000026560 in ?? () This backtrace is obtained while debugging tst-basic3 from the uclibc-ng nptl testsuite. It aborts because of the assert in malloc: https://elixir.bootlin.com/uclibc-ng/v1.0.31/source/libc/stdlib/malloc-standard/malloc.c#L80 Signed-off-by: Yann Sionneau <ysionneau@kalray.eu>
2019-04-14Fix TLS allocation and loading in !SHARED caseYann Sionneau
For ARCH where shared lib are not supported: - SHARED is not set (!SHARED is true) - __ARCH_HAS_NO_LDSO__ is set so code inside #if !defined __ARCH_HAS_NO_LDSO__ && !defined SHARED is compiled-out. But without a call do _dl_aux_init(), _dl_phdr stays NULL and __libc_setup_tls won't be able to allocate memory for the in-executable TLS and also won't be able to load the initimage from ELF TLS segment. This results in segfault when doing things like "errno = 0" like in tst-cancel15.c for instance in uClibc-ng testsuite. Signed-off-by: Yann Sionneau <ysionneau@kalray.eu>
2019-03-02Fix NULL pointer dereference in open_memstream()Eugene Yudin
--000000000000cb1b1305827e5ae0 Content-Type: text/plain; charset="UTF-8" Hi, Current version of uClibc-ng has issue in open_memstream() function. If the cookie variable is NULL (due malloc() fail) then null pointer is dereferenced after if block. The attached patch fixes this issue. -- Best regards, Eugene <div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hi,<div><br></div><div>Current version of uClibc-ng has issue in open_memstream() function.</div><div>If the cookie variable is NULL (due malloc() fail) then null pointer is dereferenced after if block.</div><div><br></div><div>The attached patch fixes this issue.<br clear="all"><div>-- <br></div><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div><span><div>Best regards,<br></div>Eugene</span></div></div></div></div></div></div></div></div></div>