[PATCH nptl] Fix memory overwrite bug in pthread_attr_getaffinity().

Carmelo AMOROSO carmelo.amoroso at st.com
Mon Jan 11 14:21:56 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris Metcalf wrote:
> If the caller requests fewer bytes of cpu_set_t data than are
> available from the system, the code will still copy all of the
> system's data to the user, overwriting additional memory.
> 
> Signed-off-by: Chris Metcalf <cmetcalf at tilera.com>
> ---
>  .../unix/sysv/linux/pthread_attr_getaffinity.c     |    8 +++++++-
>  1 files changed, 7 insertions(+), 1 deletions(-)
> 
> diff --git a/libpthread/nptl/sysdeps/unix/sysv/linux/pthread_attr_getaffinity.c b/libpthread/nptl/sysdeps/unix/sysv/linux/pthread_attr_getaffinity.c
> index 5a3d418..376eac8 100644
> --- a/libpthread/nptl/sysdeps/unix/sysv/linux/pthread_attr_getaffinity.c
> +++ b/libpthread/nptl/sysdeps/unix/sysv/linux/pthread_attr_getaffinity.c
> @@ -43,9 +43,15 @@ __pthread_attr_getaffinity_new (const pthread_attr_t *attr, size_t cpusetsize,
>  	if (((char *) iattr->cpuset)[cnt] != 0)
>  	  return EINVAL;
>  
> -      void *p = mempcpy (cpuset, iattr->cpuset, iattr->cpusetsize);
>        if (cpusetsize > iattr->cpusetsize)
> +      {
> +	void *p = mempcpy (cpuset, iattr->cpuset, iattr->cpusetsize);
>  	memset (p, '\0', cpusetsize - iattr->cpusetsize);
> +      }
> +      else
> +      {
> +	memcpy (cpuset, iattr->cpuset, cpusetsize);
> +      }
>      }
>    else
>      /* We have no information.  */

Hi Chris,
did you post the same patch to glibc list too ?

Cheers,
Carmelo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAktLNAMACgkQoRq/3BrK1s8bQACfZEEDJn5Bxg7t+GJBBF8vc7t2
qeEAnR9jslQmG5tL07SV/hBWb5a5+Ma6
=Kucq
-----END PGP SIGNATURE-----


More information about the uClibc mailing list