Message ID | ca35ce47afa4a6cb3674f38413061db7635a73ec.1666974807.git.szabolcs.nagy@arm.com |
---|---|
State | New |
Headers | show
Return-Path: <libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=<UNKNOWN>) Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=w12f4KH/; dkim-atps=neutral Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MzSwb39L9z23kY for <incoming@patchwork.ozlabs.org>; Sat, 29 Oct 2022 03:41:03 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 6AF58388552D for <incoming@patchwork.ozlabs.org>; Fri, 28 Oct 2022 16:41:01 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6AF58388552D DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1666975261; bh=OAhBKPl7XRlJ/Rprj7AGlo4QpBqZhZyMizT6L1rb9R0=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=w12f4KH/h8Kp9dXm6ewKAnsG8h7sfLqb7gjB6gtX9lFIL1ugHcx3xlQJccIwbyHk4 HPzCpXN+75haWK/UQ8RrbY8uUuirEuvH0hr27EZ4bMqdWLCjgB/sI9z/ySLwILXkeW FhQPyq1qWNGr0YQMwh5yzXGjPFg35ZmcRrJhKAvk= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20077.outbound.protection.outlook.com [40.107.2.77]) by sourceware.org (Postfix) with ESMTPS id 786ED382EA18 for <libc-alpha@sourceware.org>; Fri, 28 Oct 2022 16:40:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 786ED382EA18 ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=H6QMyRlMS269pMAV5IME2wbxFx8QFz6sdQgaw2Fz+GiZ6Dc420fcVae88BrQnqV+Mmc1/weVLnYddFkCuEK+C0NBjP+ShWesK9ben7EX8J4hyeh6nIJhUk+T56feWp1J8Qfq0D3dzYk3d4PcbBLWQvmmL20oR96kcdl1sI2QXazDEhpilohxiNPdVF9PS+IFSSefCcAsCwVI206prQ5JdcPA0VRhDL934bjEk2cYLaigX5YohizLeq90c6dkD4JP7puv8h/KSrrFkYuF4eIuLkfWUNebAbwsnvGEIHRkGyEQKGjpqLeaNrv6yidICJqtLffCh4D5bMEBzTL2qt0iqw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OAhBKPl7XRlJ/Rprj7AGlo4QpBqZhZyMizT6L1rb9R0=; b=PoQ10I3Wd7fe+FozCNcAM8uOYGbH/b2KMoImbq08kz6nLuN92kFRfcdhag5NaQ40IuO4LbUozw5x+f6laByMhLLzggeR4j/ds1mqxjCht9DLbnL3fgZSqpahmFXVzjRE1PrakoHRCn6sd67GFedRTzWI+hf1NOJ3XQJilXEhn+qtYXEDrLFVnSp13J/ySODAqwjoofGryyuea7mGlrYL/CIG058JjWbmxDfvigV1gHD1TRmkfiF2rKCfB5KbnuT7LOckiSDlIqYWJo2keibmKmil0UO3lstOQAY8i7Vu/NNhyAXjYlrzUCZkL65nyLS6wcy2mtLseFXhZJ80KoqSJg== ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=sourceware.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1, 1, smtp.mailfrom=arm.com] dmarc=[1, 1, header.from=arm.com]) Received: from AS9PR06CA0072.eurprd06.prod.outlook.com (2603:10a6:20b:464::10) by AS8PR08MB6550.eurprd08.prod.outlook.com (2603:10a6:20b:31b::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.14; Fri, 28 Oct 2022 16:40:06 +0000 Received: from AM7EUR03FT008.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:464:cafe::b1) by AS9PR06CA0072.outlook.office365.com (2603:10a6:20b:464::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.29 via Frontend Transport; Fri, 28 Oct 2022 16:40:06 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM7EUR03FT008.mail.protection.outlook.com (100.127.141.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.14 via Frontend Transport; Fri, 28 Oct 2022 16:40:06 +0000 Received: ("Tessian outbound aeae1c7b66fd:v130"); Fri, 28 Oct 2022 16:40:06 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 4620b24ae92df8ea X-CR-MTA-TID: 64aa7808 Received: from 77b2abc5e1fd.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id E04B1BC1-7426-4359-B77F-4A8893E57300.1; Fri, 28 Oct 2022 16:39:59 +0000 Received: from EUR03-AM7-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 77b2abc5e1fd.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 28 Oct 2022 16:39:59 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=d5qjYVebChhmFzWY/T95cbMAZoFrMRQuniYxv+TyXoDfR1cHzOSVB0nRn40tMo7cDbXFvdMd9zidL1iGBdtnikjTD08vnSJgiLVzRWbYM1jboap4JBUei8g32+ESNdpSiosEjp6EbatJk/RoLrNNVqcNBoelbjvfmsdjay9MNK0jWeWi8v62dP434+jMz9xr+fNZAoGgtRxreKioSi3GNgKtHaacfAeF5xd3k9zNxIM9Hohssc2YSi2kunHHjVF0wLGlpuGFjuHpCR2mk46lnqumJhBlzsTIj20TbOc6kxgxNAeF6GSkrwQZzgGLkz00rF4Ozl/IjHtRXVKj9mP11Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OAhBKPl7XRlJ/Rprj7AGlo4QpBqZhZyMizT6L1rb9R0=; b=mTIPbMbq7l90BrHbXXrm/T8zEAYAT67gPaWKLdGfDYzzRyVQ1NsAIoz1qb2WZl2OjwBgR420BlHZYEUGybyf2aJMi+s7Gm+zCqsjRxLY4+BJucGVFlesy8UzzndPc/Th/srij1uk7GPQyg0QHUtLVqjqQjbJOGEIwqLIgdd4jeWREkfYrP/vaMXHiS+gRQbdDHcyJo/VW9KPbhbX39dp5k+X9+x07kF6YIljU3lEC4i7Bquv7YnnlkZOuI9H4e3+pM+jS5R+zfCVnEyUEHqbx3qyfsm54eCgdZdrOTbVsZfyFdvQUcELFGfKUs2gAcPXh9sYK9nW8NEnoCIejnlzsg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 40.67.248.234) smtp.rcpttodomain=sourceware.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=none (message not signed); arc=none Received: from AM5PR0601CA0080.eurprd06.prod.outlook.com (2603:10a6:206::45) by PAVPR08MB9860.eurprd08.prod.outlook.com (2603:10a6:102:2f4::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.28; Fri, 28 Oct 2022 16:39:58 +0000 Received: from AM7EUR03FT056.eop-EUR03.prod.protection.outlook.com (2603:10a6:206:0:cafe::a2) by AM5PR0601CA0080.outlook.office365.com (2603:10a6:206::45) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5723.30 via Frontend Transport; Fri, 28 Oct 2022 16:39:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 40.67.248.234 as permitted sender) receiver=protection.outlook.com; client-ip=40.67.248.234; helo=nebula.arm.com; pr=C Received: from nebula.arm.com (40.67.248.234) by AM7EUR03FT056.mail.protection.outlook.com (100.127.140.107) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5769.14 via Frontend Transport; Fri, 28 Oct 2022 16:39:58 +0000 Received: from AZ-NEU-EX03.Arm.com (10.251.24.31) by AZ-NEU-EX04.Arm.com (10.251.24.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.12; Fri, 28 Oct 2022 16:39:57 +0000 Received: from armchair.cambridge.arm.com (10.2.80.71) by mail.arm.com (10.251.24.31) with Microsoft SMTP Server id 15.1.2507.12 via Frontend Transport; Fri, 28 Oct 2022 16:39:57 +0000 To: <libc-alpha@sourceware.org> Subject: [PATCH v2 1/4] Fix OOB read in stdlib thousand grouping parsing [BZ #29727] Date: Fri, 28 Oct 2022 17:39:57 +0100 Message-ID: <ca35ce47afa4a6cb3674f38413061db7635a73ec.1666974807.git.szabolcs.nagy@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <cover.1666974807.git.szabolcs.nagy@arm.com> References: <cover.1666974807.git.szabolcs.nagy@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-EOPAttributedMessage: 1 X-MS-TrafficTypeDiagnostic: AM7EUR03FT056:EE_|PAVPR08MB9860:EE_|AM7EUR03FT008:EE_|AS8PR08MB6550:EE_ X-MS-Office365-Filtering-Correlation-Id: e7cd5dcd-50c5-44dd-8dac-08dab9031215 x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: f+7tiv6i8Kx9HJ0RVNVB/mxay3ISgyD6OVecCbkuhKqw8gWQvnDwsE7efNkDww24GcagjbEGdIGVBrUL4keQJf0vaJUrvdEsLv/I8yDA6x62VHhYJ68m0MKc0V8qEcbbGI+A82xxxi2GZLdlWOwP91t5FuvDgwCyKwxvxmc567wFXtPnBFybpoL+RYCHnT9ckP23uiY2n++AWDkYtX/T/mu5zX7oXx0YIpbDTGco2Wr/EM7xWwK/5SzmHOhKTUhNVd6tdJS99zXti4MScYAd2+oqZNF5OAicKevEiA8jHFz4pU1Pt1qebPRfbZ6MIg+FxI3NH001DxhWj4+8xZbRVdnV4ch5xxjHdx+ljXwmYw5PVPnD39lkThuwHVsT8BJl7S2AyrkA4YU00FdDxKo6f+w2HreFaqyS1HJJJ7/jukpeW5RuXT8ZWVSXSglTjhf4w/C0B7vK8Bhz6xFsF8S1CE191Ak7q0nAUBVz04jCxw8o/p3Xfa57LIXcVpFCqEGGcbR7MwB8M0TGReP33i8TZ4wVaB+77HQ3u75CzcWig8whQgIoBBiTCFn0r5OlN2ttLa38dpH0AilagUr0ZYtvMm6mn0WS+adOhX2AykThkSaHsMCsuUQsk4Ch1XwH5BCKDJpXiXo3VyBRPexmtRPMRYmlX6Qk8aKXxPcFPLmjgFlJhyt8VrFd9p4/U9MKsaQBKdUzAmIx97A2BsraWszoYYoE5Fs/mmOvp4NRYQ0/akEMcx3Ic0IHIw35HUAf4Lal6Sqwr+ObAxDY2F92CbWRvesqsx/FC2oUl0Ukxqzov0wYj35nfngISpGZMq70Y9zi X-Forefront-Antispam-Report-Untrusted: CIP:40.67.248.234; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:nebula.arm.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230022)(4636009)(39860400002)(396003)(376002)(136003)(346002)(451199015)(46966006)(40470700004)(36840700001)(478600001)(26005)(36756003)(7696005)(316002)(8676002)(6916009)(36860700001)(86362001)(356005)(83380400001)(426003)(40460700003)(336012)(40480700001)(2616005)(47076005)(81166007)(186003)(82310400005)(8936002)(2906002)(41300700001)(82740400003)(44832011)(70206006)(5660300002)(70586007)(36900700001); DIR:OUT; SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAVPR08MB9860 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM7EUR03FT008.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 37c5d3d0-eb27-45e3-5a0d-08dab9030d07 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: m07VesJ1PtwTZSYgAKeXnTowVEVWaEyczQnTca4FNVsE1NVzxuVEwxGzNLyUKfCeb11T6zX3GUXt8Ejvg+xx9iBjMTQWotl5XbPbPJlG2yXc4+L9eEKNEGPhROYhFeivaM5bOZvVUP13zVYq7rEwQzCR/WA/b5rT8bJ9fU+ZLOjKKe+7GqVg0NHh962EPfBBsFaw56WpKYvuo6KvdmVc3q1//e7dv3K4XUX4MhZuOfJpkWuUs70WcxU2GfI0+/Upjfo1eRHxhodp+lMG4dPZFqW64PV30gS8S3Vxvl7gC/kxxzbmRvRxpp1NkEwvdXowV1xoEWBURkMtUf2QZlnKAmxvLQE6RYvUhH37OUfoD4ogS9kDrOrmuhdmlZUYgWT32VMacujqr5cjBkl1tOCS0JGF/aiXj9rKwow8HavY/gcf/uP79o1FCwiNu57QXQf89Q0yZRcY2hFw4HVxdDzLZkorOrTJM0wHrh6yjvjqbksxohELMmm87DohRpGMuEeoY3hHi2brsFxxR5usv+FeTdKLARi9OpibH5YZb8Wzn9iafL3H0JCqBNcgZpJmsfNXhBLvXj3dpHjENfkCgjeB23D/ERAyOy+KJX53XZCbWJ33Z85kaEot5Q2mNfsaDQfv/wSRKrlnJkor99hjaQj0l0NWiKZzHf0ZA1GPEx6LadFV/RF0hu73FNnkpR5ler/39DMWdEial0bNUic2LaIBSH1LxNoPoy41u9u+H1RwQiYOYUr5nGaNA7MX6WCnPEiM/3aGa534N7qztbZFq5/bVA== X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230022)(4636009)(346002)(39860400002)(376002)(396003)(136003)(451199015)(46966006)(36840700001)(40470700004)(40480700001)(36756003)(316002)(82740400003)(86362001)(81166007)(70586007)(6916009)(70206006)(44832011)(40460700003)(36860700001)(26005)(478600001)(83380400001)(426003)(336012)(7696005)(82310400005)(5660300002)(2616005)(8936002)(41300700001)(8676002)(47076005)(2906002)(186003); DIR:OUT; SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Oct 2022 16:40:06.5164 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e7cd5dcd-50c5-44dd-8dac-08dab9031215 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM7EUR03FT008.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR08MB6550 X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, FORGED_SPF_HELO, GIT_PATCH_0, KAM_DMARC_NONE, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_NONE, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org> List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/libc-alpha/> List-Post: <mailto:libc-alpha@sourceware.org> List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help> List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=subscribe> From: Szabolcs Nagy via Libc-alpha <libc-alpha@sourceware.org> Reply-To: Szabolcs Nagy <szabolcs.nagy@arm.com> Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org Sender: "Libc-alpha" <libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org> |
Series |
patches from the morello port
|
expand
|
On Okt 28 2022, Szabolcs Nagy via Libc-alpha wrote: > __correctly_grouped_prefixmb only worked with thousands_len == 1, > otherwise it read past the end of cp or thousands. > > This affects scanf formats like %'d, %'f and the internal but > exposed __strto{l,ul,f,d,..}_internal with grouping flag set > and an LC_NUMERIC locale where thousands_len > 1. > > Avoid OOB access by considering thousands_len when initializing cp. > This fixes bug 29727. > > Found by the morello port with strict bounds checking where > > FAIL: stdlib/tst-strtod4 > FAIL: stdlib/tst-strtod5i > > crashed using a locale with thousands_len==3. Ok.
diff --git a/stdlib/grouping.c b/stdlib/grouping.c index be7922f5fd..06cbe7b9c7 100644 --- a/stdlib/grouping.c +++ b/stdlib/grouping.c @@ -52,21 +52,19 @@ __correctly_grouped_prefixmb (const STRING_TYPE *begin, const STRING_TYPE *end, #endif const char *grouping) { -#ifndef USE_WIDE_CHAR - size_t thousands_len; - int cnt; -#endif - if (grouping == NULL) return end; -#ifndef USE_WIDE_CHAR - thousands_len = strlen (thousands); +#ifdef USE_WIDE_CHAR + size_t thousands_len = 1; +#else + size_t thousands_len = strlen (thousands); + int cnt; #endif - while (end > begin) + while (end - begin >= thousands_len) { - const STRING_TYPE *cp = end - 1; + const STRING_TYPE *cp = end - thousands_len; const char *gp = grouping; /* Check first group. */