Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package jemalloc for openSUSE:Factory checked in at 2022-04-16 00:13:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/jemalloc (Old) and /work/SRC/openSUSE:Factory/.jemalloc.new.1941 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "jemalloc" Sat Apr 16 00:13:25 2022 rev:35 rq:969561 version:5.2.1 Changes: -------- --- /work/SRC/openSUSE:Factory/jemalloc/jemalloc.changes 2022-02-26 17:02:34.495540591 +0100 +++ /work/SRC/openSUSE:Factory/.jemalloc.new.1941/jemalloc.changes 2022-04-16 00:13:43.633607279 +0200 @@ -1,0 +2,6 @@ +Tue Apr 12 20:20:55 UTC 2022 - Martin Li??ka <mli...@suse.cz> + +- Add use-volatile-to-workaround-buffer-overflow-false-pos.patch + upstream patch that supports -D_FORTIFY_SOURCE=3. + +------------------------------------------------------------------- New: ---- use-volatile-to-workaround-buffer-overflow-false-pos.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ jemalloc.spec ++++++ --- /var/tmp/diff_new_pack.iSBIZS/_old 2022-04-16 00:13:44.525608470 +0200 +++ /var/tmp/diff_new_pack.iSBIZS/_new 2022-04-16 00:13:44.529608476 +0200 @@ -1,7 +1,7 @@ # # spec file for package jemalloc # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,6 +25,7 @@ Group: Development/Libraries/C and C++ URL: http://jemalloc.net/ Source: https://github.com/jemalloc/jemalloc/releases/download/%version/jemalloc-%version.tar.bz2 +Patch0: use-volatile-to-workaround-buffer-overflow-false-pos.patch BuildRequires: docbook-xsl-stylesheets BuildRequires: libxslt BuildRequires: pkgconfig ++++++ use-volatile-to-workaround-buffer-overflow-false-pos.patch ++++++ >From ed5fc14b28ca62a6ba57b65adf557e1ef09037f0 Mon Sep 17 00:00:00 2001 From: Qi Wang <inte...@gwu.edu> Date: Wed, 23 Mar 2022 16:31:40 -0700 Subject: [PATCH] Use volatile to workaround buffer overflow false positives. In test/integration/rallocx, full usable size is checked which may confuse overflow detection. --- test/integration/rallocx.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/test/integration/rallocx.c b/test/integration/rallocx.c index d4a48fce..68b8f381 100644 --- a/test/integration/rallocx.c +++ b/test/integration/rallocx.c @@ -41,7 +41,11 @@ get_large_size(size_t ind) { } TEST_BEGIN(test_grow_and_shrink) { - void *p, *q; + /* + * Use volatile to workaround buffer overflow false positives + * (-D_FORTIFY_SOURCE=3). + */ + void *volatile p, *volatile q; size_t tsz; #define NCYCLES 3 unsigned i, j; @@ -85,9 +89,13 @@ TEST_BEGIN(test_grow_and_shrink) { TEST_END static bool -validate_fill(const void *p, uint8_t c, size_t offset, size_t len) { +validate_fill(void *p, uint8_t c, size_t offset, size_t len) { bool ret = false; - const uint8_t *buf = (const uint8_t *)p; + /* + * Use volatile to workaround buffer overflow false positives + * (-D_FORTIFY_SOURCE=3). + */ + uint8_t *volatile buf = (uint8_t *)p; size_t i; for (i = 0; i < len; i++) { @@ -104,7 +112,11 @@ validate_fill(const void *p, uint8_t c, size_t offset, size_t len) { } TEST_BEGIN(test_zero) { - void *p, *q; + /* + * Use volatile to workaround buffer overflow false positives + * (-D_FORTIFY_SOURCE=3). + */ + void *volatile p, *volatile q; size_t psz, qsz, i, j; size_t start_sizes[] = {1, 3*1024, 63*1024, 4095*1024}; #define FILL_BYTE 0xaaU @@ -205,7 +217,11 @@ TEST_BEGIN(test_align_enum) { TEST_END TEST_BEGIN(test_lg_align_and_zero) { - void *p, *q; + /* + * Use volatile to workaround buffer overflow false positives + * (-D_FORTIFY_SOURCE=3). + */ + void *volatile p, *volatile q; unsigned lg_align; size_t sz; #define MAX_LG_ALIGN 25 -- 2.35.1
