On Sun, Feb 28, 2016 at 10:53:34AM -0800, Armin Kuster wrote: > From: Armin Kuster <akus...@mvista.com>
I think this is 2014-9761 not 2015-9761 But other than that please merge this series. > A stack overflow vulnerability was found in nan* functions that could cause > applications which process long strings with the nan function to crash or, > potentially, execute arbitrary code. > > (From OE-Core rev: fd3da8178c8c06b549dbc19ecec40e98ab934d49) > > Signed-off-by: Armin Kuster <akus...@mvista.com> > Signed-off-by: Robert Yang <liezhi.y...@windriver.com> > Signed-off-by: Richard Purdie <richard.pur...@linuxfoundation.org> > Signed-off-by: Armin Kuster <akus...@mvista.com> > Signed-off-by: Richard Purdie <richard.pur...@linuxfoundation.org> > Signed-off-by: Armin Kuster <akuster...@gmail.com> > --- > .../recipes-core/glibc/glibc/CVE-2015-9761_1.patch | 1039 > ++++++++++++++++++++ > .../recipes-core/glibc/glibc/CVE-2015-9761_2.patch | 388 ++++++++ > meta/recipes-core/glibc/glibc_2.20.bb | 2 + > 3 files changed, 1429 insertions(+) > create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch > create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch > > diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch > b/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch > new file mode 100644 > index 0000000..3aca913 > --- /dev/null > +++ b/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch > @@ -0,0 +1,1039 @@ > +From e02cabecf0d025ec4f4ddee290bdf7aadb873bb3 Mon Sep 17 00:00:00 2001 > +From: Joseph Myers <jos...@codesourcery.com> > +Date: Tue, 24 Nov 2015 22:24:52 +0000 > +Subject: [PATCH] Refactor strtod parsing of NaN payloads. > + > +The nan* functions handle their string argument by constructing a > +NAN(...) string on the stack as a VLA and passing it to strtod > +functions. > + > +This approach has problems discussed in bug 16961 and bug 16962: the > +stack usage is unbounded, and it gives incorrect results in certain > +cases where the argument is not a valid n-char-sequence. > + > +The natural fix for both issues is to refactor the NaN payload parsing > +out of strtod into a separate function that the nan* functions can > +call directly, so that no temporary string needs constructing on the > +stack at all. This patch does that refactoring in preparation for > +fixing those bugs (but without actually using the new functions from > +nan* - which will also require exporting them from libc at version > +GLIBC_PRIVATE). This patch is not intended to change any user-visible > +behavior, so no tests are added (fixes for the above bugs will of > +course add tests for them). > + > +This patch builds on my recent fixes for strtol and strtod issues in > +Turkish locales. Given those fixes, the parsing of NaN payloads is > +locale-independent; thus, the new functions do not need to take a > +locale_t argument. > + > +Tested for x86_64, x86, mips64 and powerpc. > + > + * stdlib/strtod_nan.c: New file. > + * stdlib/strtod_nan_double.h: Likewise. > + * stdlib/strtod_nan_float.h: Likewise. > + * stdlib/strtod_nan_main.c: Likewise. > + * stdlib/strtod_nan_narrow.h: Likewise. > + * stdlib/strtod_nan_wide.h: Likewise. > + * stdlib/strtof_nan.c: Likewise. > + * stdlib/strtold_nan.c: Likewise. > + * sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h: Likewise. > + * sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h: Likewise. > + * sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h: Likewise. > + * wcsmbs/wcstod_nan.c: Likewise. > + * wcsmbs/wcstof_nan.c: Likewise. > + * wcsmbs/wcstold_nan.c: Likewise. > + * stdlib/Makefile (routines): Add strtof_nan, strtod_nan and > + strtold_nan. > + * wcsmbs/Makefile (routines): Add wcstod_nan, wcstold_nan and > + wcstof_nan. > + * include/stdlib.h (__strtof_nan): Declare and use > + libc_hidden_proto. > + (__strtod_nan): Likewise. > + (__strtold_nan): Likewise. > + (__wcstof_nan): Likewise. > + (__wcstod_nan): Likewise. > + (__wcstold_nan): Likewise. > + * include/wchar.h (____wcstoull_l_internal): Declare. > + * stdlib/strtod_l.c: Do not include <ieee754.h>. > + (____strtoull_l_internal): Remove declaration. > + (STRTOF_NAN): Define macro. > + (SET_MANTISSA): Remove macro. > + (STRTOULL): Likewise. > + (____STRTOF_INTERNAL): Use STRTOF_NAN to parse NaN payload. > + * stdlib/strtof_l.c (____strtoull_l_internal): Remove declaration. > + (STRTOF_NAN): Define macro. > + (SET_MANTISSA): Remove macro. > + * sysdeps/ieee754/ldbl-128/strtold_l.c (STRTOF_NAN): Define macro. > + (SET_MANTISSA): Remove macro. > + * sysdeps/ieee754/ldbl-128ibm/strtold_l.c (STRTOF_NAN): Define > + macro. > + (SET_MANTISSA): Remove macro. > + * sysdeps/ieee754/ldbl-64-128/strtold_l.c (STRTOF_NAN): Define > + macro. > + (SET_MANTISSA): Remove macro. > + * sysdeps/ieee754/ldbl-96/strtold_l.c (STRTOF_NAN): Define macro. > + (SET_MANTISSA): Remove macro. > + * wcsmbs/wcstod_l.c (____wcstoull_l_internal): Remove declaration. > + * wcsmbs/wcstof_l.c (____wcstoull_l_internal): Likewise. > + * wcsmbs/wcstold_l.c (____wcstoull_l_internal): Likewise. > + > +Upstream-Status: Backport > +CVE: CVE-2015-9761 patch #1 > +[Yocto # 8980] > + > +https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02cabecf0d025ec4f4ddee290bdf7aadb873bb3 > + > +Signed-off-by: Armin Kuster <akus...@mvista.com> > + > +--- > + ChangeLog | 49 ++++++++++++++++++ > + include/stdlib.h | 18 +++++++ > + include/wchar.h | 3 ++ > + stdlib/Makefile | 1 + > + stdlib/strtod_l.c | 48 ++++-------------- > + stdlib/strtod_nan.c | 24 +++++++++ > + stdlib/strtod_nan_double.h | 30 +++++++++++ > + stdlib/strtod_nan_float.h | 29 +++++++++++ > + stdlib/strtod_nan_main.c | 63 > ++++++++++++++++++++++++ > + stdlib/strtod_nan_narrow.h | 22 +++++++++ > + stdlib/strtod_nan_wide.h | 22 +++++++++ > + stdlib/strtof_l.c | 11 +---- > + stdlib/strtof_nan.c | 24 +++++++++ > + stdlib/strtold_nan.c | 30 +++++++++++ > + sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h | 33 +++++++++++++ > + sysdeps/ieee754/ldbl-128/strtold_l.c | 13 +---- > + sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h | 30 +++++++++++ > + sysdeps/ieee754/ldbl-128ibm/strtold_l.c | 10 +--- > + sysdeps/ieee754/ldbl-64-128/strtold_l.c | 13 +---- > + sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h | 30 +++++++++++ > + sysdeps/ieee754/ldbl-96/strtold_l.c | 10 +--- > + wcsmbs/Makefile | 1 + > + wcsmbs/wcstod_l.c | 3 -- > + wcsmbs/wcstod_nan.c | 23 +++++++++ > + wcsmbs/wcstof_l.c | 3 -- > + wcsmbs/wcstof_nan.c | 23 +++++++++ > + wcsmbs/wcstold_l.c | 3 -- > + wcsmbs/wcstold_nan.c | 30 +++++++++++ > + 28 files changed, 504 insertions(+), 95 deletions(-) > + create mode 100644 stdlib/strtod_nan.c > + create mode 100644 stdlib/strtod_nan_double.h > + create mode 100644 stdlib/strtod_nan_float.h > + create mode 100644 stdlib/strtod_nan_main.c > + create mode 100644 stdlib/strtod_nan_narrow.h > + create mode 100644 stdlib/strtod_nan_wide.h > + create mode 100644 stdlib/strtof_nan.c > + create mode 100644 stdlib/strtold_nan.c > + create mode 100644 sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h > + create mode 100644 sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h > + create mode 100644 sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h > + create mode 100644 wcsmbs/wcstod_nan.c > + create mode 100644 wcsmbs/wcstof_nan.c > + create mode 100644 wcsmbs/wcstold_nan.c > + > +Index: git/include/stdlib.h > +=================================================================== > +--- git.orig/include/stdlib.h > ++++ git/include/stdlib.h > +@@ -203,6 +203,24 @@ libc_hidden_proto (strtoll) > + libc_hidden_proto (strtoul) > + libc_hidden_proto (strtoull) > + > ++extern float __strtof_nan (const char *, char **, char) internal_function; > ++extern double __strtod_nan (const char *, char **, char) internal_function; > ++extern long double __strtold_nan (const char *, char **, char) > ++ internal_function; > ++extern float __wcstof_nan (const wchar_t *, wchar_t **, wchar_t) > ++ internal_function; > ++extern double __wcstod_nan (const wchar_t *, wchar_t **, wchar_t) > ++ internal_function; > ++extern long double __wcstold_nan (const wchar_t *, wchar_t **, wchar_t) > ++ internal_function; > ++ > ++libc_hidden_proto (__strtof_nan) > ++libc_hidden_proto (__strtod_nan) > ++libc_hidden_proto (__strtold_nan) > ++libc_hidden_proto (__wcstof_nan) > ++libc_hidden_proto (__wcstod_nan) > ++libc_hidden_proto (__wcstold_nan) > ++ > + extern char *__ecvt (double __value, int __ndigit, int *__restrict __decpt, > + int *__restrict __sign); > + extern char *__fcvt (double __value, int __ndigit, int *__restrict __decpt, > +Index: git/include/wchar.h > +=================================================================== > +--- git.orig/include/wchar.h > ++++ git/include/wchar.h > +@@ -52,6 +52,9 @@ extern unsigned long long int __wcstoull > + __restrict __endptr, > + int __base, > + int __group) __THROW; > ++extern unsigned long long int ____wcstoull_l_internal (const wchar_t *, > ++ wchar_t **, int, int, > ++ __locale_t); > + libc_hidden_proto (__wcstof_internal) > + libc_hidden_proto (__wcstod_internal) > + libc_hidden_proto (__wcstold_internal) > +Index: git/stdlib/Makefile > +=================================================================== > +--- git.orig/stdlib/Makefile > ++++ git/stdlib/Makefile > +@@ -51,6 +51,7 @@ routines-y := > \ > + strtol_l strtoul_l strtoll_l strtoull_l \ > + strtof strtod strtold \ > + strtof_l strtod_l strtold_l \ > ++ strtof_nan strtod_nan strtold_nan \ > + system canonicalize \ > + a64l l64a \ > + getsubopt xpg_basename \ > +Index: git/stdlib/strtod_l.c > +=================================================================== > +--- git.orig/stdlib/strtod_l.c > ++++ git/stdlib/strtod_l.c > +@@ -21,8 +21,6 @@ > + #include <xlocale.h> > + > + extern double ____strtod_l_internal (const char *, char **, int, > __locale_t); > +-extern unsigned long long int ____strtoull_l_internal (const char *, char > **, > +- int, int, __locale_t); > + > + /* Configuration part. These macros are defined by `strtold.c', > + `strtof.c', `wcstod.c', `wcstold.c', and `wcstof.c' to produce the > +@@ -34,27 +32,20 @@ extern unsigned long long int ____strtou > + # ifdef USE_WIDE_CHAR > + # define STRTOF wcstod_l > + # define __STRTOF __wcstod_l > ++# define STRTOF_NAN __wcstod_nan > + # else > + # define STRTOF strtod_l > + # define __STRTOF __strtod_l > ++# define STRTOF_NAN __strtod_nan > + # endif > + # define MPN2FLOAT __mpn_construct_double > + # define FLOAT_HUGE_VAL HUGE_VAL > +-# define SET_MANTISSA(flt, mant) \ > +- do { union ieee754_double u; > \ > +- u.d = (flt); \ > +- u.ieee_nan.mantissa0 = (mant) >> 32; \ > +- u.ieee_nan.mantissa1 = (mant); > \ > +- if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) > \ > +- (flt) = u.d; \ > +- } while (0) > + #endif > + /* End of configuration part. */ > + > + #include <ctype.h> > + #include <errno.h> > + #include <float.h> > +-#include <ieee754.h> > + #include "../locale/localeinfo.h" > + #include <locale.h> > + #include <math.h> > +@@ -105,7 +96,6 @@ extern unsigned long long int ____strtou > + # define TOLOWER_C(Ch) __towlower_l ((Ch), _nl_C_locobj_ptr) > + # define STRNCASECMP(S1, S2, N) \ > + __wcsncasecmp_l ((S1), (S2), (N), _nl_C_locobj_ptr) > +-# define STRTOULL(S, E, B) ____wcstoull_l_internal ((S), (E), (B), 0, loc) > + #else > + # define STRING_TYPE char > + # define CHAR_TYPE char > +@@ -117,7 +107,6 @@ extern unsigned long long int ____strtou > + # define TOLOWER_C(Ch) __tolower_l ((Ch), _nl_C_locobj_ptr) > + # define STRNCASECMP(S1, S2, N) \ > + __strncasecmp_l ((S1), (S2), (N), _nl_C_locobj_ptr) > +-# define STRTOULL(S, E, B) ____strtoull_l_internal ((S), (E), (B), 0, loc) > + #endif > + > + > +@@ -668,33 +657,14 @@ ____STRTOF_INTERNAL (nptr, endptr, group > + if (*cp == L_('(')) > + { > + const STRING_TYPE *startp = cp; > +- do > +- ++cp; > +- while ((*cp >= L_('0') && *cp <= L_('9')) > +- || ({ CHAR_TYPE lo = TOLOWER (*cp); > +- lo >= L_('a') && lo <= L_('z'); }) > +- || *cp == L_('_')); > +- > +- if (*cp != L_(')')) > +- /* The closing brace is missing. Only match the NAN > +- part. */ > +- cp = startp; > ++ STRING_TYPE *endp; > ++ retval = STRTOF_NAN (cp + 1, &endp, L_(')')); > ++ if (*endp == L_(')')) > ++ /* Consume the closing parenthesis. */ > ++ cp = endp + 1; > + else > +- { > +- /* This is a system-dependent way to specify the > +- bitmask used for the NaN. We expect it to be > +- a number which is put in the mantissa of the > +- number. */ > +- STRING_TYPE *endp; > +- unsigned long long int mant; > +- > +- mant = STRTOULL (startp + 1, &endp, 0); > +- if (endp == cp) > +- SET_MANTISSA (retval, mant); > +- > +- /* Consume the closing brace. */ > +- ++cp; > +- } > ++ /* Only match the NAN part. */ > ++ cp = startp; > + } > + > + if (endptr != NULL) > +Index: git/stdlib/strtod_nan.c > +=================================================================== > +--- /dev/null > ++++ git/stdlib/strtod_nan.c > +@@ -0,0 +1,24 @@ > ++/* Convert string for NaN payload to corresponding NaN. Narrow > ++ strings, double. > ++ Copyright (C) 2015 Free Software Foundation, Inc. > ++ This file is part of the GNU C Library. > ++ > ++ The GNU C Library is free software; you can redistribute it and/or > ++ modify it under the terms of the GNU Lesser General Public > ++ License as published by the Free Software Foundation; either > ++ version 2.1 of the License, or (at your option) any later version. > ++ > ++ The GNU C Library is distributed in the hope that it will be useful, > ++ but WITHOUT ANY WARRANTY; without even the implied warranty of > ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > ++ Lesser General Public License for more details. > ++ > ++ You should have received a copy of the GNU Lesser General Public > ++ License along with the GNU C Library; if not, see > ++ <http://www.gnu.org/licenses/>. */ > ++ > ++#include <strtod_nan_narrow.h> > ++#include <strtod_nan_double.h> > ++ > ++#define STRTOD_NAN __strtod_nan > ++#include <strtod_nan_main.c> > +Index: git/stdlib/strtod_nan_double.h > +=================================================================== > +--- /dev/null > ++++ git/stdlib/strtod_nan_double.h > +@@ -0,0 +1,30 @@ > ++/* Convert string for NaN payload to corresponding NaN. For double. > ++ Copyright (C) 1997-2015 Free Software Foundation, Inc. > ++ This file is part of the GNU C Library. > ++ > ++ The GNU C Library is free software; you can redistribute it and/or > ++ modify it under the terms of the GNU Lesser General Public > ++ License as published by the Free Software Foundation; either > ++ version 2.1 of the License, or (at your option) any later version. > ++ > ++ The GNU C Library is distributed in the hope that it will be useful, > ++ but WITHOUT ANY WARRANTY; without even the implied warranty of > ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > ++ Lesser General Public License for more details. > ++ > ++ You should have received a copy of the GNU Lesser General Public > ++ License along with the GNU C Library; if not, see > ++ <http://www.gnu.org/licenses/>. */ > ++ > ++#define FLOAT double > ++#define SET_MANTISSA(flt, mant) \ > ++ do \ > ++ { \ > ++ union ieee754_double u; \ > ++ u.d = (flt); \ > ++ u.ieee_nan.mantissa0 = (mant) >> 32; \ > ++ u.ieee_nan.mantissa1 = (mant); \ > ++ if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \ > ++ (flt) = u.d; \ > ++ } \ > ++ while (0) > +Index: git/stdlib/strtod_nan_float.h > +=================================================================== > +--- /dev/null > ++++ git/stdlib/strtod_nan_float.h > +@@ -0,0 +1,29 @@ > ++/* Convert string for NaN payload to corresponding NaN. For float. > ++ Copyright (C) 1997-2015 Free Software Foundation, Inc. > ++ This file is part of the GNU C Library. > ++ > ++ The GNU C Library is free software; you can redistribute it and/or > ++ modify it under the terms of the GNU Lesser General Public > ++ License as published by the Free Software Foundation; either > ++ version 2.1 of the License, or (at your option) any later version. > ++ > ++ The GNU C Library is distributed in the hope that it will be useful, > ++ but WITHOUT ANY WARRANTY; without even the implied warranty of > ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > ++ Lesser General Public License for more details. > ++ > ++ You should have received a copy of the GNU Lesser General Public > ++ License along with the GNU C Library; if not, see > ++ <http://www.gnu.org/licenses/>. */ > ++ > ++#define FLOAT float > ++#define SET_MANTISSA(flt, mant) \ > ++ do \ > ++ { \ > ++ union ieee754_float u; \ > ++ u.f = (flt); \ > ++ u.ieee_nan.mantissa = (mant); \ > ++ if (u.ieee.mantissa != 0) \ > ++ (flt) = u.f; \ > ++ } \ > ++ while (0) > +Index: git/stdlib/strtod_nan_main.c > +=================================================================== > +--- /dev/null > ++++ git/stdlib/strtod_nan_main.c > +@@ -0,0 +1,63 @@ > ++/* Convert string for NaN payload to corresponding NaN. > ++ Copyright (C) 1997-2015 Free Software Foundation, Inc. > ++ This file is part of the GNU C Library. > ++ > ++ The GNU C Library is free software; you can redistribute it and/or > ++ modify it under the terms of the GNU Lesser General Public > ++ License as published by the Free Software Foundation; either > ++ version 2.1 of the License, or (at your option) any later version. > ++ > ++ The GNU C Library is distributed in the hope that it will be useful, > ++ but WITHOUT ANY WARRANTY; without even the implied warranty of > ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > ++ Lesser General Public License for more details. > ++ > ++ You should have received a copy of the GNU Lesser General Public > ++ License along with the GNU C Library; if not, see > ++ <http://www.gnu.org/licenses/>. */ > ++ > ++#include <ieee754.h> > ++#include <locale.h> > ++#include <math.h> > ++#include <stdlib.h> > ++#include <wchar.h> > ++ > ++ > ++/* If STR starts with an optional n-char-sequence as defined by ISO C > ++ (a sequence of ASCII letters, digits and underscores), followed by > ++ ENDC, return a NaN whose payload is set based on STR. Otherwise, > ++ return a default NAN. If ENDPTR is not NULL, set *ENDPTR to point > ++ to the character after the initial n-char-sequence. */ > ++ > ++internal_function > ++FLOAT > ++STRTOD_NAN (const STRING_TYPE *str, STRING_TYPE **endptr, STRING_TYPE endc) > ++{ > ++ const STRING_TYPE *cp = str; > ++ > ++ while ((*cp >= L_('0') && *cp <= L_('9')) > ++ || (*cp >= L_('A') && *cp <= L_('Z')) > ++ || (*cp >= L_('a') && *cp <= L_('z')) > ++ || *cp == L_('_')) > ++ ++cp; > ++ > ++ FLOAT retval = NAN; > ++ if (*cp != endc) > ++ goto out; > ++ > ++ /* This is a system-dependent way to specify the bitmask used for > ++ the NaN. We expect it to be a number which is put in the > ++ mantissa of the number. */ > ++ STRING_TYPE *endp; > ++ unsigned long long int mant; > ++ > ++ mant = STRTOULL (str, &endp, 0); > ++ if (endp == cp) > ++ SET_MANTISSA (retval, mant); > ++ > ++ out: > ++ if (endptr != NULL) > ++ *endptr = (STRING_TYPE *) cp; > ++ return retval; > ++} > ++libc_hidden_def (STRTOD_NAN) > +Index: git/stdlib/strtod_nan_narrow.h > +=================================================================== > +--- /dev/null > ++++ git/stdlib/strtod_nan_narrow.h > +@@ -0,0 +1,22 @@ > ++/* Convert string for NaN payload to corresponding NaN. Narrow strings. > ++ Copyright (C) 1997-2015 Free Software Foundation, Inc. > ++ This file is part of the GNU C Library. > ++ > ++ The GNU C Library is free software; you can redistribute it and/or > ++ modify it under the terms of the GNU Lesser General Public > ++ License as published by the Free Software Foundation; either > ++ version 2.1 of the License, or (at your option) any later version. > ++ > ++ The GNU C Library is distributed in the hope that it will be useful, > ++ but WITHOUT ANY WARRANTY; without even the implied warranty of > ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > ++ Lesser General Public License for more details. > ++ > ++ You should have received a copy of the GNU Lesser General Public > ++ License along with the GNU C Library; if not, see > ++ <http://www.gnu.org/licenses/>. */ > ++ > ++#define STRING_TYPE char > ++#define L_(Ch) Ch > ++#define STRTOULL(S, E, B) ____strtoull_l_internal ((S), (E), (B), 0, > \ > ++ _nl_C_locobj_ptr) > +Index: git/stdlib/strtod_nan_wide.h > +=================================================================== > +--- /dev/null > ++++ git/stdlib/strtod_nan_wide.h > +@@ -0,0 +1,22 @@ > ++/* Convert string for NaN payload to corresponding NaN. Wide strings. > ++ Copyright (C) 1997-2015 Free Software Foundation, Inc. > ++ This file is part of the GNU C Library. > ++ > ++ The GNU C Library is free software; you can redistribute it and/or > ++ modify it under the terms of the GNU Lesser General Public > ++ License as published by the Free Software Foundation; either > ++ version 2.1 of the License, or (at your option) any later version. > ++ > ++ The GNU C Library is distributed in the hope that it will be useful, > ++ but WITHOUT ANY WARRANTY; without even the implied warranty of > ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > ++ Lesser General Public License for more details. > ++ > ++ You should have received a copy of the GNU Lesser General Public > ++ License along with the GNU C Library; if not, see > ++ <http://www.gnu.org/licenses/>. */ > ++ > ++#define STRING_TYPE wchar_t > ++#define L_(Ch) L##Ch > ++#define STRTOULL(S, E, B) ____wcstoull_l_internal ((S), (E), (B), 0, > \ > ++ _nl_C_locobj_ptr) > +Index: git/stdlib/strtof_l.c > +=================================================================== > +--- git.orig/stdlib/strtof_l.c > ++++ git/stdlib/strtof_l.c > +@@ -20,26 +20,19 @@ > + #include <xlocale.h> > + > + extern float ____strtof_l_internal (const char *, char **, int, __locale_t); > +-extern unsigned long long int ____strtoull_l_internal (const char *, char > **, > +- int, int, __locale_t); > + > + #define FLOAT float > + #define FLT FLT > + #ifdef USE_WIDE_CHAR > + # define STRTOF wcstof_l > + # define __STRTOF __wcstof_l > ++# define STRTOF_NAN __wcstof_nan > + #else > + # define STRTOF strtof_l > + # define __STRTOF __strtof_l > ++# define STRTOF_NAN __strtof_nan > + #endif > + #define MPN2FLOAT __mpn_construct_float > + #define FLOAT_HUGE_VAL HUGE_VALF > +-#define SET_MANTISSA(flt, mant) \ > +- do { union ieee754_float u; > \ > +- u.f = (flt); \ > +- u.ieee_nan.mantissa = (mant); > \ > +- if (u.ieee.mantissa != 0) \ > +- (flt) = u.f; \ > +- } while (0) > + > + #include "strtod_l.c" > +Index: git/stdlib/strtof_nan.c > +=================================================================== > +--- /dev/null > ++++ git/stdlib/strtof_nan.c > +@@ -0,0 +1,24 @@ > ++/* Convert string for NaN payload to corresponding NaN. Narrow > ++ strings, float. > ++ Copyright (C) 2015 Free Software Foundation, Inc. > ++ This file is part of the GNU C Library. > ++ > ++ The GNU C Library is free software; you can redistribute it and/or > ++ modify it under the terms of the GNU Lesser General Public > ++ License as published by the Free Software Foundation; either > ++ version 2.1 of the License, or (at your option) any later version. > ++ > ++ The GNU C Library is distributed in the hope that it will be useful, > ++ but WITHOUT ANY WARRANTY; without even the implied warranty of > ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > ++ Lesser General Public License for more details. > ++ > ++ You should have received a copy of the GNU Lesser General Public > ++ License along with the GNU C Library; if not, see > ++ <http://www.gnu.org/licenses/>. */ > ++ > ++#include <strtod_nan_narrow.h> > ++#include <strtod_nan_float.h> > ++ > ++#define STRTOD_NAN __strtof_nan > ++#include <strtod_nan_main.c> > +Index: git/stdlib/strtold_nan.c > +=================================================================== > +--- /dev/null > ++++ git/stdlib/strtold_nan.c > +@@ -0,0 +1,30 @@ > ++/* Convert string for NaN payload to corresponding NaN. Narrow > ++ strings, long double. > ++ Copyright (C) 2015 Free Software Foundation, Inc. > ++ This file is part of the GNU C Library. > ++ > ++ The GNU C Library is free software; you can redistribute it and/or > ++ modify it under the terms of the GNU Lesser General Public > ++ License as published by the Free Software Foundation; either > ++ version 2.1 of the License, or (at your option) any later version. > ++ > ++ The GNU C Library is distributed in the hope that it will be useful, > ++ but WITHOUT ANY WARRANTY; without even the implied warranty of > ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > ++ Lesser General Public License for more details. > ++ > ++ You should have received a copy of the GNU Lesser General Public > ++ License along with the GNU C Library; if not, see > ++ <http://www.gnu.org/licenses/>. */ > ++ > ++#include <math.h> > ++ > ++/* This function is unused if long double and double have the same > ++ representation. */ > ++#ifndef __NO_LONG_DOUBLE_MATH > ++# include <strtod_nan_narrow.h> > ++# include <strtod_nan_ldouble.h> > ++ > ++# define STRTOD_NAN __strtold_nan > ++# include <strtod_nan_main.c> > ++#endif > +Index: git/sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h > +=================================================================== > +--- /dev/null > ++++ git/sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h > +@@ -0,0 +1,33 @@ > ++/* Convert string for NaN payload to corresponding NaN. For ldbl-128. > ++ Copyright (C) 1997-2015 Free Software Foundation, Inc. > ++ This file is part of the GNU C Library. > ++ > ++ The GNU C Library is free software; you can redistribute it and/or > ++ modify it under the terms of the GNU Lesser General Public > ++ License as published by the Free Software Foundation; either > ++ version 2.1 of the License, or (at your option) any later version. > ++ > ++ The GNU C Library is distributed in the hope that it will be useful, > ++ but WITHOUT ANY WARRANTY; without even the implied warranty of > ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > ++ Lesser General Public License for more details. > ++ > ++ You should have received a copy of the GNU Lesser General Public > ++ License along with the GNU C Library; if not, see > ++ <http://www.gnu.org/licenses/>. */ > ++ > ++#define FLOAT long double > ++#define SET_MANTISSA(flt, mant) \ > ++ do \ > ++ { \ > ++ union ieee854_long_double u; \ > ++ u.d = (flt); \ > ++ u.ieee_nan.mantissa0 = 0; \ > ++ u.ieee_nan.mantissa1 = 0; \ > ++ u.ieee_nan.mantissa2 = (mant) >> 32; \ > ++ u.ieee_nan.mantissa3 = (mant); \ > ++ if ((u.ieee.mantissa0 | u.ieee.mantissa1 \ > ++ | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \ > ++ (flt) = u.d; \ > ++ } \ > ++ while (0) > +Index: git/sysdeps/ieee754/ldbl-128/strtold_l.c > +=================================================================== > +--- git.orig/sysdeps/ieee754/ldbl-128/strtold_l.c > ++++ git/sysdeps/ieee754/ldbl-128/strtold_l.c > +@@ -25,22 +25,13 @@ > + #ifdef USE_WIDE_CHAR > + # define STRTOF wcstold_l > + # define __STRTOF __wcstold_l > ++# define STRTOF_NAN __wcstold_nan > + #else > + # define STRTOF strtold_l > + # define __STRTOF __strtold_l > ++# define STRTOF_NAN __strtold_nan > + #endif > + #define MPN2FLOAT __mpn_construct_long_double > + #define FLOAT_HUGE_VAL HUGE_VALL > +-#define SET_MANTISSA(flt, mant) \ > +- do { union ieee854_long_double u; \ > +- u.d = (flt); \ > +- u.ieee_nan.mantissa0 = 0; \ > +- u.ieee_nan.mantissa1 = 0; \ > +- u.ieee_nan.mantissa2 = (mant) >> 32; \ > +- u.ieee_nan.mantissa3 = (mant); > \ > +- if ((u.ieee.mantissa0 | u.ieee.mantissa1 > \ > +- | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \ > +- (flt) = u.d; \ > +- } while (0) > + > + #include <strtod_l.c> > +Index: git/sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h > +=================================================================== > +--- /dev/null > ++++ git/sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h > +@@ -0,0 +1,30 @@ > ++/* Convert string for NaN payload to corresponding NaN. For ldbl-128ibm. > ++ Copyright (C) 1997-2015 Free Software Foundation, Inc. > ++ This file is part of the GNU C Library. > ++ > ++ The GNU C Library is free software; you can redistribute it and/or > ++ modify it under the terms of the GNU Lesser General Public > ++ License as published by the Free Software Foundation; either > ++ version 2.1 of the License, or (at your option) any later version. > ++ > ++ The GNU C Library is distributed in the hope that it will be useful, > ++ but WITHOUT ANY WARRANTY; without even the implied warranty of > ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > ++ Lesser General Public License for more details. > ++ > ++ You should have received a copy of the GNU Lesser General Public > ++ License along with the GNU C Library; if not, see > ++ <http://www.gnu.org/licenses/>. */ > ++ > ++#define FLOAT long double > ++#define SET_MANTISSA(flt, mant) \ > ++ do \ > ++ { \ > ++ union ibm_extended_long_double u; \ > ++ u.ld = (flt); \ > ++ u.d[0].ieee_nan.mantissa0 = (mant) >> 32; \ > ++ u.d[0].ieee_nan.mantissa1 = (mant); \ > ++ if ((u.d[0].ieee.mantissa0 | u.d[0].ieee.mantissa1) != 0) \ > ++ (flt) = u.ld; \ > ++ } \ > ++ while (0) > +Index: git/sysdeps/ieee754/ldbl-128ibm/strtold_l.c > +=================================================================== > +--- git.orig/sysdeps/ieee754/ldbl-128ibm/strtold_l.c > ++++ git/sysdeps/ieee754/ldbl-128ibm/strtold_l.c > +@@ -30,25 +30,19 @@ extern long double ____new_wcstold_l (co > + # define STRTOF __new_wcstold_l > + # define __STRTOF ____new_wcstold_l > + # define ____STRTOF_INTERNAL ____wcstold_l_internal > ++# define STRTOF_NAN __wcstold_nan > + #else > + extern long double ____new_strtold_l (const char *, char **, __locale_t); > + # define STRTOF __new_strtold_l > + # define __STRTOF ____new_strtold_l > + # define ____STRTOF_INTERNAL ____strtold_l_internal > ++# define STRTOF_NAN __strtold_nan > + #endif > + extern __typeof (__STRTOF) STRTOF; > + libc_hidden_proto (__STRTOF) > + libc_hidden_proto (STRTOF) > + #define MPN2FLOAT __mpn_construct_long_double > + #define FLOAT_HUGE_VAL HUGE_VALL > +-# define SET_MANTISSA(flt, mant) \ > +- do { union ibm_extended_long_double u; \ > +- u.ld = (flt); > \ > +- u.d[0].ieee_nan.mantissa0 = (mant) >> 32; \ > +- u.d[0].ieee_nan.mantissa1 = (mant); \ > +- if ((u.d[0].ieee.mantissa0 | u.d[0].ieee.mantissa1) != 0) \ > +- (flt) = u.ld; \ > +- } while (0) > + > + #include <strtod_l.c> > + > +Index: git/sysdeps/ieee754/ldbl-64-128/strtold_l.c > +=================================================================== > +--- git.orig/sysdeps/ieee754/ldbl-64-128/strtold_l.c > ++++ git/sysdeps/ieee754/ldbl-64-128/strtold_l.c > +@@ -30,28 +30,19 @@ extern long double ____new_wcstold_l (co > + # define STRTOF __new_wcstold_l > + # define __STRTOF ____new_wcstold_l > + # define ____STRTOF_INTERNAL ____wcstold_l_internal > ++# define STRTOF_NAN __wcstold_nan > + #else > + extern long double ____new_strtold_l (const char *, char **, __locale_t); > + # define STRTOF __new_strtold_l > + # define __STRTOF ____new_strtold_l > + # define ____STRTOF_INTERNAL ____strtold_l_internal > ++# define STRTOF_NAN __strtold_nan > + #endif > + extern __typeof (__STRTOF) STRTOF; > + libc_hidden_proto (__STRTOF) > + libc_hidden_proto (STRTOF) > + #define MPN2FLOAT __mpn_construct_long_double > + #define FLOAT_HUGE_VAL HUGE_VALL > +-#define SET_MANTISSA(flt, mant) \ > +- do { union ieee854_long_double u; \ > +- u.d = (flt); \ > +- u.ieee_nan.mantissa0 = 0; \ > +- u.ieee_nan.mantissa1 = 0; \ > +- u.ieee_nan.mantissa2 = (mant) >> 32; \ > +- u.ieee_nan.mantissa3 = (mant); > \ > +- if ((u.ieee.mantissa0 | u.ieee.mantissa1 > \ > +- | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \ > +- (flt) = u.d; \ > +- } while (0) > + > + #include <strtod_l.c> > + > +Index: git/sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h > +=================================================================== > +--- /dev/null > ++++ git/sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h > +@@ -0,0 +1,30 @@ > ++/* Convert string for NaN payload to corresponding NaN. For ldbl-96. > ++ Copyright (C) 1997-2015 Free Software Foundation, Inc. > ++ This file is part of the GNU C Library. > ++ > ++ The GNU C Library is free software; you can redistribute it and/or > ++ modify it under the terms of the GNU Lesser General Public > ++ License as published by the Free Software Foundation; either > ++ version 2.1 of the License, or (at your option) any later version. > ++ > ++ The GNU C Library is distributed in the hope that it will be useful, > ++ but WITHOUT ANY WARRANTY; without even the implied warranty of > ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > ++ Lesser General Public License for more details. > ++ > ++ You should have received a copy of the GNU Lesser General Public > ++ License along with the GNU C Library; if not, see > ++ <http://www.gnu.org/licenses/>. */ > ++ > ++#define FLOAT long double > ++#define SET_MANTISSA(flt, mant) \ > ++ do \ > ++ { \ > ++ union ieee854_long_double u; \ > ++ u.d = (flt); \ > ++ u.ieee_nan.mantissa0 = (mant) >> 32; \ > ++ u.ieee_nan.mantissa1 = (mant); \ > ++ if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \ > ++ (flt) = u.d; \ > ++ } \ > ++ while (0) > +Index: git/sysdeps/ieee754/ldbl-96/strtold_l.c > +=================================================================== > +--- git.orig/sysdeps/ieee754/ldbl-96/strtold_l.c > ++++ git/sysdeps/ieee754/ldbl-96/strtold_l.c > +@@ -25,19 +25,13 @@ > + #ifdef USE_WIDE_CHAR > + # define STRTOF wcstold_l > + # define __STRTOF __wcstold_l > ++# define STRTOF_NAN __wcstold_nan > + #else > + # define STRTOF strtold_l > + # define __STRTOF __strtold_l > ++# define STRTOF_NAN __strtold_nan > + #endif > + #define MPN2FLOAT __mpn_construct_long_double > + #define FLOAT_HUGE_VAL HUGE_VALL > +-#define SET_MANTISSA(flt, mant) \ > +- do { union ieee854_long_double u; \ > +- u.d = (flt); \ > +- u.ieee_nan.mantissa0 = (mant) >> 32; \ > +- u.ieee_nan.mantissa1 = (mant); > \ > +- if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) > \ > +- (flt) = u.d; \ > +- } while (0) > + > + #include <stdlib/strtod_l.c> > +Index: git/wcsmbs/Makefile > +=================================================================== > +--- git.orig/wcsmbs/Makefile > ++++ git/wcsmbs/Makefile > +@@ -39,6 +39,7 @@ routines-$(OPTION_POSIX_C_LANG_WIDE_CHAR > + wcstol wcstoul wcstoll wcstoull wcstod wcstold wcstof \ > + wcstol_l wcstoul_l wcstoll_l wcstoull_l \ > + wcstod_l wcstold_l wcstof_l \ > ++ wcstod_nan wcstold_nan wcstof_nan \ > + wcscoll wcsxfrm \ > + wcwidth wcswidth \ > + wcscoll_l wcsxfrm_l \ > +Index: git/wcsmbs/wcstod_l.c > +=================================================================== > +--- git.orig/wcsmbs/wcstod_l.c > ++++ git/wcsmbs/wcstod_l.c > +@@ -23,9 +23,6 @@ > + > + extern double ____wcstod_l_internal (const wchar_t *, wchar_t **, int, > + __locale_t); > +-extern unsigned long long int ____wcstoull_l_internal (const wchar_t *, > +- wchar_t **, int, int, > +- __locale_t); > + > + #define USE_WIDE_CHAR 1 > + > +Index: git/wcsmbs/wcstod_nan.c > +=================================================================== > +--- /dev/null > ++++ git/wcsmbs/wcstod_nan.c > +@@ -0,0 +1,23 @@ > ++/* Convert string for NaN payload to corresponding NaN. Wide strings, > double. > ++ Copyright (C) 2015 Free Software Foundation, Inc. > ++ This file is part of the GNU C Library. > ++ > ++ The GNU C Library is free software; you can redistribute it and/or > ++ modify it under the terms of the GNU Lesser General Public > ++ License as published by the Free Software Foundation; either > ++ version 2.1 of the License, or (at your option) any later version. > ++ > ++ The GNU C Library is distributed in the hope that it will be useful, > ++ but WITHOUT ANY WARRANTY; without even the implied warranty of > ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > ++ Lesser General Public License for more details. > ++ > ++ You should have received a copy of the GNU Lesser General Public > ++ License along with the GNU C Library; if not, see > ++ <http://www.gnu.org/licenses/>. */ > ++ > ++#include "../stdlib/strtod_nan_wide.h" > ++#include "../stdlib/strtod_nan_double.h" > ++ > ++#define STRTOD_NAN __wcstod_nan > ++#include "../stdlib/strtod_nan_main.c" > +Index: git/wcsmbs/wcstof_l.c > +=================================================================== > +--- git.orig/wcsmbs/wcstof_l.c > ++++ git/wcsmbs/wcstof_l.c > +@@ -25,8 +25,5 @@ > + > + extern float ____wcstof_l_internal (const wchar_t *, wchar_t **, int, > + __locale_t); > +-extern unsigned long long int ____wcstoull_l_internal (const wchar_t *, > +- wchar_t **, int, int, > +- __locale_t); > + > + #include <stdlib/strtof_l.c> > +Index: git/wcsmbs/wcstof_nan.c > +=================================================================== > +--- /dev/null > ++++ git/wcsmbs/wcstof_nan.c > +@@ -0,0 +1,23 @@ > ++/* Convert string for NaN payload to corresponding NaN. Wide strings, > float. > ++ Copyright (C) 2015 Free Software Foundation, Inc. > ++ This file is part of the GNU C Library. > ++ > ++ The GNU C Library is free software; you can redistribute it and/or > ++ modify it under the terms of the GNU Lesser General Public > ++ License as published by the Free Software Foundation; either > ++ version 2.1 of the License, or (at your option) any later version. > ++ > ++ The GNU C Library is distributed in the hope that it will be useful, > ++ but WITHOUT ANY WARRANTY; without even the implied warranty of > ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > ++ Lesser General Public License for more details. > ++ > ++ You should have received a copy of the GNU Lesser General Public > ++ License along with the GNU C Library; if not, see > ++ <http://www.gnu.org/licenses/>. */ > ++ > ++#include "../stdlib/strtod_nan_wide.h" > ++#include "../stdlib/strtod_nan_float.h" > ++ > ++#define STRTOD_NAN __wcstof_nan > ++#include "../stdlib/strtod_nan_main.c" > +Index: git/wcsmbs/wcstold_l.c > +=================================================================== > +--- git.orig/wcsmbs/wcstold_l.c > ++++ git/wcsmbs/wcstold_l.c > +@@ -24,8 +24,5 @@ > + > + extern long double ____wcstold_l_internal (const wchar_t *, wchar_t **, int, > + __locale_t); > +-extern unsigned long long int ____wcstoull_l_internal (const wchar_t *, > +- wchar_t **, int, int, > +- __locale_t); > + > + #include <strtold_l.c> > +Index: git/wcsmbs/wcstold_nan.c > +=================================================================== > +--- /dev/null > ++++ git/wcsmbs/wcstold_nan.c > +@@ -0,0 +1,30 @@ > ++/* Convert string for NaN payload to corresponding NaN. Wide strings, > ++ long double. > ++ Copyright (C) 2015 Free Software Foundation, Inc. > ++ This file is part of the GNU C Library. > ++ > ++ The GNU C Library is free software; you can redistribute it and/or > ++ modify it under the terms of the GNU Lesser General Public > ++ License as published by the Free Software Foundation; either > ++ version 2.1 of the License, or (at your option) any later version. > ++ > ++ The GNU C Library is distributed in the hope that it will be useful, > ++ but WITHOUT ANY WARRANTY; without even the implied warranty of > ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > ++ Lesser General Public License for more details. > ++ > ++ You should have received a copy of the GNU Lesser General Public > ++ License along with the GNU C Library; if not, see > ++ <http://www.gnu.org/licenses/>. */ > ++ > ++#include <math.h> > ++ > ++/* This function is unused if long double and double have the same > ++ representation. */ > ++#ifndef __NO_LONG_DOUBLE_MATH > ++# include "../stdlib/strtod_nan_wide.h" > ++# include <strtod_nan_ldouble.h> > ++ > ++# define STRTOD_NAN __wcstold_nan > ++# include "../stdlib/strtod_nan_main.c" > ++#endif > +Index: git/ChangeLog > +=================================================================== > +--- git.orig/ChangeLog > ++++ git/ChangeLog > +@@ -1,3 +1,57 @@ > ++2015-11-24 Joseph Myers <jos...@codesourcery.com> > ++ > ++ * stdlib/strtod_nan.c: New file. > ++ * stdlib/strtod_nan_double.h: Likewise. > ++ * stdlib/strtod_nan_float.h: Likewise. > ++ * stdlib/strtod_nan_main.c: Likewise. > ++ * stdlib/strtod_nan_narrow.h: Likewise. > ++ * stdlib/strtod_nan_wide.h: Likewise. > ++ * stdlib/strtof_nan.c: Likewise. > ++ * stdlib/strtold_nan.c: Likewise. > ++ * sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h: Likewise. > ++ * sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h: Likewise. > ++ * sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h: Likewise. > ++ * wcsmbs/wcstod_nan.c: Likewise. > ++ * wcsmbs/wcstof_nan.c: Likewise. > ++ * wcsmbs/wcstold_nan.c: Likewise. > ++ * stdlib/Makefile (routines): Add strtof_nan, strtod_nan and > ++ strtold_nan. > ++ * wcsmbs/Makefile (routines): Add wcstod_nan, wcstold_nan and > ++ wcstof_nan. > ++ * include/stdlib.h (__strtof_nan): Declare and use > ++ libc_hidden_proto. > ++ (__strtod_nan): Likewise. > ++ (__strtold_nan): Likewise. > ++ (__wcstof_nan): Likewise. > ++ (__wcstod_nan): Likewise. > ++ (__wcstold_nan): Likewise. > ++ * include/wchar.h (____wcstoull_l_internal): Declare. > ++ * stdlib/strtod_l.c: Do not include <ieee754.h>. > ++ (____strtoull_l_internal): Remove declaration. > ++ (STRTOF_NAN): Define macro. > ++ (SET_MANTISSA): Remove macro. > ++ (STRTOULL): Likewise. > ++ (____STRTOF_INTERNAL): Use STRTOF_NAN to parse NaN payload. > ++ * stdlib/strtof_l.c (____strtoull_l_internal): Remove declaration. > ++ (STRTOF_NAN): Define macro. > ++ (SET_MANTISSA): Remove macro. > ++ * sysdeps/ieee754/ldbl-128/strtold_l.c (STRTOF_NAN): Define macro. > ++ (SET_MANTISSA): Remove macro. > ++ * sysdeps/ieee754/ldbl-128ibm/strtold_l.c (STRTOF_NAN): Define > ++ macro. > ++ (SET_MANTISSA): Remove macro. > ++ * sysdeps/ieee754/ldbl-64-128/strtold_l.c (STRTOF_NAN): Define > ++ macro. > ++ (SET_MANTISSA): Remove macro. > ++ * sysdeps/ieee754/ldbl-96/strtold_l.c (STRTOF_NAN): Define macro. > ++ (SET_MANTISSA): Remove macro. > ++ * wcsmbs/wcstod_l.c (____wcstoull_l_internal): Remove declaration. > ++ * wcsmbs/wcstof_l.c (____wcstoull_l_internal): Likewise. > ++ * wcsmbs/wcstold_l.c (____wcstoull_l_internal): Likewise. > ++ > ++ [BZ #19266] > ++ * stdlib/strtod_l.c (____STRTOF_INTERNAL): Check directly for > ++ upper case and lower case letters inside NAN(), not using TOLOWER. > + 2015-08-08 Paul Pluzhnikov <ppluzhni...@google.com> > + > + [BZ #17905] > diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch > b/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch > new file mode 100644 > index 0000000..0df5e50 > --- /dev/null > +++ b/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch > @@ -0,0 +1,388 @@ > +From 8f5e8b01a1da2a207228f2072c934fa5918554b8 Mon Sep 17 00:00:00 2001 > +From: Joseph Myers <jos...@codesourcery.com> > +Date: Fri, 4 Dec 2015 20:36:28 +0000 > +Subject: [PATCH] Fix nan functions handling of payload strings (bug 16961, > bug > + 16962). > + > +The nan, nanf and nanl functions handle payload strings by doing e.g.: > + > + if (tagp[0] != '\0') > + { > + char buf[6 + strlen (tagp)]; > + sprintf (buf, "NAN(%s)", tagp); > + return strtod (buf, NULL); > + } > + > +This is an unbounded stack allocation based on the length of the > +argument. Furthermore, if the argument starts with an n-char-sequence > +followed by ')', that n-char-sequence is wrongly treated as > +significant for determining the payload of the resulting NaN, when ISO > +C says the call should be equivalent to strtod ("NAN", NULL), without > +being affected by that initial n-char-sequence. This patch fixes both > +those problems by using the __strtod_nan etc. functions recently > +factored out of strtod etc. for that purpose, with those functions > +being exported from libc at version GLIBC_PRIVATE. > + > +Tested for x86_64, x86, mips64 and powerpc. > + > + [BZ #16961] > + [BZ #16962] > + * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a > + string on the stack for strtod. > + * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing > + a string on the stack for strtof. > + * math/s_nanl.c (__nanl): Use __strtold_nan instead of > + constructing a string on the stack for strtold. > + * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and > + __strtold_nan to GLIBC_PRIVATE. > + * math/test-nan-overflow.c: New file. > + * math/test-nan-payload.c: Likewise. > + * math/Makefile (tests): Add test-nan-overflow and > + test-nan-payload. > + > +Upstream-Status: Backport > +CVE: CVE-2015-9761 patch #2 > +[Yocto # 8980] > + > +https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f5e8b01a1da2a207228f2072c934fa5918554b8 > + > +Signed-off-by: Armin Kuster <akus...@mvista.com> > + > +--- > + ChangeLog | 17 +++++++ > + NEWS | 6 +++ > + math/Makefile | 3 +- > + math/s_nan.c | 9 +--- > + math/s_nanf.c | 9 +--- > + math/s_nanl.c | 9 +--- > + math/test-nan-overflow.c | 66 +++++++++++++++++++++++++ > + math/test-nan-payload.c | 122 > +++++++++++++++++++++++++++++++++++++++++++++++ > + stdlib/Versions | 1 + > + 9 files changed, 217 insertions(+), 25 deletions(-) > + create mode 100644 math/test-nan-overflow.c > + create mode 100644 math/test-nan-payload.c > + > +Index: git/ChangeLog > +=================================================================== > +--- git.orig/ChangeLog > ++++ git/ChangeLog > +@@ -1,3 +1,20 @@ > ++2015-12-04 Joseph Myers <jos...@codesourcery.com> > ++ > ++ [BZ #16961] > ++ [BZ #16962] > ++ * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a > ++ string on the stack for strtod. > ++ * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing > ++ a string on the stack for strtof. > ++ * math/s_nanl.c (__nanl): Use __strtold_nan instead of > ++ constructing a string on the stack for strtold. > ++ * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and > ++ __strtold_nan to GLIBC_PRIVATE. > ++ * math/test-nan-overflow.c: New file. > ++ * math/test-nan-payload.c: Likewise. > ++ * math/Makefile (tests): Add test-nan-overflow and > ++ test-nan-payload. > ++ > + 2015-11-24 Joseph Myers <jos...@codesourcery.com> > + > + * stdlib/strtod_nan.c: New file. > +Index: git/NEWS > +=================================================================== > +--- git.orig/NEWS > ++++ git/NEWS > +@@ -7,6 +7,12 @@ using `glibc' in the "product" field. > + > + Version 2.21 > + > ++Security related changes: > ++ > ++* The nan, nanf and nanl functions no longer have unbounded stack usage > ++ depending on the length of the string passed as an argument to the > ++ functions. Reported by Joseph Myers. > ++ > + * The following bugs are resolved with this release: > + > + 6652, 10672, 12674, 12847, 12926, 13862, 14132, 14138, 14171, 14498, > +Index: git/math/s_nan.c > +=================================================================== > +--- git.orig/math/s_nan.c > ++++ git/math/s_nan.c > +@@ -28,14 +28,7 @@ > + double > + __nan (const char *tagp) > + { > +- if (tagp[0] != '\0') > +- { > +- char buf[6 + strlen (tagp)]; > +- sprintf (buf, "NAN(%s)", tagp); > +- return strtod (buf, NULL); > +- } > +- > +- return NAN; > ++ return __strtod_nan (tagp, NULL, 0); > + } > + weak_alias (__nan, nan) > + #ifdef NO_LONG_DOUBLE > +Index: git/math/s_nanf.c > +=================================================================== > +--- git.orig/math/s_nanf.c > ++++ git/math/s_nanf.c > +@@ -28,13 +28,6 @@ > + float > + __nanf (const char *tagp) > + { > +- if (tagp[0] != '\0') > +- { > +- char buf[6 + strlen (tagp)]; > +- sprintf (buf, "NAN(%s)", tagp); > +- return strtof (buf, NULL); > +- } > +- > +- return NAN; > ++ return __strtof_nan (tagp, NULL, 0); > + } > + weak_alias (__nanf, nanf) > +Index: git/math/s_nanl.c > +=================================================================== > +--- git.orig/math/s_nanl.c > ++++ git/math/s_nanl.c > +@@ -28,13 +28,6 @@ > + long double > + __nanl (const char *tagp) > + { > +- if (tagp[0] != '\0') > +- { > +- char buf[6 + strlen (tagp)]; > +- sprintf (buf, "NAN(%s)", tagp); > +- return strtold (buf, NULL); > +- } > +- > +- return NAN; > ++ return __strtold_nan (tagp, NULL, 0); > + } > + weak_alias (__nanl, nanl) > +Index: git/math/test-nan-overflow.c > +=================================================================== > +--- /dev/null > ++++ git/math/test-nan-overflow.c > +@@ -0,0 +1,66 @@ > ++/* Test nan functions stack overflow (bug 16962). > ++ Copyright (C) 2015 Free Software Foundation, Inc. > ++ This file is part of the GNU C Library. > ++ > ++ The GNU C Library is free software; you can redistribute it and/or > ++ modify it under the terms of the GNU Lesser General Public > ++ License as published by the Free Software Foundation; either > ++ version 2.1 of the License, or (at your option) any later version. > ++ > ++ The GNU C Library is distributed in the hope that it will be useful, > ++ but WITHOUT ANY WARRANTY; without even the implied warranty of > ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > ++ Lesser General Public License for more details. > ++ > ++ You should have received a copy of the GNU Lesser General Public > ++ License along with the GNU C Library; if not, see > ++ <http://www.gnu.org/licenses/>. */ > ++ > ++#include <math.h> > ++#include <stdio.h> > ++#include <string.h> > ++#include <sys/resource.h> > ++ > ++#define STACK_LIM 1048576 > ++#define STRING_SIZE (2 * STACK_LIM) > ++ > ++static int > ++do_test (void) > ++{ > ++ int result = 0; > ++ struct rlimit lim; > ++ getrlimit (RLIMIT_STACK, &lim); > ++ lim.rlim_cur = STACK_LIM; > ++ setrlimit (RLIMIT_STACK, &lim); > ++ char *nanstr = malloc (STRING_SIZE); > ++ if (nanstr == NULL) > ++ { > ++ puts ("malloc failed, cannot test"); > ++ return 77; > ++ } > ++ memset (nanstr, '0', STRING_SIZE - 1); > ++ nanstr[STRING_SIZE - 1] = 0; > ++#define NAN_TEST(TYPE, FUNC) \ > ++ do \ > ++ { \ > ++ char *volatile p = nanstr; \ > ++ volatile TYPE v = FUNC (p); \ > ++ if (isnan (v)) \ > ++ puts ("PASS: " #FUNC); \ > ++ else \ > ++ { \ > ++ puts ("FAIL: " #FUNC); \ > ++ result = 1; \ > ++ } \ > ++ } \ > ++ while (0) > ++ NAN_TEST (float, nanf); > ++ NAN_TEST (double, nan); > ++#ifndef NO_LONG_DOUBLE > ++ NAN_TEST (long double, nanl); > ++#endif > ++ return result; > ++} > ++ > ++#define TEST_FUNCTION do_test () > ++#include "../test-skeleton.c" > +Index: git/math/test-nan-payload.c > +=================================================================== > +--- /dev/null > ++++ git/math/test-nan-payload.c > +@@ -0,0 +1,122 @@ > ++/* Test nan functions payload handling (bug 16961). > ++ Copyright (C) 2015 Free Software Foundation, Inc. > ++ This file is part of the GNU C Library. > ++ > ++ The GNU C Library is free software; you can redistribute it and/or > ++ modify it under the terms of the GNU Lesser General Public > ++ License as published by the Free Software Foundation; either > ++ version 2.1 of the License, or (at your option) any later version. > ++ > ++ The GNU C Library is distributed in the hope that it will be useful, > ++ but WITHOUT ANY WARRANTY; without even the implied warranty of > ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > ++ Lesser General Public License for more details. > ++ > ++ You should have received a copy of the GNU Lesser General Public > ++ License along with the GNU C Library; if not, see > ++ <http://www.gnu.org/licenses/>. */ > ++ > ++#include <float.h> > ++#include <math.h> > ++#include <stdio.h> > ++#include <stdlib.h> > ++#include <string.h> > ++ > ++/* Avoid built-in functions. */ > ++#define WRAP_NAN(FUNC, STR) \ > ++ ({ const char *volatile wns = (STR); FUNC (wns); }) > ++#define WRAP_STRTO(FUNC, STR) \ > ++ ({ const char *volatile wss = (STR); FUNC (wss, NULL); }) > ++ > ++#define CHECK_IS_NAN(TYPE, A) \ > ++ do \ > ++ { \ > ++ if (isnan (A)) \ > ++ puts ("PASS: " #TYPE " " #A); \ > ++ else \ > ++ { \ > ++ puts ("FAIL: " #TYPE " " #A); \ > ++ result = 1; \ > ++ } \ > ++ } \ > ++ while (0) > ++ > ++#define CHECK_SAME_NAN(TYPE, A, B) \ > ++ do \ > ++ { \ > ++ if (memcmp (&(A), &(B), sizeof (A)) == 0) \ > ++ puts ("PASS: " #TYPE " " #A " = " #B); \ > ++ else \ > ++ { \ > ++ puts ("FAIL: " #TYPE " " #A " = " #B); \ > ++ result = 1; \ > ++ } \ > ++ } \ > ++ while (0) > ++ > ++#define CHECK_DIFF_NAN(TYPE, A, B) \ > ++ do \ > ++ { \ > ++ if (memcmp (&(A), &(B), sizeof (A)) != 0) \ > ++ puts ("PASS: " #TYPE " " #A " != " #B); \ > ++ else \ > ++ { \ > ++ puts ("FAIL: " #TYPE " " #A " != " #B); \ > ++ result = 1; \ > ++ } \ > ++ } \ > ++ while (0) > ++ > ++/* Cannot test payloads by memcmp for formats where NaNs have padding > ++ bits. */ > ++#define CAN_TEST_EQ(MANT_DIG) ((MANT_DIG) != 64 && (MANT_DIG) != 106) > ++ > ++#define RUN_TESTS(TYPE, SFUNC, FUNC, MANT_DIG) \ > ++ do \ > ++ { \ > ++ TYPE n123 = WRAP_NAN (FUNC, "123"); \ > ++ CHECK_IS_NAN (TYPE, n123); \ > ++ TYPE s123 = WRAP_STRTO (SFUNC, "NAN(123)"); \ > ++ CHECK_IS_NAN (TYPE, s123); \ > ++ TYPE n456 = WRAP_NAN (FUNC, "456"); \ > ++ CHECK_IS_NAN (TYPE, n456); \ > ++ TYPE s456 = WRAP_STRTO (SFUNC, "NAN(456)"); \ > ++ CHECK_IS_NAN (TYPE, s456); \ > ++ TYPE n123x = WRAP_NAN (FUNC, "123)"); \ > ++ CHECK_IS_NAN (TYPE, n123x); \ > ++ TYPE nemp = WRAP_NAN (FUNC, ""); \ > ++ CHECK_IS_NAN (TYPE, nemp); \ > ++ TYPE semp = WRAP_STRTO (SFUNC, "NAN()"); \ > ++ CHECK_IS_NAN (TYPE, semp); \ > ++ TYPE sx = WRAP_STRTO (SFUNC, "NAN"); \ > ++ CHECK_IS_NAN (TYPE, sx); \ > ++ if (CAN_TEST_EQ (MANT_DIG)) \ > ++ CHECK_SAME_NAN (TYPE, n123, s123); \ > ++ if (CAN_TEST_EQ (MANT_DIG)) \ > ++ CHECK_SAME_NAN (TYPE, n456, s456); \ > ++ if (CAN_TEST_EQ (MANT_DIG)) \ > ++ CHECK_SAME_NAN (TYPE, nemp, semp); \ > ++ if (CAN_TEST_EQ (MANT_DIG)) \ > ++ CHECK_SAME_NAN (TYPE, n123x, sx); \ > ++ CHECK_DIFF_NAN (TYPE, n123, n456); \ > ++ CHECK_DIFF_NAN (TYPE, n123, nemp); \ > ++ CHECK_DIFF_NAN (TYPE, n123, n123x); \ > ++ CHECK_DIFF_NAN (TYPE, n456, nemp); \ > ++ CHECK_DIFF_NAN (TYPE, n456, n123x); \ > ++ } \ > ++ while (0) > ++ > ++static int > ++do_test (void) > ++{ > ++ int result = 0; > ++ RUN_TESTS (float, strtof, nanf, FLT_MANT_DIG); > ++ RUN_TESTS (double, strtod, nan, DBL_MANT_DIG); > ++#ifndef NO_LONG_DOUBLE > ++ RUN_TESTS (long double, strtold, nanl, LDBL_MANT_DIG); > ++#endif > ++ return result; > ++} > ++ > ++#define TEST_FUNCTION do_test () > ++#include "../test-skeleton.c" > +Index: git/stdlib/Versions > +=================================================================== > +--- git.orig/stdlib/Versions > ++++ git/stdlib/Versions > +@@ -118,5 +118,6 @@ libc { > + # Used from other libraries > + __libc_secure_getenv; > + __call_tls_dtors; > ++ __strtof_nan; __strtod_nan; __strtold_nan; > + } > + } > +Index: git/math/Makefile > +=================================================================== > +--- git.orig/math/Makefile > ++++ git/math/Makefile > +@@ -92,7 +92,9 @@ tests = test-matherr test-fenv atest-exp > + test-misc test-fpucw test-fpucw-ieee tst-definitions test-tgmath \ > + test-tgmath-ret bug-nextafter bug-nexttoward bug-tgmath1 \ > + test-tgmath-int test-tgmath2 test-powl tst-CMPLX tst-CMPLX2 test-snan \ > +- test-fenv-tls test-fenv-preserve test-fenv-return $(tests-static) > ++ test-fenv-tls test-fenv-preserve test-fenv-return \ > ++ test-nan-overflow test-nan-payload \ > ++ $(tests-static) > + tests-static = test-fpucw-static test-fpucw-ieee-static > + # We do the `long double' tests only if this data type is available and > + # distinct from `double'. > diff --git a/meta/recipes-core/glibc/glibc_2.20.bb > b/meta/recipes-core/glibc/glibc_2.20.bb > index af568d9..d099d5d 100644 > --- a/meta/recipes-core/glibc/glibc_2.20.bb > +++ b/meta/recipes-core/glibc/glibc_2.20.bb > @@ -50,6 +50,8 @@ CVEPATCHES = "\ > file://CVE-2015-7547.patch \ > file://CVE-2015-8777.patch \ > file://CVE-2015-8779.patch \ > + file://CVE-2015-9761_1.patch \ > + file://CVE-2015-9761_2.patch \ > " > > LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \ > -- > 2.3.5 > > -- > _______________________________________________ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- Martin 'JaMa' Jansa jabber: martin.ja...@gmail.com
signature.asc
Description: Digital signature
-- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
