From: "H.J. Lu" <hjl.tools@gmail.com>
To: alexandre.ferrieux@orange.com
Cc: Florian Weimer <fweimer@redhat.com>,
libc-alpha@sourceware.org, carlos@redhat.com
Subject: Re: [PATCH] Fix #27777 - now use a doubly-linked list for _IO_list_all
Date: Tue, 30 Apr 2024 10:22:25 -0700 [thread overview]
Message-ID: <CAMe9rOr2XX8oaGL7roZm+PcwkkfaUXiYi5GKFNJQWPhH37kmNA@mail.gmail.com> (raw)
In-Reply-To: <CAMe9rOoBA=kc2L9CMPJLQ=g8HBw__UAsEo12_BG7UaT=d-R6Cw@mail.gmail.com>
On Mon, Apr 29, 2024 at 7:47 PM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> On Mon, Apr 29, 2024 at 12:05 PM <alexandre.ferrieux@orange.com> wrote:
> >
> > On 29/04/2024 15:20, Florian Weimer wrote:
> > >
> > > * alexandre ferrieux:
> > >
> > >> To do this in a robust manner, how about using _flags2 ?
> > >> (I see _flags has one value left, 0x4000, but it's "reserved for compat"... too bad)
> > >>
> > >> Something like:
> > >>
> > >> #define _IO_FLAGS2_HAS_PREVCHAIN 256
> > >>
> > >> void _IO_old_init (FILE *fp, int flags) {
> > >> ...
> > >> fp->flags2 |= _IO_FLAGS2_HAS_PREVCHAIN ;
> > >> }
> > >>
> > >> void __stdfiles_init(void)
> > >> {
> > >> ...
> > >> (**f).flags2 |= _IO_FLAGS2_HAS_PREVCHAIN ;
> > >> }
> > >>
> > >>
> > >> Then, (fp->flags2&_IO_FLAGS2_HAS_PREVCHAIN) becomes a reliable
>
> This won't work for copy relocation in old binaries.
>
> > >> criterion for _IO_link_in and _IO_un_link to decide whether to use the
> > >> new algorithm or the old one.
> > >>
> > >> What do you think ?
> > >
> > > I believe you can use the vtable_offset field as that flag. See this
> > > code in stdio-common/vfprintf-internal.c:
> > >
> > > 133
> > > 134 # define ORIENT if (_IO_vtable_offset (s) == 0 && _IO_fwide (s,
> > > 134 -1) != -1)\
> > > 135 return -1
> >
> > Why is it sufficient ? Doesn't the nullity of the vtable_offset identify a
> > different point in versions history ?
> >
> > An "old binary", recent enough to have the modern vtable_offset, but compiled
> > with the include files just before the patch, can presumably create an old
> > _IO_FILE, insert it "by hand" into _IO_list_all, *not* updating the prevchain of
> > the next-in-line, and then crash when the latter is closed.
> >
>
> Here is a patch with _IO_vtable_offset (s) == 0 check.
>
Here is the updated patch with a testcase:
https://patchwork.sourceware.org/project/glibc/list/?series=33314
--
H.J.
next prev parent reply other threads:[~2024-04-30 17:23 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-26 14:18 [PATCH] Fix #27777 - now use a doubly-linked list for _IO_list_all alexandre.ferrieux
2024-04-26 14:45 ` H.J. Lu
[not found] ` <ffa6e29b-3a7b-4be6-a0d2-327510a7094d@orange.com>
2024-04-26 15:05 ` H.J. Lu
2024-04-26 15:12 ` H.J. Lu
[not found] ` <84cbc4a9-2ddf-45f3-94be-132441db5c8a@orange.com>
2024-04-26 15:16 ` H.J. Lu
[not found] ` <7fa02e06-42b1-463b-a7c4-66600d524186@orange.com>
2024-04-26 16:08 ` H.J. Lu
[not found] ` <5fad7b2e-43a4-4e57-bd10-a9ce1ce38006@orange.com>
2024-04-26 16:24 ` H.J. Lu
2024-04-26 17:51 ` Florian Weimer
2024-04-26 18:20 ` alexandre.ferrieux
2024-04-26 18:44 ` alexandre.ferrieux
2024-04-26 19:08 ` Florian Weimer
2024-04-26 19:08 ` Florian Weimer
2024-04-26 18:50 ` H.J. Lu
2024-04-26 19:04 ` alexandre.ferrieux
2024-04-26 19:16 ` Florian Weimer
2024-04-26 20:15 ` alexandre.ferrieux
2024-04-29 13:20 ` Florian Weimer
2024-04-29 19:05 ` alexandre.ferrieux
2024-04-30 2:47 ` H.J. Lu
2024-04-30 17:22 ` H.J. Lu [this message]
2024-04-26 19:09 ` Florian Weimer
-- strict thread matches above, loose matches on Subject: below --
2024-04-30 17:20 H.J. Lu
2024-04-30 18:00 ` alexandre.ferrieux
2024-04-30 18:11 ` H.J. Lu
2024-04-30 19:37 ` H.J. Lu
2024-04-30 19:52 ` alexandre.ferrieux
2024-04-30 20:02 ` H.J. Lu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/libc/involved.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMe9rOr2XX8oaGL7roZm+PcwkkfaUXiYi5GKFNJQWPhH37kmNA@mail.gmail.com \
--to=hjl.tools@gmail.com \
--cc=alexandre.ferrieux@orange.com \
--cc=carlos@redhat.com \
--cc=fweimer@redhat.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).