diff options
| author | Joseph Myers <joseph@codesourcery.com> | 2015-12-04 20:36:28 +0000 |
|---|---|---|
| committer | Joseph Myers <joseph@codesourcery.com> | 2015-12-04 20:36:28 +0000 |
| commit | 8f5e8b01a1da2a207228f2072c934fa5918554b8 (patch) | |
| tree | c9d9d33b21af5a9df86f398d2d1fd6b42eee1e28 /math/test-nan-overflow.c | |
| parent | 79e0d340a9e7fb2c931686462131c92b99611003 (diff) | |
Fix nan functions handling of payload strings (bug 16961, bug 16962).
The nan, nanf and nanl functions handle payload strings by doing e.g.:
if (tagp[0] != '\0')
{
char buf[6 + strlen (tagp)];
sprintf (buf, "NAN(%s)", tagp);
return strtod (buf, NULL);
}
This is an unbounded stack allocation based on the length of the
argument. Furthermore, if the argument starts with an n-char-sequence
followed by ')', that n-char-sequence is wrongly treated as
significant for determining the payload of the resulting NaN, when ISO
C says the call should be equivalent to strtod ("NAN", NULL), without
being affected by that initial n-char-sequence. This patch fixes both
those problems by using the __strtod_nan etc. functions recently
factored out of strtod etc. for that purpose, with those functions
being exported from libc at version GLIBC_PRIVATE.
Tested for x86_64, x86, mips64 and powerpc.
[BZ #16961]
[BZ #16962]
* math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
string on the stack for strtod.
* math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
a string on the stack for strtof.
* math/s_nanl.c (__nanl): Use __strtold_nan instead of
constructing a string on the stack for strtold.
* stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
__strtold_nan to GLIBC_PRIVATE.
* math/test-nan-overflow.c: New file.
* math/test-nan-payload.c: Likewise.
* math/Makefile (tests): Add test-nan-overflow and
test-nan-payload.
Diffstat (limited to 'math/test-nan-overflow.c')
| -rw-r--r-- | math/test-nan-overflow.c | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/math/test-nan-overflow.c b/math/test-nan-overflow.c new file mode 100644 index 0000000000..f56aaf3c92 --- /dev/null +++ b/math/test-nan-overflow.c @@ -0,0 +1,66 @@ +/* Test nan functions stack overflow (bug 16962). + Copyright (C) 2015 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <http://www.gnu.org/licenses/>. */ + +#include <math.h> +#include <stdio.h> +#include <string.h> +#include <sys/resource.h> + +#define STACK_LIM 1048576 +#define STRING_SIZE (2 * STACK_LIM) + +static int +do_test (void) +{ + int result = 0; + struct rlimit lim; + getrlimit (RLIMIT_STACK, &lim); + lim.rlim_cur = STACK_LIM; + setrlimit (RLIMIT_STACK, &lim); + char *nanstr = malloc (STRING_SIZE); + if (nanstr == NULL) + { + puts ("malloc failed, cannot test"); + return 77; + } + memset (nanstr, '0', STRING_SIZE - 1); + nanstr[STRING_SIZE - 1] = 0; +#define NAN_TEST(TYPE, FUNC) \ + do \ + { \ + char *volatile p = nanstr; \ + volatile TYPE v = FUNC (p); \ + if (isnan (v)) \ + puts ("PASS: " #FUNC); \ + else \ + { \ + puts ("FAIL: " #FUNC); \ + result = 1; \ + } \ + } \ + while (0) + NAN_TEST (float, nanf); + NAN_TEST (double, nan); +#ifndef NO_LONG_DOUBLE + NAN_TEST (long double, nanl); +#endif + return result; +} + +#define TEST_FUNCTION do_test () +#include "../test-skeleton.c" |