diff options
| author | Kai Kang <kai.kang@windriver.com> | 2019-04-10 01:56:06 -0400 |
|---|---|---|
| committer | Joe MacDonald <joe@deserted.net> | 2019-04-14 17:29:57 -0400 |
| commit | c0186953ac0396d415477b2c709decded5df4e32 (patch) | |
| tree | cfa6ff532ef33ff40b44ad11ec7783d66e498172 | |
| parent | fb5d3d86b5461694e144bfb1e9445d069cbb74a0 (diff) | |
| download | meta-selinux-c0186953ac0396d415477b2c709decded5df4e32.tar.gz | |
setools: fix build failure with gcc 7
Backport patch from setools upstream to fix build failure with GCC 7 due
to possible truncation of snprintf output. It could be reproduced on 64
bit bsps such as qemux86-64 and qemumips64 with configs:
SELECTED_OPTIMIZATION = "${DEBUG_OPTIMIZATION}"
DEBUG_BUILD = "1"
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
| -rw-r--r-- | recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch | 90 |
1 files changed, 74 insertions, 16 deletions
diff --git a/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch b/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch index d0faba8..a5af041 100644 --- a/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch +++ b/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch | |||
| @@ -1,6 +1,10 @@ | |||
| 1 | From 790d7a538f515d27d2390f1ef56c9871b107a346 Mon Sep 17 00:00:00 2001 | 1 | Upstream-Status: Backport [https://github.com/TresysTechnology/setools/commit/e41adf0] |
| 2 | From: Steve Langasek <steve.langasek@canonical.com> | 2 | |
| 3 | Date: Sun, 27 Aug 2017 21:28:40 -0700 | 3 | Signed-off-by: Kai Kang <kai.kang@windriver.com> |
| 4 | |||
| 5 | From e41adf01647c695b80b112b337e76021bb9f30c3 Mon Sep 17 00:00:00 2001 | ||
| 6 | From: Laurent Bigonville <bigon@bigon.be> | ||
| 7 | Date: Tue, 26 Sep 2017 15:15:30 +0200 | ||
| 4 | Subject: [PATCH] Fix build failure with GCC 7 due to possible truncation of | 8 | Subject: [PATCH] Fix build failure with GCC 7 due to possible truncation of |
| 5 | snprintf output | 9 | snprintf output |
| 6 | 10 | ||
| @@ -15,33 +19,87 @@ libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 429496 | |||
| 15 | snprintf(buff, 9, "@ttr%04zd", i + 1); | 19 | snprintf(buff, 9, "@ttr%04zd", i + 1); |
| 16 | ^~~~~~~~~~~ | 20 | ^~~~~~~~~~~ |
| 17 | 21 | ||
| 18 | Exceeding 10,000 attributes is necessarily going to result in collisions | 22 | Increase the size of the buffer to avoid collisions |
| 19 | inserting into the hash table given this naming scheme, and we already error | ||
| 20 | out on the first collision; but there will be holes since types are not | ||
| 21 | handled the same as attributes. Short of making backwards-incompatible | ||
| 22 | changes to the entry names, this is probably the best way to fix this build | ||
| 23 | failure while reducing the chances of a hash collision in the unlikely event | ||
| 24 | that the hashtable is (nearly) full. | ||
| 25 | 23 | ||
| 26 | Closes: https://github.com/TresysTechnology/setools/issues/174 | 24 | Closes: https://github.com/TresysTechnology/setools/issues/174 |
| 27 | Signed-off-by: Mark Hatle <mark.hatle@windriver.com> | 25 | Signed-off-by: Laurent Bigonville <bigon@bigon.be> |
| 28 | --- | 26 | --- |
| 29 | libqpol/policy_extend.c | 2 +- | 27 | libqpol/policy_extend.c | 16 ++++++++-------- |
| 30 | 1 file changed, 1 insertion(+), 1 deletion(-) | 28 | 1 file changed, 8 insertions(+), 8 deletions(-) |
| 31 | 29 | ||
| 32 | diff --git a/libqpol/policy_extend.c b/libqpol/policy_extend.c | 30 | diff --git a/libqpol/policy_extend.c b/libqpol/policy_extend.c |
| 33 | index 742819b..70e8f7c 100644 | 31 | index 742819b..739e184 100644 |
| 34 | --- a/libqpol/policy_extend.c | 32 | --- a/libqpol/policy_extend.c |
| 35 | +++ b/libqpol/policy_extend.c | 33 | +++ b/libqpol/policy_extend.c |
| 34 | @@ -110,7 +110,7 @@ static int qpol_policy_remove_bogus_aliases(qpol_policy_t * policy) | ||
| 35 | * Builds data for the attributes and inserts them into the policydb. | ||
| 36 | * This function modifies the policydb. Names created for attributes | ||
| 37 | * are of the form @ttr<value> where value is the value of the attribute | ||
| 38 | - * as a four digit number (prepended with 0's as needed). | ||
| 39 | + * as a ten digit number (prepended with 0's as needed). | ||
| 40 | * @param policy The policy from which to read the attribute map and | ||
| 41 | * create the type data for the attributes. This policy will be altered | ||
| 42 | * by this function. | ||
| 43 | @@ -125,7 +125,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy) | ||
| 44 | uint32_t bit = 0, count = 0; | ||
| 45 | ebitmap_node_t *node = NULL; | ||
| 46 | type_datum_t *tmp_type = NULL, *orig_type; | ||
| 47 | - char *tmp_name = NULL, buff[10]; | ||
| 48 | + char *tmp_name = NULL, buff[16]; | ||
| 49 | int error = 0, retv; | ||
| 50 | |||
| 51 | INFO(policy, "%s", "Generating attributes for policy. (Step 4 of 5)"); | ||
| 52 | @@ -137,7 +137,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy) | ||
| 53 | |||
| 54 | db = &policy->p->p; | ||
| 55 | |||
| 56 | - memset(&buff, 0, 10 * sizeof(char)); | ||
| 57 | + memset(&buff, 0, 16 * sizeof(char)); | ||
| 58 | |||
| 59 | for (i = 0; i < db->p_types.nprim; i++) { | ||
| 60 | /* skip types */ | ||
| 36 | @@ -158,7 +158,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy) | 61 | @@ -158,7 +158,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy) |
| 37 | * with this attribute */ | 62 | * with this attribute */ |
| 38 | /* Does not exist */ | 63 | /* Does not exist */ |
| 39 | if (db->p_type_val_to_name[i] == NULL){ | 64 | if (db->p_type_val_to_name[i] == NULL){ |
| 40 | - snprintf(buff, 9, "@ttr%04zd", i + 1); | 65 | - snprintf(buff, 9, "@ttr%04zd", i + 1); |
| 41 | + snprintf(buff, 9, "@ttr%04zd", (i + 1) % 10000); | 66 | + snprintf(buff, 15, "@ttr%010zd", i + 1); |
| 42 | tmp_name = strdup(buff); | 67 | tmp_name = strdup(buff); |
| 43 | if (!tmp_name) { | 68 | if (!tmp_name) { |
| 44 | error = errno; | 69 | error = errno; |
| 70 | @@ -240,7 +240,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy) | ||
| 71 | * Builds data for empty attributes and inserts them into the policydb. | ||
| 72 | * This function modifies the policydb. Names created for the attributes | ||
| 73 | * are of the form @ttr<value> where value is the value of the attribute | ||
| 74 | - * as a four digit number (prepended with 0's as needed). | ||
| 75 | + * as a ten digit number (prepended with 0's as needed). | ||
| 76 | * @param policy The policy to which to add type data for attributes. | ||
| 77 | * This policy will be altered by this function. | ||
| 78 | * @return Returns 0 on success and < 0 on failure; if the call fails, | ||
| 79 | @@ -251,7 +251,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy) | ||
| 80 | static int qpol_policy_fill_attr_holes(qpol_policy_t * policy) | ||
| 81 | { | ||
| 82 | policydb_t *db = NULL; | ||
| 83 | - char *tmp_name = NULL, buff[10]; | ||
| 84 | + char *tmp_name = NULL, buff[16]; | ||
| 85 | int error = 0, retv = 0; | ||
| 86 | ebitmap_t tmp_bmap = { NULL, 0 }; | ||
| 87 | type_datum_t *tmp_type = NULL; | ||
| 88 | @@ -265,12 +265,12 @@ static int qpol_policy_fill_attr_holes(qpol_policy_t * policy) | ||
| 89 | |||
| 90 | db = &policy->p->p; | ||
| 91 | |||
| 92 | - memset(&buff, 0, 10 * sizeof(char)); | ||
| 93 | + memset(&buff, 0, 16 * sizeof(char)); | ||
| 94 | |||
| 95 | for (i = 0; i < db->p_types.nprim; i++) { | ||
| 96 | if (db->type_val_to_struct[i]) | ||
| 97 | continue; | ||
| 98 | - snprintf(buff, 9, "@ttr%04zd", i + 1); | ||
| 99 | + snprintf(buff, 15, "@ttr%010zd", i + 1); | ||
| 100 | tmp_name = strdup(buff); | ||
| 101 | if (!tmp_name) { | ||
| 102 | error = errno; | ||
| 45 | -- | 103 | -- |
| 46 | 1.8.3.1 | 104 | 2.20.1 |
| 47 | 105 | ||