diff options
author | Kai Kang <kai.kang@windriver.com> | 2019-04-10 01:56:06 -0400 |
---|---|---|
committer | Joe MacDonald <joe@deserted.net> | 2019-04-14 17:29:57 -0400 |
commit | c0186953ac0396d415477b2c709decded5df4e32 (patch) | |
tree | cfa6ff532ef33ff40b44ad11ec7783d66e498172 | |
parent | fb5d3d86b5461694e144bfb1e9445d069cbb74a0 (diff) | |
download | meta-selinux-c0186953ac0396d415477b2c709decded5df4e32.tar.gz |
setools: fix build failure with gcc 7
Backport patch from setools upstream to fix build failure with GCC 7 due
to possible truncation of snprintf output. It could be reproduced on 64
bit bsps such as qemux86-64 and qemumips64 with configs:
SELECTED_OPTIMIZATION = "${DEBUG_OPTIMIZATION}"
DEBUG_BUILD = "1"
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
-rw-r--r-- | recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch | 90 |
1 files changed, 74 insertions, 16 deletions
diff --git a/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch b/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch index d0faba8..a5af041 100644 --- a/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch +++ b/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch | |||
@@ -1,6 +1,10 @@ | |||
1 | From 790d7a538f515d27d2390f1ef56c9871b107a346 Mon Sep 17 00:00:00 2001 | 1 | Upstream-Status: Backport [https://github.com/TresysTechnology/setools/commit/e41adf0] |
2 | From: Steve Langasek <steve.langasek@canonical.com> | 2 | |
3 | Date: Sun, 27 Aug 2017 21:28:40 -0700 | 3 | Signed-off-by: Kai Kang <kai.kang@windriver.com> |
4 | |||
5 | From e41adf01647c695b80b112b337e76021bb9f30c3 Mon Sep 17 00:00:00 2001 | ||
6 | From: Laurent Bigonville <bigon@bigon.be> | ||
7 | Date: Tue, 26 Sep 2017 15:15:30 +0200 | ||
4 | Subject: [PATCH] Fix build failure with GCC 7 due to possible truncation of | 8 | Subject: [PATCH] Fix build failure with GCC 7 due to possible truncation of |
5 | snprintf output | 9 | snprintf output |
6 | 10 | ||
@@ -15,33 +19,87 @@ libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 429496 | |||
15 | snprintf(buff, 9, "@ttr%04zd", i + 1); | 19 | snprintf(buff, 9, "@ttr%04zd", i + 1); |
16 | ^~~~~~~~~~~ | 20 | ^~~~~~~~~~~ |
17 | 21 | ||
18 | Exceeding 10,000 attributes is necessarily going to result in collisions | 22 | Increase the size of the buffer to avoid collisions |
19 | inserting into the hash table given this naming scheme, and we already error | ||
20 | out on the first collision; but there will be holes since types are not | ||
21 | handled the same as attributes. Short of making backwards-incompatible | ||
22 | changes to the entry names, this is probably the best way to fix this build | ||
23 | failure while reducing the chances of a hash collision in the unlikely event | ||
24 | that the hashtable is (nearly) full. | ||
25 | 23 | ||
26 | Closes: https://github.com/TresysTechnology/setools/issues/174 | 24 | Closes: https://github.com/TresysTechnology/setools/issues/174 |
27 | Signed-off-by: Mark Hatle <mark.hatle@windriver.com> | 25 | Signed-off-by: Laurent Bigonville <bigon@bigon.be> |
28 | --- | 26 | --- |
29 | libqpol/policy_extend.c | 2 +- | 27 | libqpol/policy_extend.c | 16 ++++++++-------- |
30 | 1 file changed, 1 insertion(+), 1 deletion(-) | 28 | 1 file changed, 8 insertions(+), 8 deletions(-) |
31 | 29 | ||
32 | diff --git a/libqpol/policy_extend.c b/libqpol/policy_extend.c | 30 | diff --git a/libqpol/policy_extend.c b/libqpol/policy_extend.c |
33 | index 742819b..70e8f7c 100644 | 31 | index 742819b..739e184 100644 |
34 | --- a/libqpol/policy_extend.c | 32 | --- a/libqpol/policy_extend.c |
35 | +++ b/libqpol/policy_extend.c | 33 | +++ b/libqpol/policy_extend.c |
34 | @@ -110,7 +110,7 @@ static int qpol_policy_remove_bogus_aliases(qpol_policy_t * policy) | ||
35 | * Builds data for the attributes and inserts them into the policydb. | ||
36 | * This function modifies the policydb. Names created for attributes | ||
37 | * are of the form @ttr<value> where value is the value of the attribute | ||
38 | - * as a four digit number (prepended with 0's as needed). | ||
39 | + * as a ten digit number (prepended with 0's as needed). | ||
40 | * @param policy The policy from which to read the attribute map and | ||
41 | * create the type data for the attributes. This policy will be altered | ||
42 | * by this function. | ||
43 | @@ -125,7 +125,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy) | ||
44 | uint32_t bit = 0, count = 0; | ||
45 | ebitmap_node_t *node = NULL; | ||
46 | type_datum_t *tmp_type = NULL, *orig_type; | ||
47 | - char *tmp_name = NULL, buff[10]; | ||
48 | + char *tmp_name = NULL, buff[16]; | ||
49 | int error = 0, retv; | ||
50 | |||
51 | INFO(policy, "%s", "Generating attributes for policy. (Step 4 of 5)"); | ||
52 | @@ -137,7 +137,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy) | ||
53 | |||
54 | db = &policy->p->p; | ||
55 | |||
56 | - memset(&buff, 0, 10 * sizeof(char)); | ||
57 | + memset(&buff, 0, 16 * sizeof(char)); | ||
58 | |||
59 | for (i = 0; i < db->p_types.nprim; i++) { | ||
60 | /* skip types */ | ||
36 | @@ -158,7 +158,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy) | 61 | @@ -158,7 +158,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy) |
37 | * with this attribute */ | 62 | * with this attribute */ |
38 | /* Does not exist */ | 63 | /* Does not exist */ |
39 | if (db->p_type_val_to_name[i] == NULL){ | 64 | if (db->p_type_val_to_name[i] == NULL){ |
40 | - snprintf(buff, 9, "@ttr%04zd", i + 1); | 65 | - snprintf(buff, 9, "@ttr%04zd", i + 1); |
41 | + snprintf(buff, 9, "@ttr%04zd", (i + 1) % 10000); | 66 | + snprintf(buff, 15, "@ttr%010zd", i + 1); |
42 | tmp_name = strdup(buff); | 67 | tmp_name = strdup(buff); |
43 | if (!tmp_name) { | 68 | if (!tmp_name) { |
44 | error = errno; | 69 | error = errno; |
70 | @@ -240,7 +240,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy) | ||
71 | * Builds data for empty attributes and inserts them into the policydb. | ||
72 | * This function modifies the policydb. Names created for the attributes | ||
73 | * are of the form @ttr<value> where value is the value of the attribute | ||
74 | - * as a four digit number (prepended with 0's as needed). | ||
75 | + * as a ten digit number (prepended with 0's as needed). | ||
76 | * @param policy The policy to which to add type data for attributes. | ||
77 | * This policy will be altered by this function. | ||
78 | * @return Returns 0 on success and < 0 on failure; if the call fails, | ||
79 | @@ -251,7 +251,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy) | ||
80 | static int qpol_policy_fill_attr_holes(qpol_policy_t * policy) | ||
81 | { | ||
82 | policydb_t *db = NULL; | ||
83 | - char *tmp_name = NULL, buff[10]; | ||
84 | + char *tmp_name = NULL, buff[16]; | ||
85 | int error = 0, retv = 0; | ||
86 | ebitmap_t tmp_bmap = { NULL, 0 }; | ||
87 | type_datum_t *tmp_type = NULL; | ||
88 | @@ -265,12 +265,12 @@ static int qpol_policy_fill_attr_holes(qpol_policy_t * policy) | ||
89 | |||
90 | db = &policy->p->p; | ||
91 | |||
92 | - memset(&buff, 0, 10 * sizeof(char)); | ||
93 | + memset(&buff, 0, 16 * sizeof(char)); | ||
94 | |||
95 | for (i = 0; i < db->p_types.nprim; i++) { | ||
96 | if (db->type_val_to_struct[i]) | ||
97 | continue; | ||
98 | - snprintf(buff, 9, "@ttr%04zd", i + 1); | ||
99 | + snprintf(buff, 15, "@ttr%010zd", i + 1); | ||
100 | tmp_name = strdup(buff); | ||
101 | if (!tmp_name) { | ||
102 | error = errno; | ||
45 | -- | 103 | -- |
46 | 1.8.3.1 | 104 | 2.20.1 |
47 | 105 | ||