summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Gortmaker <paul.gortmaker@windriver.com>2014-06-26 15:08:47 -0400
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-06-29 09:04:21 +0100
commit0ae5aadc6b1faa893dcdea768d9ce22463f0cdff (patch)
treeec2237bb7105fe75c9a19e8f1359a50557a05c31
parent184dddfb9a852d954900ff68abfdf36ea143a647 (diff)
downloadpoky-0ae5aadc6b1faa893dcdea768d9ce22463f0cdff.tar.gz
recipes-devtools: fix segfault in lib32-gcc with "." multilib_dir
When enabling a lib32-gcc in a 64 bit build, without doing any other configuration, the mutilib dir is unspecified, which is represented internally in gcc as "." and as such uncovers an invalid free on a non-malloc'd pointer. As suggested by the gcc folks, simply make sure the "." case is also stored in a malloc'd pointer, so that the intended runtime behaviour of the code remains unchanged. Patch has been accepted by upstream maintainers of gcc. (From OE-Core rev: bf1473d0c1b099b8d919835cc430b99606134aab) Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/gcc/gcc-4.9.inc1
-rw-r--r--meta/recipes-devtools/gcc/gcc-4.9/0053-gcc-fix-segfault-from-calling-free-on-non-malloc-d-a.patch66
2 files changed, 67 insertions, 0 deletions
diff --git a/meta/recipes-devtools/gcc/gcc-4.9.inc b/meta/recipes-devtools/gcc/gcc-4.9.inc
index 185dbba822..cbf1355fcb 100644
--- a/meta/recipes-devtools/gcc/gcc-4.9.inc
+++ b/meta/recipes-devtools/gcc/gcc-4.9.inc
@@ -66,6 +66,7 @@ SRC_URI = "${GNU_MIRROR}/gcc/gcc-${PV}/gcc-${PV}.tar.bz2 \
66 file://0050-Revert-Use-dbx_reg_number-for-spanning-registers.patch \ 66 file://0050-Revert-Use-dbx_reg_number-for-spanning-registers.patch \
67 file://0051-eabispe.patch \ 67 file://0051-eabispe.patch \
68 file://0052-Fix-GCC-targeting-E500-SPE-errors-with-the-_Decimal64-type.patch \ 68 file://0052-Fix-GCC-targeting-E500-SPE-errors-with-the-_Decimal64-type.patch \
69 file://0053-gcc-fix-segfault-from-calling-free-on-non-malloc-d-a.patch \
69 " 70 "
70SRC_URI[md5sum] = "9709b49ae0e904cbb0a6a1b62853b556" 71SRC_URI[md5sum] = "9709b49ae0e904cbb0a6a1b62853b556"
71SRC_URI[sha256sum] = "b9b047a97bade9c1c89970bc8e211ff57b7b8998a1730a80a653d329f8ed1257" 72SRC_URI[sha256sum] = "b9b047a97bade9c1c89970bc8e211ff57b7b8998a1730a80a653d329f8ed1257"
diff --git a/meta/recipes-devtools/gcc/gcc-4.9/0053-gcc-fix-segfault-from-calling-free-on-non-malloc-d-a.patch b/meta/recipes-devtools/gcc/gcc-4.9/0053-gcc-fix-segfault-from-calling-free-on-non-malloc-d-a.patch
new file mode 100644
index 0000000000..23b445c9eb
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-4.9/0053-gcc-fix-segfault-from-calling-free-on-non-malloc-d-a.patch
@@ -0,0 +1,66 @@
1From a22a222c8f9299f6c07a0274388ade7d4ab8c28d Mon Sep 17 00:00:00 2001
2From: Paul Gortmaker <paul.gortmaker@windriver.com>
3Date: Fri, 20 Jun 2014 16:41:08 -0400
4Subject: [PATCH] gcc: fix segfault from calling free on non-malloc'd area
5
6We see the following on a 32bit gcc installed on 64 bit host:
7
8 Reading symbols from ./i586-pokymllib32-linux-gcc...done.
9 (gdb) run
10 Starting program: x86-pokymllib32-linux/lib32-gcc/4.9.0-r0/image/usr/bin/i586-pokymllib32-linux-gcc
11
12 Program received signal SIGSEGV, Segmentation fault.
13 0xf7e957e0 in free () from /lib/i386-linux-gnu/libc.so.6
14 (gdb) bt
15 #0 0xf7e957e0 in free () from /lib/i386-linux-gnu/libc.so.6
16 #1 0x0804b73c in set_multilib_dir () at gcc-4.9.0/gcc/gcc.c:7827
17 #2 main (argc=1, argv=0xffffd504) at gcc-4.9.0/gcc/gcc.c:6688
18 (gdb)
19
20The problem arises because we conditionally assign the pointer we
21eventually free, and the conditional may assign the pointer to the
22non-malloc'd internal string "." which fails when we free it here:
23
24 if (multilib_dir == NULL && multilib_os_dir != NULL
25 && strcmp (multilib_os_dir, ".") == 0)
26 {
27 free (CONST_CAST (char *, multilib_os_dir));
28 ...
29
30As suggested by Jakub, ensure the "." case is also malloc'd via
31xstrdup() and hence the pointer for the "." case can be freed.
32
33Cc: Jakub Jelinek <jakub@redhat.com>
34Cc: Jeff Law <law@redhat.com>
35Cc: Matthias Klose <doko@ubuntu.com>
36CC: Tobias Burnus <burnus@net-b.de>
37Upstream-Status: Accepted [ https://gcc.gnu.org/ml/gcc-patches/2014-06/msg02069.html ]
38Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
39
40diff --git a/gcc/gcc.c b/gcc/gcc.c
41index 9ac18e60d801..168acf7eb0c9 100644
42--- a/gcc/gcc.c
43+++ b/gcc/gcc.c
44@@ -7790,10 +7790,15 @@ set_multilib_dir (void)
45 q2++;
46 if (*q2 == ':')
47 ml_end = q2;
48- new_multilib_os_dir = XNEWVEC (char, ml_end - q);
49- memcpy (new_multilib_os_dir, q + 1, ml_end - q - 1);
50- new_multilib_os_dir[ml_end - q - 1] = '\0';
51- multilib_os_dir = *new_multilib_os_dir ? new_multilib_os_dir : ".";
52+ if (ml_end - q == 1)
53+ multilib_os_dir = xstrdup (".");
54+ else
55+ {
56+ new_multilib_os_dir = XNEWVEC (char, ml_end - q);
57+ memcpy (new_multilib_os_dir, q + 1, ml_end - q - 1);
58+ new_multilib_os_dir[ml_end - q - 1] = '\0';
59+ multilib_os_dir = new_multilib_os_dir;
60+ }
61
62 if (q2 < end && *q2 == ':')
63 {
64--
651.9.2
66