Check for integer overflow in cache size computation in strcoll

strcoll is implemented using a cache for indices and weights of collation sequences in the strings so that subsequent passes do not have to search through collation data again. For very large string inputs, the cache size computation could overflow. In such a case, use the fallback function that does not cache indices and weights of collation sequences. Fixes CVE-2012-4412.
author: Siddhesh Poyarekar <siddhesh@redhat.com> 2013-09-23 11:24:30 +0530
committer: Siddhesh Poyarekar <siddhesh@redhat.com> 2013-09-23 11:29:53 +0530
commit: 303e567a8062200dc06acde7c76fc34679f08d8f (patch)
tree: 8e0c198956de9addb51216c5cfccd47d7c4be69b /ChangeLog
parent: 141f3a77fe4f1b59b0afa9bf6909cd2000448883 (diff)
download: glibc-303e567a8062200dc06acde7c76fc34679f08d8f.tar.gz
glibc-303e567a8062200dc06acde7c76fc34679f08d8f.tar.xz
glibc-303e567a8062200dc06acde7c76fc34679f08d8f.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 148479ed2a..17f65edc7a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,12 @@
 2013-09-23  Siddhesh Poyarekar  <siddhesh@redhat.com>
 
 	[BZ #14547]
+	* string/tst-strcoll-overflow.c: New test case.
+	* string/Makefile (xtests): Add tst-strcoll-overflow.
+	* string/strcoll_l.c (STRCOLL): Skip allocating memory for
+	cache if string sizes may cause integer overflow.
+
+	[BZ #14547]
 	* string/strcoll_l.c (coll_seq): New members rule, idx,
 	save_idx and back_us.
 	(get_next_seq_nocache): New function.
author	Siddhesh Poyarekar <siddhesh@redhat.com>	2013-09-23 11:24:30 +0530
committer	Siddhesh Poyarekar <siddhesh@redhat.com>	2013-09-23 11:29:53 +0530
commit	303e567a8062200dc06acde7c76fc34679f08d8f (patch)
tree	8e0c198956de9addb51216c5cfccd47d7c4be69b /ChangeLog
parent	141f3a77fe4f1b59b0afa9bf6909cd2000448883 (diff)
download	glibc-303e567a8062200dc06acde7c76fc34679f08d8f.tar.gz glibc-303e567a8062200dc06acde7c76fc34679f08d8f.tar.xz glibc-303e567a8062200dc06acde7c76fc34679f08d8f.zip