14 files changed, 135 insertions, 64 deletions
diff --git a/ChangeLog b/ChangeLog
index e9535c47e1..8dd5b22040 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,7 +1,39 @@
-2004-12-10  Jakub Jelinek  <jakub@redhat.com>
+2004-12-13  Ulrich Drepper  <drepper@redhat.com>
 
-	* posix/getconf.c (main): Skip over initial underscore in
-	$libexecdir/getconf/default symlink target.
+	* nss/getnssent.c (__nss_getent): Double buffer size each round to
+	avoid problems with delays for some people's huge entries.
+	* nss/getXXbyYY.c (FUNCTION_NAME): Likewise.
+
+2004-12-13  Jakub Jelinek  <jakub@redhat.com>
+
+	* posix/getconf.c (main): Prepend just $GETCONF_DIR/ instead of
+	$GETCONF_DIR/_ to spec.
+	* posix/confstr.c (confstr): Remove leading underscores for
+	_CS_POSIX_V6_WIDTH_RESTRICTED_ENVS.
+
+2004-12-12  Ulrich Drepper  <drepper@redhat.com>
+
+	* elf/dl-load.c (_dl_map_object_from_fd): Fix computation of
+	mapping start.  It must take the actual pagesize into account, not
+	the alignment in the file.
+
+2004-12-11  Ulrich Drepper  <drepper@redhat.com>
+
+	* malloc/malloc.c (_int_realloc): Add checks for corrupted memory.
+	(_int_free): Make clear message are result of free() calls.
+
+	* malloc/malloc.c (_int_realloc): Remove unnecessary tests for
+	oldmem and size == 0.
+
+2004-12-10  Ulrich Drepper  <drepper@redhat.com>
+
+	* malloc/arena.c (arena_get2): Prevent endless loop if arenas and
+	list lock are taken.
+
+2004-12-08  Thorsten Kukuk  <kukuk@suse.de>
+
+	* nis/nss_nisplus/nisplus-netgrp.c (_nss_nisplus_getnetgrent_r):
+	Add check if the value is not an empty string.  [BZ #597]
 
 2004-11-29  Jakub Jelinek  <jakub@redhat.com>
 
diff --git a/elf/dl-load.c b/elf/dl-load.c
index ea287cddcc..eb1a7919fb 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -987,12 +987,12 @@ _dl_map_object_from_fd (const char *name, int fd, struct filebuf *fbp,
 	    }
 
 	  c = &loadcmds[nloadcmds++];
-	  c->mapstart = ph->p_vaddr & ~(ph->p_align - 1);
+	  c->mapstart = ph->p_vaddr & ~(GLRO(dl_pagesize) - 1);
 	  c->mapend = ((ph->p_vaddr + ph->p_filesz + GLRO(dl_pagesize) - 1)
 		       & ~(GLRO(dl_pagesize) - 1));
 	  c->dataend = ph->p_vaddr + ph->p_filesz;
 	  c->allocend = ph->p_vaddr + ph->p_memsz;
-	  c->mapoff = ph->p_offset & ~(ph->p_align - 1);
+	  c->mapoff = ph->p_offset & ~(GLRO(dl_pagesize) - 1);
 
 	  /* Determine whether there is a gap between the last segment
 	     and this one.  */
diff --git a/fedora/branch.mk b/fedora/branch.mk
index 653f1e4aa7..b016d1b7eb 100644
--- a/fedora/branch.mk
+++ b/fedora/branch.mk
@@ -1,5 +1,5 @@
 # This file is updated automatically by Makefile.
 glibc-branch := fedora
 glibc-base := HEAD
-fedora-sync-date := 2004-12-10 06:34 UTC
-fedora-sync-tag := fedora-glibc-20041210T0634
+fedora-sync-date := 2004-12-13 23:23 UTC
+fedora-sync-tag := fedora-glibc-20041213T2323
diff --git a/fedora/glibc.spec.in b/fedora/glibc.spec.in
index 2ea3705bba..7ebb22e30d 100644
--- a/fedora/glibc.spec.in
+++ b/fedora/glibc.spec.in
@@ -1,4 +1,4 @@
-%define glibcrelease 90
+%define glibcrelease 91
 %define auxarches i586 i686 athlon sparcv9 alphaev6
 %define prelinkarches noarch
 %define nptlarches i386 i686 athlon x86_64 ia64 s390 s390x sparcv9 ppc ppc64
@@ -1265,6 +1265,16 @@ rm -f *.filelist*
 %endif
 
 %changelog
+* Tue Dec 14 2004 Jakub Jelinek <jakub@redhat.com> 2.3.3-91
+- update from CVS
+  - double buffer size in getXXbyYY or getXXent on ERANGE
+    instead of adding BUFLEN (#142617)
+  - avoid busy loop in malloc if another thread is doing fork
+    (#142214)
+  - some more realloc corruption checks
+  - fix getconf _POSIX_V6_WIDTH_RESTRICTED_ENVS output,
+    tweak %{_prefix}/libexec/getconf/ filenames
+
 * Fri Dec 10 2004 Jakub Jelinek <jakub@redhat.com> 2.3.3-90
 - update from CVS
   - regex speedups
diff --git a/linuxthreads/ChangeLog b/linuxthreads/ChangeLog
index 1849b8a630..9577130e10 100644
--- a/linuxthreads/ChangeLog
+++ b/linuxthreads/ChangeLog
@@ -1,3 +1,7 @@
+2004-12-12  Ulrich Drepper  <drepper@redhat.com>
+
+	* internals.h: Include <stdbool.h> to match includes used in nptl.
+
 2004-12-01  Jakub Jelinek  <jakub@redhat.coM.
 
 	* sysdeps/unix/sysv/linux/bits/posix_opt.h (_POSIX_CPUTIME,
diff --git a/linuxthreads/internals.h b/linuxthreads/internals.h
index b35a430c69..605021766c 100644
--- a/linuxthreads/internals.h
+++ b/linuxthreads/internals.h
@@ -21,6 +21,7 @@
 
 #include <limits.h>
 #include <signal.h>
+#include <stdbool.h>
 #include <unistd.h>
 #include <stackinfo.h>
 #include <sigcontextinfo.h>
diff --git a/malloc/arena.c b/malloc/arena.c
index 024e191b9e..026f2c7822 100644
--- a/malloc/arena.c
+++ b/malloc/arena.c
@@ -782,9 +782,12 @@ arena_get2(a_tsd, size) mstate a_tsd; size_t size;
   }
 
   /* Check the global, circularly linked list for available arenas. */
+  bool retried = false;
  repeat:
   do {
     if(!mutex_trylock(&a->mutex)) {
+      if (retried)
+	(void)mutex_unlock(&list_lock);
       THREAD_STAT(++(a->stat_lock_loop));
       tsd_setspecific(arena_key, (Void_t *)a);
       return a;
@@ -796,29 +799,33 @@ arena_get2(a_tsd, size) mstate a_tsd; size_t size;
      happen during `atfork', or for example on systems where thread
      creation makes it temporarily impossible to obtain _any_
      locks. */
-  if(mutex_trylock(&list_lock)) {
+  if(!retried && mutex_trylock(&list_lock)) {
+    /* We will block to not run in a busy loop.  */
+    (void)mutex_lock(&list_lock);
+
+    /* Since we blocked there might be an arena available now.  */
+    retried = true;
     a = a_tsd;
     goto repeat;
   }
-  (void)mutex_unlock(&list_lock);
 
   /* Nothing immediately available, so generate a new arena.  */
   a = _int_new_arena(size);
-  if(!a)
-    return 0;
+  if(a)
+    {
+      tsd_setspecific(arena_key, (Void_t *)a);
+      mutex_init(&a->mutex);
+      mutex_lock(&a->mutex); /* remember result */
 
-  tsd_setspecific(arena_key, (Void_t *)a);
-  mutex_init(&a->mutex);
-  mutex_lock(&a->mutex); /* remember result */
+      /* Add the new arena to the global list.  */
+      a->next = main_arena.next;
+      atomic_write_barrier ();
+      main_arena.next = a;
 
-  /* Add the new arena to the global list.  */
-  (void)mutex_lock(&list_lock);
-  a->next = main_arena.next;
-  atomic_write_barrier ();
-  main_arena.next = a;
+      THREAD_STAT(++(a->stat_lock_loop));
+    }
   (void)mutex_unlock(&list_lock);
 
-  THREAD_STAT(++(a->stat_lock_loop));
   return a;
 }
 
diff --git a/malloc/malloc.c b/malloc/malloc.c
index cf1b935ffd..e3ccbde7b5 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4256,7 +4256,7 @@ _int_free(mstate av, Void_t* mem)
 	|| __builtin_expect (chunksize (chunk_at_offset (p, size))
 			     >= av->system_mem, 0))
       {
-	errstr = "invalid next size (fast)";
+	errstr = "free(): invalid next size (fast)";
 	goto errout;
       }
 
@@ -4306,7 +4306,7 @@ _int_free(mstate av, Void_t* mem)
     if (__builtin_expect (nextchunk->size <= 2 * SIZE_SZ, 0)
 	|| __builtin_expect (nextsize >= av->system_mem, 0))
       {
-	errstr = "invalid next size (normal)";
+	errstr = "free(): invalid next size (normal)";
 	goto errout;
       }
 
@@ -4550,27 +4550,42 @@ _int_realloc(mstate av, Void_t* oldmem, size_t bytes)
   INTERNAL_SIZE_T* s;               /* copy source */
   INTERNAL_SIZE_T* d;               /* copy destination */
 
+  const char *errstr = NULL;
 
-#if REALLOC_ZERO_BYTES_FREES
-  if (bytes == 0) {
-    if (oldmem != 0)
-      _int_free(av, oldmem);
-    return 0;
-  }
-#endif
-
-  /* realloc of null is supposed to be same as malloc */
-  if (oldmem == 0) return _int_malloc(av, bytes);
 
   checked_request2size(bytes, nb);
 
   oldp    = mem2chunk(oldmem);
   oldsize = chunksize(oldp);
 
+  /* Simple tests for old block integrity.  */
+  if (__builtin_expect ((uintptr_t) oldp & MALLOC_ALIGN_MASK, 0))
+    {
+      errstr = "realloc(): invalid pointer";
+    errout:
+      malloc_printerr (check_action, errstr, oldmem);
+      return NULL;
+    }
+  if (__builtin_expect (oldp->size <= 2 * SIZE_SZ, 0)
+      || __builtin_expect (oldsize >= av->system_mem, 0))
+    {
+      errstr = "realloc(): invalid size";
+      goto errout;
+    }
+
   check_inuse_chunk(av, oldp);
 
   if (!chunk_is_mmapped(oldp)) {
 
+    next = chunk_at_offset(oldp, oldsize);
+    INTERNAL_SIZE_T nextsize = chunksize(next);
+    if (__builtin_expect (next->size <= 2 * SIZE_SZ, 0)
+	|| __builtin_expect (nextsize >= av->system_mem, 0))
+      {
+	errstr = "realloc(): invalid next size";
+	goto errout;
+      }
+
     if ((unsigned long)(oldsize) >= (unsigned long)(nb)) {
       /* already big enough; split below */
       newp = oldp;
@@ -4578,11 +4593,9 @@ _int_realloc(mstate av, Void_t* oldmem, size_t bytes)
     }
 
     else {
-      next = chunk_at_offset(oldp, oldsize);
-
       /* Try to expand forward into top */
       if (next == av->top &&
-          (unsigned long)(newsize = oldsize + chunksize(next)) >=
+          (unsigned long)(newsize = oldsize + nextsize) >=
           (unsigned long)(nb + MINSIZE)) {
         set_head_size(oldp, nb | (av != &main_arena ? NON_MAIN_ARENA : 0));
         av->top = chunk_at_offset(oldp, nb);
@@ -4594,7 +4607,7 @@ _int_realloc(mstate av, Void_t* oldmem, size_t bytes)
       /* Try to expand forward into next chunk;  split off remainder below */
       else if (next != av->top &&
                !inuse(next) &&
-               (unsigned long)(newsize = oldsize + chunksize(next)) >=
+               (unsigned long)(newsize = oldsize + nextsize) >=
                (unsigned long)(nb)) {
         newp = oldp;
         unlink(next, bck, fwd);
diff --git a/nis/nss_nisplus/nisplus-netgrp.c b/nis/nss_nisplus/nisplus-netgrp.c
index c56a6854a4..607bc2c1ca 100644
--- a/nis/nss_nisplus/nisplus-netgrp.c
+++ b/nis/nss_nisplus/nisplus-netgrp.c
@@ -88,7 +88,9 @@ _nss_nisplus_getnetgrent_r (struct __netgrent *result, char *buffer,
 
       result->type = triple_val;
 
-      if (hostlen == 0)
+      if (hostlen == 0 ||
+	  NISENTRYVAL (result->position, 2,
+		       (nis_result *) result->data)[0] == '\0')
 	result->val.triple.host = NULL;
       else
 	{
@@ -99,7 +101,9 @@ _nss_nisplus_getnetgrent_r (struct __netgrent *result, char *buffer,
 	  *cp++ = '\0';
 	}
 
-      if (userlen == 0)
+      if (userlen == 0 ||
+	  NISENTRYVAL (result->position, 3,
+		       (nis_result *) result->data)[0] == '\0')
 	result->val.triple.user = NULL;
       else
 	{
@@ -110,7 +114,9 @@ _nss_nisplus_getnetgrent_r (struct __netgrent *result, char *buffer,
 	  *cp++ = '\0';
 	}
 
-      if (domainlen == 0)
+      if (domainlen == 0 ||
+	  NISENTRYVAL (result->position, 4,
+		       (nis_result *) result->data)[0] == '\0')
 	result->val.triple.domain = NULL;
       else
 	{
diff --git a/nss/getXXbyYY.c b/nss/getXXbyYY.c
index 854a3e859b..dd0ac840eb 100644
--- a/nss/getXXbyYY.c
+++ b/nss/getXXbyYY.c
@@ -123,7 +123,7 @@ FUNCTION_NAME (ADD_PARAMS)
 	 )
     {
       char *new_buf;
-      buffer_size += BUFLEN;
+      buffer_size *= 2;
       new_buf = (char *) realloc (buffer, buffer_size);
       if (new_buf == NULL)
 	{
diff --git a/nss/getnssent.c b/nss/getnssent.c
index a56d34d884..1f7573da74 100644
--- a/nss/getnssent.c
+++ b/nss/getnssent.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2000 Free Software Foundation, Inc.
+/* Copyright (C) 2000, 2004 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -38,7 +38,7 @@ __nss_getent (getent_r_function func, void **resbuf, char **buffer,
 	 && (h_errnop == NULL || *h_errnop == NETDB_INTERNAL))
     {
       char *new_buf;
-      *buffer_size += buflen;
+      *buffer_size *= 2;
       new_buf = realloc (*buffer, *buffer_size);
       if (new_buf == NULL)
 	{
diff --git a/posix/confstr.c b/posix/confstr.c
index 185b02fd8a..26b0fa875b 100644
--- a/posix/confstr.c
+++ b/posix/confstr.c
@@ -55,7 +55,7 @@ confstr (name, buf, len)
 
 	 Currently this means all environment which the system allows.  */
       {
-	char restenvs[4 * sizeof "_POSIX_V6_LPBIG_OFFBIG"];
+	char restenvs[4 * sizeof "POSIX_V6_LPBIG_OFFBIG"];
 
 	string_len = 0;
 #ifndef _POSIX_V6_ILP32_OFF32
@@ -63,9 +63,9 @@ confstr (name, buf, len)
 #endif
 #if !defined _POSIX_V6_ILP32_OFF32 || _POSIX_V6_ILP32_OFF32 > 0
           {
-            memcpy (restenvs + string_len, "_POSIX_V6_ILP32_OFF32",
-                    sizeof "_POSIX_V6_ILP32_OFF32" - 1);
-            string_len += sizeof "_POSIX_V6_ILP32_OFF32" - 1;
+            memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFF32",
+                    sizeof "POSIX_V6_ILP32_OFF32" - 1);
+            string_len += sizeof "POSIX_V6_ILP32_OFF32" - 1;
           }
 #endif
 #ifndef _POSIX_V6_ILP32_OFFBIG
@@ -75,9 +75,9 @@ confstr (name, buf, len)
           {
             if (string_len)
               restenvs[string_len++] = '\n';
-            memcpy (restenvs + string_len, "_POSIX_V6_ILP32_OFFBIG",
-                    sizeof "_POSIX_V6_ILP32_OFFBIG" - 1);
-            string_len += sizeof "_POSIX_V6_ILP32_OFFBIG" - 1;
+            memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFFBIG",
+                    sizeof "POSIX_V6_ILP32_OFFBIG" - 1);
+            string_len += sizeof "POSIX_V6_ILP32_OFFBIG" - 1;
           }
 #endif
 #ifndef _POSIX_V6_LP64_OFF64
@@ -87,9 +87,9 @@ confstr (name, buf, len)
           {
             if (string_len)
               restenvs[string_len++] = '\n';
-            memcpy (restenvs + string_len, "_POSIX_V6_LP64_OFF64",
-                    sizeof "_POSIX_V6_LP64_OFF64" - 1);
-            string_len += sizeof "_POSIX_V6_LP64_OFF64" - 1;
+            memcpy (restenvs + string_len, "POSIX_V6_LP64_OFF64",
+                    sizeof "POSIX_V6_LP64_OFF64" - 1);
+            string_len += sizeof "POSIX_V6_LP64_OFF64" - 1;
           }
 #endif
 #ifndef _POSIX_V6_LPBIG_OFFBIG
@@ -99,9 +99,9 @@ confstr (name, buf, len)
           {
             if (string_len)
               restenvs[string_len++] = '\n';
-            memcpy (restenvs + string_len, "_POSIX_V6_LPBIG_OFFBIG",
-                    sizeof "_POSIX_V6_LPBIG_OFFBIG" - 1);
-            string_len += sizeof "_POSIX_V6_LPBIG_OFFBIG" - 1;
+            memcpy (restenvs + string_len, "POSIX_V6_LPBIG_OFFBIG",
+                    sizeof "POSIX_V6_LPBIG_OFFBIG" - 1);
+            string_len += sizeof "POSIX_V6_LPBIG_OFFBIG" - 1;
           }
 #endif
         restenvs[string_len++] = '\0';
diff --git a/posix/getconf.c b/posix/getconf.c
index bf551bdbb6..4ce4f8e413 100644
--- a/posix/getconf.c
+++ b/posix/getconf.c
@@ -1003,8 +1003,6 @@ warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\
 	{
 	  buf[len] = '\0';
 	  spec = buf;
-	  if (spec[0] == '_')
-	    spec++;
 	}
     }
 
@@ -1036,10 +1034,10 @@ warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\
 	    {
 	      const char *args[argc + 3];
 	      size_t spec_len = strlen (spec);
-	      char getconf_name[getconf_dirlen + 2 + spec_len + 1];
+	      char getconf_name[getconf_dirlen + 1 + spec_len + 1];
 	      memcpy (mempcpy (mempcpy (getconf_name, getconf_dir,
 					getconf_dirlen),
-			       "/_", 2), spec, spec_len + 1);
+			       "/", 1), spec, spec_len + 1);
 	      args[0] = argv0;
 	      args[1] = "-v";
 	      args[2] = spec;
diff --git a/posix/getconf.speclist.h b/posix/getconf.speclist.h
index 943c0de606..c3e67f7ccb 100644
--- a/posix/getconf.speclist.h
+++ b/posix/getconf.speclist.h
@@ -1,15 +1,15 @@
 #include <unistd.h>
 const char *START_OF_STRINGS =
 #if _POSIX_V6_ILP32_OFF32 == 1
-"_POSIX_V6_ILP32_OFF32"
+"POSIX_V6_ILP32_OFF32"
 #endif
 #if _POSIX_V6_ILP32_OFFBIG == 1
-"_POSIX_V6_ILP32_OFFBIG"
+"POSIX_V6_ILP32_OFFBIG"
 #endif
 #if _POSIX_V6_LP64_OFF64 == 1
-"_POSIX_V6_LP64_OFF64"
+"POSIX_V6_LP64_OFF64"
 #endif
 #if _POSIX_V6_LPBIG_OFFBIG == 1
-"_POSIX_V6_LPBIG_OFFBIG"
+"POSIX_V6_LPBIG_OFFBIG"
 #endif
 "";