about summary refs log tree commit diff
path: root/debug
Commit message (Collapse)AuthorAgeFilesLines
* support: Add FAIL test failure helperMaciej W. Rozycki2024-07-261-7/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a FAIL test failure helper analogous to FAIL_RET, that does not cause the current function to return, providing a standardized way to report a test failure with a message supplied while permitting the caller to continue executing, for further reporting, cleaning up, etc. Update existing test cases that provide a conflicting definition of FAIL by removing the local FAIL definition and then as follows: - tst-fortify-syslog: provide a meaningful message in addition to the file name already added by <support/check.h>; 'support_record_failure' is already called by 'support_print_failure_impl' invoked by the new FAIL test failure helper. - tst-ctype: no update to FAIL calls required, with the name of the file and the line number within of the failure site additionally included by the new FAIL test failure helper, and error counting plus count reporting upon test program termination also already provided by 'support_record_failure' and 'support_report_failure' respectively, called by 'support_print_failure_impl' and 'adjust_exit_status' also respectively. However in a number of places 'printf' is called and the error count adjusted by hand, so update these places to make use of FAIL instead. And last but not least adjust the final summary just to report completion, with any error count following as reported by the test driver. - test-tgmath2: no update to FAIL calls required, with the name of the file of the failure site additionally included by the new FAIL test failure helper. Also there is no need to track the return status by hand as any call to FAIL will eventually cause the test case to return an unsuccesful exit status regardless of the return status from the test function, via a call to 'adjust_exit_status' made by the test driver. Reviewed-by: DJ Delorie <dj@redhat.com>
* Unify output from backtrace_symbols_fd with backtrace_symbols (bug 31730)Andreas Schwab2024-05-141-2/+8
|
* string: Add hidden builtin definition for __strcpy_chk.Stefan Liebler2024-02-061-0/+1
| | | | | | | | | | | | Otherwise on at least x86_64 and s390x there is an unwanted PLT entry in libc.so when configured with --enable-fortify-source=3 and build with -Os. This is observed in elf/check-localplt Extra PLT reference: libc.so: __strcpy_chk The call to PLT entry is in inet/ruserpass.c. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* debug/getwd_chk.c: warning should be emitted for the __getwd_chk symbol.Frederic Cambus2024-01-121-1/+1
| | | | | | | | Otherwise the warning message for the getwd symbol ends up being duplicated. Signed-off-by: Frederic Cambus <fred@statdns.com> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
* Update copyright dates not handled by scripts/update-copyrightsPaul Eggert2024-01-012-2/+2
| | | | | | I've updated copyright dates in glibc for 2024. This is the patch for the changes not generated by scripts/update-copyrights and subsequent build / regeneration of generated files.
* Update copyright dates with scripts/update-copyrightsPaul Eggert2024-01-01109-109/+109
|
* debug: Add fortify wprintf testsAdhemerval Zanella2023-12-292-0/+106
| | | | | | | Similar to other printf-like ones. It requires to be in a different process so we can change the orientation of stdout. Checked on aarch64, armhf, x86_64, and i686.
* debug: Add fortify syslog testsAdhemerval Zanella2023-12-292-0/+133
| | | | | | | | | | | It requires to be in a container tests to avoid logging bogus information on the system. The syslog also requires to be checked in a different process because the internal printf call will abort with the internal syslog lock taken (which makes subsequent syslog calls deadlock). Checked on aarch64, armhf, x86_64, and i686. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* debug: Add fortify dprintf testsAdhemerval Zanella2023-12-291-0/+22
| | | | | | | Similar to other printf-like ones. Checked on aarch64, armhf, x86_64, and i686. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* debug: Increase tst-fortify checks for compiler without __va_arg_pack supportAdhemerval Zanella2023-12-291-5/+1
| | | | | | | | The fortify wrappers for varargs functions already add fallbacks to builtins calls if __va_arg_pack is not supported. Checked on aarch64, armhf, x86_64, and i686. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* debug: Adapt fortify tests to libsupportAdhemerval Zanella2023-12-296-40/+39
| | | | | Checked on aarch64, armhf, x86_64, and i686. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* debug: Add regression tests for BZ 30932Adhemerval Zanella2023-10-042-0/+84
| | | | | Checked on x86_64-linux-gnu. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* chk: Add and fix hidden builtin definitions for *_chkSamuel Thibault2023-08-032-0/+2
| | | | | | | Otherwise on gnu-i686 there are unwanted PLT entries in libc.so when fortification is enabled. Tested for i686-gnu, x86_64-gnu, i686-linux-gnu and x86_64-linux-gnu
* Subject: hurd: Make __realpath return EINVAL on NULL bufSamuel Thibault2023-08-031-1/+10
| | | | | As Posix and stdlib/test-canon.c expects it, and rather than letting pathconf crash.
* misc/bits/select2.h: Clearly separate declaration from definitionsFrédéric Bérat2023-07-051-0/+1
| | | | | | | | | The __fdelt_chk declaration needs to be available so that libc_hidden_proto can be used while not redefining __FD_ELT. Thus, misc/bits/select-decl.h is created to hold the corresponding prototypes. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* unistd: Avoid PLT entries with _FORTIFY_SOURCEFrédéric Bérat2023-07-052-0/+2
| | | | | | | The change is meant to avoid unwanted PLT entries for the read_chk, getdomainname_chk and getlogin_r_chk routines when _FORTIFY_SOURCE is set. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* wchar: Avoid PLT entries with _FORTIFY_SOURCEFrédéric Bérat2023-07-052-0/+2
| | | | | | | | | | The change is meant to avoid unwanted PLT entries for the wmemset and wcrtomb routines when _FORTIFY_SOURCE is set. On top of that, ensure that *_chk routines have their hidden builtin definitions available. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* stdio: Ensure *_chk routines have their hidden builtin definition availableFrédéric Bérat2023-07-054-1/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If libc_hidden_builtin_{def,proto} isn't properly set for *_chk routines, there are unwanted PLT entries in libc.so. There is a special case with __asprintf_chk: If ldbl_* macros are used for asprintf, ABI gets broken on s390x, if it isn't, ppc64le isn't building due to multiple asm redirections. This is due to the inclusion of bits/stdio-lbdl.h for ppc64le whereas it isn't for s390x. This header creates redirections, which are not compatible with the ones generated using libc_hidden_def. Yet, we can't use libc_hidden_ldbl_proto on s390x since it will not create a simple strong alias (e.g. as done on x86_64), but a versioned alias, leading to ABI breakage. This results in errors on s390x: /usr/bin/ld: glibc/iconv/../libio/bits/stdio2.h:137: undefined reference to `__asprintf_chk' Original __asprintf_chk symbols: 00000000001395b0 T __asprintf_chk 0000000000177e90 T __nldbl___asprintf_chk __asprintf_chk symbols with ldbl_* macros: 000000000012d590 t ___asprintf_chk 000000000012d590 t __asprintf_chk@@GLIBC_2.4 000000000012d590 t __GI___asprintf_chk 000000000012d590 t __GL____asprintf_chk___asprintf_chk 0000000000172240 T __nldbl___asprintf_chk __asprintf_chk symbols with the patch: 000000000012d590 t ___asprintf_chk 000000000012d590 T __asprintf_chk 000000000012d590 t __GI___asprintf_chk 0000000000172240 T __nldbl___asprintf_chk Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* string: Ensure *_chk routines have their hidden builtin definition availableFrédéric Bérat2023-07-055-0/+5
| | | | | | | If libc_hidden_builtin_{def,proto} isn't properly set for *_chk routines, there are unwanted PLT entries in libc.so. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Exclude routines from fortificationFrédéric Bérat2023-07-051-6/+6
| | | | | | | | | | | | | | | | | Since the _FORTIFY_SOURCE feature uses some routines of Glibc, they need to be excluded from the fortification. On top of that: - some tests explicitly verify that some level of fortification works appropriately, we therefore shouldn't modify the level set for them. - some objects need to be build with optimization disabled, which prevents _FORTIFY_SOURCE to be used for them. Assembler files that implement architecture specific versions of the fortified routines were not excluded from _FORTIFY_SOURCE as there is no C header included that would impact their behavior. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* debug/readlink{, at}_chk.c: Harmonize declaration and definitionFrederic Berat2023-06-222-2/+4
| | | | | | | | | | The declaration and definition of these routines aren't consistent. Make the definition of __readlink_chk and __readlinkat_chk match the declaration of the routines they fortify. While there are no problems today this avoids any future potential problems related to the mismatch. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Add the wcslcpy, wcslcat functionsFlorian Weimer2023-06-145-0/+83
| | | | | | | These functions are about to be added to POSIX, under Austin Group issue 986. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Implement strlcpy and strlcat [BZ #178]Florian Weimer2023-06-145-0/+99
| | | | | | | | | | | These functions are about to be added to POSIX, under Austin Group issue 986. The fortified strlcat implementation does not raise SIGABRT if the destination buffer does not contain a null terminator, it just inherits the non-failing regular strlcat behavior. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Fix all the remaining misspellings -- BZ 25337Paul Pluzhnikov2023-06-023-3/+3
|
* debug: Reformat Makefile.Carlos O'Donell2023-05-161-16/+18
| | | | | | | | Fix list terminator whitspace. Sort using scripts/sort-makefile-lines.py. No code generation changes observed in binary artifacts. No regressions on x86_64 and i686.
* debug: Re-flow and sort routines variable in MakefileFlorian Weimer2023-04-171-24/+87
| | | | Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* stdio-common: Handle -1 buffer size in __sprintf_chk & co (bug 30039)Florian Weimer2023-01-252-0/+131
| | | | | | | | | | | | | | | This shows up as an assertion failure when sprintf is called with a specifier like "%.8g" and libquadmath is linked in: Fatal glibc error: printf_buffer_as_file.c:31 (__printf_buffer_as_file_commit): assertion failed: file->stream._IO_write_ptr <= file->next->write_end Fix this by detecting pointer wraparound in __vsprintf_internal and saturate the addition to the end of the address space instead. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* Update copyright dates not handled by scripts/update-copyrightsJoseph Myers2023-01-062-2/+2
| | | | | | I've updated copyright dates in glibc for 2023. This is the patch for the changes not generated by scripts/update-copyrights and subsequent build / regeneration of generated files.
* Update copyright dates with scripts/update-copyrightsJoseph Myers2023-01-06101-101/+101
|
* debug: Fix typo in tests-unsupported ruleAdhemerval Zanella2022-11-091-1/+1
| | | | From commit 2e274cd8c1ebd0bd0c43a7f2e5433685740938ca.
* Linux: Add ppoll fortify symbol for 64 bit time_t (BZ# 29746)Adhemerval Zanella2022-11-081-12/+29
| | | | | | | | | | | | | | | | | | | | Similar to ppoll, the poll.h header needs to redirect the poll call to a proper fortified ppoll with 64 bit time_t support. The implementation is straightforward, just need to add a similar check as __poll_chk and call the 64 bit time_t ppoll version. The debug fortify tests are also extended to cover 64 bit time_t for affected ABIs. Unfortunately it requires an aditional symbol, which makes backport tricky. One possibility is to add a static inline version if compiler supports is and call abort instead of __chk_fail, so fortified version will call __poll64 in the end. Another possibility is to just remove the fortify support for _TIME_BITS=64. Checked on i686-linux-gnu.
* Fix invalid pointer dereference in wcpcpy_chkSzabolcs Nagy2022-10-281-2/+1
| | | | | | | The src pointer is const and points to a different object, so accessing dest via src is invalid. Reviewed-by: Florian Weimer <fweimer@redhat.com>
* Fix invalid pointer dereference in wcscpy_chkSzabolcs Nagy2022-10-281-27/+7
| | | | | | | The src pointer is const and points to a different object, so accessing dest via src is invalid. Reviewed-by: Florian Weimer <fweimer@redhat.com>
* debug: test for more required cacellation points (BZ# 29274)Adhemerval Zanella2022-09-053-53/+266
| | | | | | | | | | | | | | Generalize the test for cancellation point in __read_chk to also test the other fortified functions with required cancellation points. Since there is not easy way to force some syscalls to block (for instance pread) the test tests two modes: cancellation on blocked syscalls and early cancellation on pending request. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Co-authored-by: Andreas Schwab <schwab@suse.de> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* stdio: Clean up __libc_message after unconditional abortFlorian Weimer2022-08-031-3/+1
| | | | | | | | | | | | Since commit ec2c1fcefb200c6cb7e09553f3c6af8815013d83 ("malloc: Abort on heap corruption, without a backtrace [BZ #21754]"), __libc_message always terminates the process. Since commit a289ea09ea843ced6e5277c2f2e63c357bc7f9a3 ("Do not print backtraces on fatal glibc errors"), the backtrace facility has been removed. Therefore, remove enum __libc_message_action and the action argument of __libc_message, and mark __libc_message as _No_return. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* debug: make __read_chk a cancellation point (bug 29274)Andreas Schwab2022-06-223-10/+57
| | | | | The __read_chk function, as the implementation behind the fortified read function, must be a cancellation point, thus it cannot use INLINE_SYSCALL.
* wcrtomb: Make behavior POSIX compliantSiddhesh Poyarekar2022-05-132-7/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The GNU implementation of wcrtomb assumes that there are at least MB_CUR_MAX bytes available in the destination buffer passed to wcrtomb as the first argument. This is not compatible with the POSIX definition, which only requires enough space for the input wide character. This does not break much in practice because when users supply buffers smaller than MB_CUR_MAX (e.g. in ncurses), they compute and dynamically allocate the buffer, which results in enough spare space (thanks to usable_size in malloc and padding in alloca) that no actual buffer overflow occurs. However when the code is built with _FORTIFY_SOURCE, it runs into the hard check against MB_CUR_MAX in __wcrtomb_chk and hence fails. It wasn't evident until now since dynamic allocations would result in wcrtomb not being fortified but since _FORTIFY_SOURCE=3, that limitation is gone, resulting in such code failing. To fix this problem, introduce an internal buffer that is MB_LEN_MAX long and use that to perform the conversion and then copy the resultant bytes into the destination buffer. Also move the fortification check into the main implementation, which checks the result after conversion and aborts if the resultant byte count is greater than the destination buffer size. One complication is that applications that assume the MB_CUR_MAX limitation to be gone may not be able to run safely on older glibcs if they use static destination buffers smaller than MB_CUR_MAX; dynamic allocations will always have enough spare space that no actual overruns will occur. One alternative to fixing this is to bump symbol version to prevent them from running on older glibcs but that seems too strict a constraint. Instead, since these users will only have made this decision on reading the manual, I have put a note in the manual warning them about the pitfalls of having static buffers smaller than MB_CUR_MAX and running them on older glibc. Benchmarking: The wcrtomb microbenchmark shows significant increases in maximum execution time for all locales, ranging from 10x for ar_SA.UTF-8 to 1.5x-2x for nearly everything else. The mean execution time however saw practically no impact, with some results even being quicker, indicating that cache locality has a much bigger role in the overhead. Given that the additional copy uses a temporary buffer inside wcrtomb, it's likely that a hot path will end up putting that buffer (which is responsible for the additional overhead) in a similar place on stack, giving the necessary cache locality to negate the overhead. However in situations where wcrtomb ends up getting called at wildly different spots on the call stack (or is on different call stacks, e.g. with threads or different execution contexts) and is still a hotspot, the performance lag will be visible. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* misc: Fix rare fortify crash on wchar funcs. [BZ 29030]Joan Bruguera2022-04-251-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If `__glibc_objsize (__o) == (size_t) -1` (i.e. `__o` is unknown size), fortify checks should pass, and `__whatever_alias` should be called. Previously, `__glibc_objsize (__o) == (size_t) -1` was explicitly checked, but on commit a643f60c53876b, this was moved into `__glibc_safe_or_unknown_len`. A comment says the -1 case should work as: "The -1 check is redundant because since it implies that __glibc_safe_len_cond is true.". But this fails when: * `__s > 1` * `__osz == -1` (i.e. unknown size at compile time) * `__l` is big enough * `__l * __s <= __osz` can be folded to a constant (I only found this to be true for `mbsrtowcs` and other functions in wchar2.h) In this case `__l * __s <= __osz` is false, and `__whatever_chk_warn` will be called by `__glibc_fortify` or `__glibc_fortify_n` and crash the program. This commit adds the explicit `__osz == -1` check again. moc crashes on startup due to this, see: https://bugs.archlinux.org/task/74041 Minimal test case (test.c): #include <wchar.h> int main (void) { const char *hw = "HelloWorld"; mbsrtowcs (NULL, &hw, (size_t)-1, NULL); return 0; } Build with: gcc -O2 -Wp,-D_FORTIFY_SOURCE=2 test.c -o test && ./test Output: *** buffer overflow detected ***: terminated Fixes: BZ #29030 Signed-off-by: Joan Bruguera <joanbrugueram@gmail.com> Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* debug: Improve fdelt_chk error messageCristian Rodríguez2022-03-281-1/+2
| | | | | | | | It is not a "buffer overflow detected" but an out of range bit on fd_set Signed-off-by: Cristian Rodríguez <crrodriguez@opensuse.org> Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* debug: Synchronize feature guards in fortified functions [BZ #28746]Siddhesh Poyarekar2022-01-122-10/+49
| | | | | | | | | | | | | | | | | | Some functions (e.g. stpcpy, pread64, etc.) had moved to POSIX in the main headers as they got incorporated into the standard, but their fortified variants remained under __USE_GNU. As a result, these functions did not get fortified when _GNU_SOURCE was not defined. Add test wrappers that check all functions tested in tst-chk0 at all levels with _GNU_SOURCE undefined and then use the failures to (1) exclude checks for _GNU_SOURCE functions in these tests and (2) Fix feature macro guards in the fortified function headers so that they're the same as the ones in the main headers. This fixes BZ #28746. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* debug: Autogenerate _FORTIFY_SOURCE testsSiddhesh Poyarekar2022-01-1215-67/+67
| | | | | | | | | | | | | Rename debug/tst-chk1.c to debug/tst-fortify.c and add make hackery to autogenerate tests with different macros enabled to build and run the same test with different configurations as well as different fortification levels. The change also ends up expanding the -lfs tests to include _FORTIFY_SOURCE=3. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* debug: Remove catchsegv and libSegfault (BZ #14913)Adhemerval Zanella2022-01-063-338/+2
| | | | | | | | | | | | Trapping SIGSEGV within the process is error-prone, adds security issues, and modern analysis design tends to happen out of the process (either by attaching a debugger or by post-mortem analysis). The libSegfault also has some design problems, it uses non async-signal-safe function (backtrace) on signal handler. There are multiple alternatives if users do want to use similar functionality, such as sigsegv gnulib module or libsegfault.
* Update copyright dates not handled by scripts/update-copyrights.Paul Eggert2022-01-013-3/+3
| | | | | | | | | | | | | | I've updated copyright dates in glibc for 2022. This is the patch for the changes not generated by scripts/update-copyrights and subsequent build / regeneration of generated files. As well as the usual annual updates, mainly dates in --version output (minus csu/version.c which previously had to be handled manually but is now successfully updated by update-copyrights), there is a small change to the copyright notice in NEWS which should let NEWS get updated automatically next year. Please remember to include 2022 in the dates for any new files added in future (which means updating any existing uncommitted patches you have that add new files to use the new copyright dates in them).
* Update copyright dates with scripts/update-copyrightsPaul Eggert2022-01-01102-102/+102
| | | | | | | | | | | | | | | | | | | | | | | I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 7061 files FOO. I then removed trailing white space from math/tgmath.h, support/tst-support-open-dev-null-range.c, and sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following obscure pre-commit check failure diagnostics from Savannah. I don't know why I run into these diagnostics whereas others evidently do not. remote: *** 912-#endif remote: *** 913: remote: *** 914- remote: *** error: lines with trailing whitespace found ... remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
* fortify: Fix spurious warning with realpathSiddhesh Poyarekar2021-12-172-1/+39
| | | | | | | | | The length and object size arguments were swapped around for realpath. Also add a smoke test so that any changes in this area get caught in future. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* debug: Add tests for _FORTIFY_SOURCE=3Siddhesh Poyarekar2021-10-204-50/+69
| | | | | | | Add some testing coverage for _FORTIFY_SOURCE=3. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Remove "Contributed by" linesSiddhesh Poyarekar2021-09-0329-31/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | We stopped adding "Contributed by" or similar lines in sources in 2012 in favour of git logs and keeping the Contributors section of the glibc manual up to date. Removing these lines makes the license header a bit more consistent across files and also removes the possibility of error in attribution when license blocks or files are copied across since the contributed-by lines don't actually reflect reality in those cases. Move all "Contributed by" and similar lines (Written by, Test by, etc.) into a new file CONTRIBUTED-BY to retain record of these contributions. These contributors are also mentioned in manual/contrib.texi, so we just maintain this additional record as a courtesy to the earlier developers. The following scripts were used to filter a list of files to edit in place and to clean up the CONTRIBUTED-BY file respectively. These were not added to the glibc sources because they're not expected to be of any use in future given that this is a one time task: https://gist.github.com/siddhesh/b5ecac94eabfd72ed2916d6d8157e7dc https://gist.github.com/siddhesh/15ea1f5e435ace9774f485030695ee02 Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* Remove all usage of @BASH@ or ${BASH} in installed files, and hardcode ↵Romain GEISSLER2021-05-122-4/+3
| | | | | | | | | | | | | | | | | | | /bin/bash instead (FYI, this is a repost of https://sourceware.org/pipermail/libc-alpha/2019-July/105035.html now that FSF papers have been signed and confirmed on FSF side). This trivial patch attemps to fix BZ 24106. Basically the bash locally used when building glibc on the host shall not leak on the installed glibc, as the system where it is installed might be different and use another bash location. So I have looked for all occurences of @BASH@ or $(BASH) in installed files, and replaced it by /bin/bash. This was suggested by Florian Weimer in the bug report. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* backtrace: Implement on top of <unwind-link.h>Florian Weimer2021-03-011-67/+17
| | | | | | This reimplements the generic version of backtrace. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* Implement <unwind-link.h> for dynamically loading the libgcc_s unwinderFlorian Weimer2021-03-011-1/+1
| | | | | | | | | | This will be used to consolidate the libgcc_s access for backtrace and pthread_cancel. Unlike the existing backtrace implementations, it provides some hardening based on pointer mangling. Reviewed-by: Carlos O'Donell <carlos@redhat.com>