devel

devel@uclibc-ng.org

2 participants
1170 discussions

[PATCH] malloc-standard: Fix truncation problem in malloc
by Marcus Haehnel 10 Aug '25

10 Aug '25

From: Marius Melzer <marius.melzer(a)kernkonzept.com> This fixes a bug that can lead to the calculation of a wrong bin `idx`, which in turn leads to a too small chunk of memory being chosen for the number of bytes (`nb`) to be allocated. This leads to a fault (or possibly to memory being written in the wrong location) when using the offset `nb` on top of the chunk for a write operation. malloc() takes the number of bytes to allocate as size_t, but the calculation of the global bin index idx is done via malloc_largebin_index() which takes as parameter and calculates internally with unsigned int. This leads, for large allocations, to a truncation of the value and consequently to the idx being wrongly calculated. idx is an index into the bins which are sorted in ascending order of size range of its including chunks (e.g. 8-16, 16-32, 32-64,...). The malloc() algorithm depends on the idx being calculated such that we begin searching only at a bin whose chunks are always large enough to include the memory size to be allocated (nb). If the idx is too small (as can happen due to the described integer overflow), this code will lead to a write to a wrong address (remainder->bk resp. remainder->fd) (lines from malloc.c): 1086 size = chunksize(victim); 1087 1088 /* We know the first chunk in this bin is big enough to use. */ 1089 assert((unsigned long)(size) >= (unsigned long)(nb)); 1108 remainder = chunk_at_offset(victim, nb); 1111 remainder->bk = remainder->fd = unsorted_chunks(av); The chunk victim should normally be from a bin of a range where each chunk is at least of the size nb. Since it's not, its size may be smaller than nb. With assertions enabled the assertion in 1089 would fail. Without assertions we add nb as an offset to the chunk but since the size of the chunk is a lot smaller than nb, this will point to an address somewhere else. Signed-off-by: Marcus Haehnel <marcus.haehnel(a)kernkonzept.com> --- libc/stdlib/malloc-standard/malloc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libc/stdlib/malloc-standard/malloc.c b/libc/stdlib/malloc-standard/malloc.c index cecea87ecf..e51bc6610c 100644 --- a/libc/stdlib/malloc-standard/malloc.c +++ b/libc/stdlib/malloc-standard/malloc.c @@ -29,7 +29,7 @@ __UCLIBC_MUTEX_INIT(__malloc_lock, PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP); struct malloc_state __malloc_state; /* never directly referenced */ /* forward declaration */ -static int __malloc_largebin_index(unsigned int sz); +static int __malloc_largebin_index(unsigned long sz); #ifdef __UCLIBC_MALLOC_DEBUGGING__ @@ -755,10 +755,10 @@ static void* __malloc_alloc(size_t nb, mstate av) Compute index for size. We expect this to be inlined when compiled with optimization, else not, which works out well. */ -static int __malloc_largebin_index(unsigned int sz) +static int __malloc_largebin_index(unsigned long sz) { - unsigned int x = sz >> SMALLBIN_WIDTH; - unsigned int m; /* bit position of highest set bit of m */ + unsigned long x = sz >> SMALLBIN_WIDTH; + unsigned long m; /* bit position of highest set bit of m */ if (x >= 0x10000) return NBINS-1; @@ -776,7 +776,7 @@ static int __malloc_largebin_index(unsigned int sz) S. Warren Jr's book "Hacker's Delight". */ - unsigned int n = ((x - 0x100) >> 16) & 8; + unsigned long n = ((x - 0x100) >> 16) & 8; x <<= n; m = ((x - 0x1000) >> 16) & 4; n += m; -- 2.47.1

2 1

[PATCH v1] utimes: force to use 64-bit implementation if available and requested (part II)
by Peter Seiderer 25 Jul '25

25 Jul '25

- fix dependency for libc_hidden_def(utimes) statement, fixes (on ARM-64bit): ./include/libc-symbols.h:431:32: error: '__EI_utimes' aliased to undefined symbol '__GI_utimes' 431 | extern __typeof (name) __EI_##name __attribute__((alias (__hidden_asmname1 (,#local)))) \ | ^~~~~ ./include/libc-symbols.h:435:41: note: in expansion of macro '__hidden_ver1' 435 | # define hidden_def(name) __hidden_ver1(__GI_##name, name, name); | ^~~~~~~~~~~~~ ./include/libc-symbols.h:503:32: note: in expansion of macro 'hidden_def' 503 | # define libc_hidden_def(name) hidden_def (name) | ^~~~~~~~~~ libc/sysdeps/linux/common/utimes.c:54:1: note: in expansion of macro 'libc_hidden_def' 54 | libc_hidden_def(utimes) | ^~~~~~~~~~~~~~~ - fix dependency for 64-bit implementation, fixes (on ARM-64bit): .../build/busybox-1.37.0/libbb/copy_file.c:433:(.text.copy_file+0x2b0): undefined reference to `utimes' Fixes: 48591e2a2 ("Provide fixups for riscv32.") Fixes: 5aee86ed3 ("utimes: force to use 64-bit implementation if available and requested") Signed-off-by: Peter Seiderer <ps.report(a)gmx.net> --- libc/sysdeps/linux/common/utimes.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libc/sysdeps/linux/common/utimes.c b/libc/sysdeps/linux/common/utimes.c index eb128d352..c471a9b89 100644 --- a/libc/sysdeps/linux/common/utimes.c +++ b/libc/sysdeps/linux/common/utimes.c @@ -9,7 +9,7 @@ #include <sys/syscall.h> #include <sys/time.h> -#if (defined (__NR_utimensat) || defined(__NR_utimensat_time64)) && defined(__UCLIBC_USE_TIME64__) +#if (defined (__NR_utimensat) || defined(__NR_utimensat_time64)) && (!defined __NR_utimes || defined(__UCLIBC_USE_TIME64__)) # include <fcntl.h> # include <stddef.h> int utimes(const char *file, const struct timeval tvp[2]) @@ -50,6 +50,6 @@ int utimes(const char *file, const struct timeval tvp[2]) } #endif -#if defined __NR_utimensat || defined __NR_utimensat_time64 || defined __NR_utimes || defined __NR_utime +#if (((defined __NR_utimensat || defined __NR_utimensat_time64) && (!defined __NR_utimes || defined __UCLIBC_USE_TIME64__))) || defined __NR_utimes || defined __NR_utime libc_hidden_def(utimes) #endif -- 2.50.1

2 1

new release 1.0.54
by Waldemar Brodkorb 25 Jul '25

25 Jul '25

Hi embedded hackers, I made a new release shortly after 1.0.53. 1.0.54 is out now with fixes two regressions. Git shortlog: Marcus Haehnel (3): openpty/forkpty: use const for termios and winsize arguments openpty: Remove code that has been disabled for more than 20 years inet/netdb: fix getnameinfo signature Peter Seiderer (2): utimes: force to use 64-bit implementation if available and requested utimes: force to use 64-bit implementation if available and requested (part II) Thorsten Glaser (1): add getentropy(), fix return value of getrandom() Waldemar Brodkorb (15): getentropy: guard syscall to getrandom frv: fix compile issues mips/mips64: add fenv support from glibc riscv: add fenv support from glibc fix build for coldfire with FPU m68k: add fenv support from glibc or1k: add fenv support from glibc sparc: add fenv support from glibc arc: add support for fenv from glibc sh: add fenv support from glibc csky: add fenv support from glibc arc: add missing files for fenv support bump version for 1.0.53 release fix getentropy() bump version for 1.0.54 release Thanks for testing and using it. Sunshine Waldemar

1 0

About the support of msgctl for time64 in uclibc-ng
by 刘瑜 24 Jul '25

24 Jul '25

Hello, development team of uclibc-ng, We are a company from China called Ingenic, and we have recently observed that msgctl(), shmctl() and semctl() do not fully support time64 in the latest version of uclibc-ng. When time64 is enabled on mips, timestamps of semaphore obtained by msgclt, shmctl and semctl are incorrectly, and semctl will report segmentation fault if RMID operation is used. The timestamp of the semaphore on arm platform is also wrong. These errors seem to be caused by incomplete support for time64. Although struct semid_ds is modified for time64, the positions of its members are inconsistent with those of struct semid64_ds in the kernel, resulting in incorrect semaphore timestamps obtained by semctl. In addition, struct shmid_ds and struct msqid_ds do not seem to support time64. Besides, when semctl removes the semaphore using RMID, the union semun arg is NULL and does not point to the semaphore instance. Accessing members of struct semid_ds will result in a segmentation fault. The attachment is my modification for three functions and structs they required on the mips platform, which can be used as a reference. If you think these three functions do not need to be modified, hope you can write to tell me the reason. Looking forward to your reply ! Best regards, Liu Yu

2 1

[PATCH v1] utimes: force to use 64-bit implementation if available and requested
by Peter Seiderer 20 Jul '25

20 Jul '25

Fixes 64-/32-bit time_t regression on ARM32 (reported for buildroot, see [1] for details). [1] https://gitlab.com/buildroot.org/buildroot/-/issues/128 Fixes: 48591e2a2 ("Provide fixups for riscv32.") Signed-off-by: Peter Seiderer <ps.report(a)gmx.net> --- libc/sysdeps/linux/common/utimes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libc/sysdeps/linux/common/utimes.c b/libc/sysdeps/linux/common/utimes.c index a28594dfd..eb128d352 100644 --- a/libc/sysdeps/linux/common/utimes.c +++ b/libc/sysdeps/linux/common/utimes.c @@ -9,7 +9,7 @@ #include <sys/syscall.h> #include <sys/time.h> -#if (defined (__NR_utimensat) || defined(__NR_utimensat_time64)) && !defined __NR_utimes +#if (defined (__NR_utimensat) || defined(__NR_utimensat_time64)) && defined(__UCLIBC_USE_TIME64__) # include <fcntl.h> # include <stddef.h> int utimes(const char *file, const struct timeval tvp[2]) -- 2.50.1

2 5

utimes 64-/32-bit time_t regression (ARM-32bit)
by Peter Seiderer 19 Jul '25

19 Jul '25

Hello Dmitry, Waldemar, as reported for buildroot ([1]) there is a utimes 64-/32-bit time_t regression (?) for ARM-32bit maybe introduced by commit ([2], at least fixable by partly reverting): 48591e2a2 Provide fixups for riscv32. Regards, Peter [1] https://gitlab.com/buildroot.org/buildroot/-/issues/128 [2] https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=48591e2a259d84…

2 2

[PATCH] inet/netdb: fix getnameinfo signature
by Marcus Haehnel 01 Jul '25

01 Jul '25

According to POSIX the getnameinfo flags parameter is int and not unsigned. Adapt accordingly. Glibc has also fixed this in commit e4ecafe004b3d4270b3a9dace8f970047400ed38 in 2001. Signed-off-by: Marcus Haehnel <marcus.haehnel(a)kernkonzept.com> --- include/netdb.h | 2 +- libc/inet/resolv.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/netdb.h b/include/netdb.h index a85797956..26c999e59 100644 --- a/include/netdb.h +++ b/include/netdb.h @@ -689,7 +689,7 @@ extern const char *gai_strerror (int __ecode) __THROW; extern int getnameinfo (const struct sockaddr *__restrict __sa, socklen_t __salen, char *__restrict __host, socklen_t __hostlen, char *__restrict __serv, - socklen_t __servlen, unsigned int __flags); + socklen_t __servlen, int __flags); libc_hidden_proto(getnameinfo) #endif /* POSIX */ diff --git a/libc/inet/resolv.c b/libc/inet/resolv.c index 130a9a505..44685e6b8 100644 --- a/libc/inet/resolv.c +++ b/libc/inet/resolv.c @@ -1892,7 +1892,7 @@ int getnameinfo(const struct sockaddr *sa, socklen_t hostlen, char *serv, socklen_t servlen, - unsigned flags) + int flags) { int serrno = errno; bool ok = 0; -- 2.47.1

2 1

[PATCH] openpty: Remove code that has been disabled for more than 20 years
by Marcus Haehnel 01 Jul '25

01 Jul '25

The use of ptsname_r instead of the custom pts_name seems to have proven in the field. Signed-off-by: Marcus Haehnel <marcus.haehnel(a)kernkonzept.com> --- libutil/openpty.c | 76 ----------------------------------------------- 1 file changed, 76 deletions(-) diff --git a/libutil/openpty.c b/libutil/openpty.c index 848dc8d38..0a8b04317 100644 --- a/libutil/openpty.c +++ b/libutil/openpty.c @@ -26,61 +26,6 @@ #include <unistd.h> #include <sys/types.h> -/* BCS: the following function is, IMO, overkill */ -#if 0 -/* Return the result of ptsname_r in the buffer pointed to by PTS, - which should be of length BUF_LEN. If it is too long to fit in - this buffer, a sufficiently long buffer is allocated using malloc, - and returned in PTS. 0 is returned upon success, -1 otherwise. */ -static int -pts_name (int fd, char **pts, size_t buf_len) -{ - int rv; - char *buf = *pts; - - for (;;) - { - char *new_buf; - - if (buf_len) - { - rv = ptsname_r (fd, buf, buf_len); - - if (rv != 0 || memchr (buf, '\0', buf_len)) - /* We either got an error, or we succeeded and the - returned name fit in the buffer. */ - break; - - /* Try again with a longer buffer. */ - buf_len += buf_len; /* Double it */ - } - else - /* No initial buffer; start out by mallocing one. */ - buf_len = 128; /* First time guess. */ - - if (buf != *pts) - /* We've already malloced another buffer at least once. */ - new_buf = realloc (buf, buf_len); - else - new_buf = malloc (buf_len); - if (! new_buf) - { - rv = -1; - __set_errno (ENOMEM); - break; - } - buf = new_buf; - } - - if (rv == 0) - *pts = buf; /* Return buffer to the user. */ - else if (buf != *pts) - free (buf); /* Free what we malloced when returning an error. */ - - return rv; -} -#endif - /* Create pseudo tty master slave pair and set terminal attributes according to TERMP and WINP. Return handles for both ends in AMASTER and ASLAVE, and return the name of the slave end in NAME. */ @@ -88,19 +33,10 @@ int openpty (int *amaster, int *aslave, char *name, struct termios *termp, struct winsize *winp) { -#if 0 -#ifdef PATH_MAX - char _buf[PATH_MAX]; -#else - char _buf[512]; -#endif - char *buf = _buf; -#else #ifdef PATH_MAX char buf[PATH_MAX]; #else char buf[512]; -#endif #endif int master, slave; @@ -114,20 +50,12 @@ openpty (int *amaster, int *aslave, char *name, struct termios *termp, if (unlockpt (master)) goto fail; -#if 0 - if (pts_name (master, &buf, sizeof (_buf))) -#else if (ptsname_r (master, buf, sizeof buf)) -#endif goto fail; slave = open (buf, O_RDWR | O_NOCTTY); if (slave == -1) { -#if 0 - if (buf != _buf) - free (buf); -#endif goto fail; } @@ -142,10 +70,6 @@ openpty (int *amaster, int *aslave, char *name, struct termios *termp, if (name != NULL) strcpy (name, buf); -#if 0 - if (buf != _buf) - free (buf); -#endif return 0; fail: -- 2.47.1

3 4

[PATCH] openpty/forkpty: use const for termios and winsize arguments
by Marcus Haehnel 01 Jul '25

01 Jul '25

The termios and winsize arguments are const as per the POSIX standard, and also uclibc and musl define them as such. Adapt the uclibc-ng definitions and declarations accordingly to improve compatibility. Signed-off-by: Marcus Haehnel <marcus.haehnel(a)kernkonzept.com> --- include/pty.h | 6 ++++-- libutil/forkpty.c | 3 ++- libutil/openpty.c | 4 ++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/include/pty.h b/include/pty.h index f23a260ae..609ac2459 100644 --- a/include/pty.h +++ b/include/pty.h @@ -31,13 +31,15 @@ __BEGIN_DECLS attributes according to TERMP and WINP and return handles for both ends in AMASTER and ASLAVE. */ extern int openpty (int *__amaster, int *__aslave, char *__name, - struct termios *__termp, struct winsize *__winp) __THROW; + const struct termios *__termp, + const struct winsize *__winp) __THROW; libutil_hidden_proto(openpty) /* Create child process and establish the slave pseudo terminal as the child's controlling terminal. */ extern int forkpty (int *__amaster, char *__name, - struct termios *__termp, struct winsize *__winp) __THROW; + const struct termios *__termp, + const struct winsize *__winp) __THROW; __END_DECLS diff --git a/libutil/forkpty.c b/libutil/forkpty.c index 24643330c..7e42d1a33 100644 --- a/libutil/forkpty.c +++ b/libutil/forkpty.c @@ -23,7 +23,8 @@ #include <pty.h> int -forkpty (int *amaster, char *name, struct termios *termp, struct winsize *winp) +forkpty (int *amaster, char *name, const struct termios *termp, + const struct winsize *winp) { int master, slave, pid; diff --git a/libutil/openpty.c b/libutil/openpty.c index 848dc8d38..e14cbc57d 100644 --- a/libutil/openpty.c +++ b/libutil/openpty.c @@ -85,8 +85,8 @@ pts_name (int fd, char **pts, size_t buf_len) according to TERMP and WINP. Return handles for both ends in AMASTER and ASLAVE, and return the name of the slave end in NAME. */ int -openpty (int *amaster, int *aslave, char *name, struct termios *termp, - struct winsize *winp) +openpty (int *amaster, int *aslave, char *name, const struct termios *termp, + const struct winsize *winp) { #if 0 #ifdef PATH_MAX -- 2.47.1

2 1

build error for x86_64 with NPTL
by Kirill Makurin 26 May '25

26 May '25

Hello, I recently tried to build uclibc-ng configured with NPTL posix threads implementation for x86_64 system. Build fails, which I believe is a bug. The error occurs when compiling `libpthread/nptl/sysdeps/unix/sysv/linux/x86_64/sem_wait.S`, it takes the false branch in ``` #if USE___THREAD ... #else ... #endif ``` which contains #error preprocessor directive. I tried to understand why it happens. Turns out the `USE___THREAD` macro is not defined when compiling this file and false branch in always taken. This macro is defined in tls.h, however this header files in not included directly or indirectly. This issue should affect all assembler code in `libpthread/nptl/sysdeps/unix/sysv/linux/x86_64` since it all have preprocessor conditions depending on `USE___THREAD` macro. Directly including tls.h fixes the build error. - Kirill Makurin

2 4

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

devel