* [dizzy][PATCH 1/4] glibc: CVE-2015-8777
@ 2016-02-28 18:53 Armin Kuster
2016-02-28 18:53 ` [dizzy][PATCH 2/4] glibc: CVE-2015-8779 Armin Kuster
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: Armin Kuster @ 2016-02-28 18:53 UTC (permalink / raw)
To: akuster, openembedded-core
From: Armin Kuster <akuster@mvista.com>
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or
libc6) before 2.23 allows local users to bypass a pointer-guarding protection
mechanism via a zero value of the LD_POINTER_GUARD environment variable.
(From OE-Core rev: 22570ba08d7c6157aec58764c73b1134405b0252)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-core/glibc/glibc/CVE-2015-8777.patch | 122 ++++++++++++++++++++++
meta/recipes-core/glibc/glibc_2.20.bb | 4 +-
2 files changed, 125 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-8777.patch
diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-8777.patch b/meta/recipes-core/glibc/glibc/CVE-2015-8777.patch
new file mode 100644
index 0000000..780fcb9
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2015-8777.patch
@@ -0,0 +1,122 @@
+From a014cecd82b71b70a6a843e250e06b541ad524f7 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Thu, 15 Oct 2015 09:23:07 +0200
+Subject: [PATCH] Always enable pointer guard [BZ #18928]
+
+Honoring the LD_POINTER_GUARD environment variable in AT_SECURE mode
+has security implications. This commit enables pointer guard
+unconditionally, and the environment variable is now ignored.
+
+ [BZ #18928]
+ * sysdeps/generic/ldsodefs.h (struct rtld_global_ro): Remove
+ _dl_pointer_guard member.
+ * elf/rtld.c (_rtld_global_ro): Remove _dl_pointer_guard
+ initializer.
+ (security_init): Always set up pointer guard.
+ (process_envvars): Do not process LD_POINTER_GUARD.
+
+Upstream-Status: Backport
+CVE: CVE-2015-8777
+[Yocto # 8980]
+
+https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=a014cecd82b71b70a6a843e250e06b541ad524f7
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ ChangeLog | 10 ++++++++++
+ NEWS | 13 ++++++++-----
+ elf/rtld.c | 15 ++++-----------
+ sysdeps/generic/ldsodefs.h | 3 ---
+ 4 files changed, 22 insertions(+), 19 deletions(-)
+
+Index: git/elf/rtld.c
+===================================================================
+--- git.orig/elf/rtld.c
++++ git/elf/rtld.c
+@@ -163,7 +163,6 @@ struct rtld_global_ro _rtld_global_ro at
+ ._dl_hwcap_mask = HWCAP_IMPORTANT,
+ ._dl_lazy = 1,
+ ._dl_fpu_control = _FPU_DEFAULT,
+- ._dl_pointer_guard = 1,
+ ._dl_pagesize = EXEC_PAGESIZE,
+ ._dl_inhibit_cache = 0,
+
+@@ -710,15 +709,12 @@ security_init (void)
+ #endif
+
+ /* Set up the pointer guard as well, if necessary. */
+- if (GLRO(dl_pointer_guard))
+- {
+- uintptr_t pointer_chk_guard = _dl_setup_pointer_guard (_dl_random,
+- stack_chk_guard);
++ uintptr_t pointer_chk_guard
++ = _dl_setup_pointer_guard (_dl_random, stack_chk_guard);
+ #ifdef THREAD_SET_POINTER_GUARD
+- THREAD_SET_POINTER_GUARD (pointer_chk_guard);
++ THREAD_SET_POINTER_GUARD (pointer_chk_guard);
+ #endif
+- __pointer_chk_guard_local = pointer_chk_guard;
+- }
++ __pointer_chk_guard_local = pointer_chk_guard;
+
+ /* We do not need the _dl_random value anymore. The less
+ information we leave behind, the better, so clear the
+@@ -2476,9 +2472,6 @@ process_envvars (enum mode *modep)
+ GLRO(dl_use_load_bias) = envline[14] == '1' ? -1 : 0;
+ break;
+ }
+-
+- if (memcmp (envline, "POINTER_GUARD", 13) == 0)
+- GLRO(dl_pointer_guard) = envline[14] != '0';
+ break;
+
+ case 14:
+Index: git/sysdeps/generic/ldsodefs.h
+===================================================================
+--- git.orig/sysdeps/generic/ldsodefs.h
++++ git/sysdeps/generic/ldsodefs.h
+@@ -590,9 +590,6 @@ struct rtld_global_ro
+ /* List of auditing interfaces. */
+ struct audit_ifaces *_dl_audit;
+ unsigned int _dl_naudit;
+-
+- /* 0 if internal pointer values should not be guarded, 1 if they should. */
+- EXTERN int _dl_pointer_guard;
+ };
+ # define __rtld_global_attribute__
+ # ifdef IS_IN_rtld
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
++++ git/ChangeLog
+@@ -1,3 +1,13 @@
++2015-10-15 Florian Weimer <fweimer@redhat.com>
++
++ [BZ #18928]
++ * sysdeps/generic/ldsodefs.h (struct rtld_global_ro): Remove
++ _dl_pointer_guard member.
++ * elf/rtld.c (_rtld_global_ro): Remove _dl_pointer_guard
++ initializer.
++ (security_init): Always set up pointer guard.
++ (process_envvars): Do not process LD_POINTER_GUARD.
++
+ 2015-02-05 Paul Pluzhnikov <ppluzhnikov@google.com>
+
+ [BZ #16618] CVE-2015-1472
+Index: git/NEWS
+===================================================================
+--- git.orig/NEWS
++++ git/NEWS
+@@ -24,7 +24,10 @@ Version 2.20
+ 17031, 17042, 17048, 17050, 17058, 17061, 17062, 17069, 17075, 17078,
+ 17079, 17084, 17086, 17088, 17092, 17097, 17125, 17135, 17137, 17150,
+ 17153, 17187, 17213, 17259, 17261, 17262, 17263, 17319, 17325, 17354,
+- 17625, 17630.
++ 17625, 17630, 18928.
++
++* The LD_POINTER_GUARD environment variable can no longer be used to
++ disable the pointer guard feature. It is always enabled.
+
+ * The nss_dns implementation of getnetbyname could run into an infinite loop
+ if the DNS response contained a PTR record of an unexpected format.
diff --git a/meta/recipes-core/glibc/glibc_2.20.bb b/meta/recipes-core/glibc/glibc_2.20.bb
index a928293..5e03570 100644
--- a/meta/recipes-core/glibc/glibc_2.20.bb
+++ b/meta/recipes-core/glibc/glibc_2.20.bb
@@ -48,7 +48,9 @@ CVEPATCHES = "\
file://CVE-2015-1781-resolv-nss_dns-dns-host.c-buffer-overf.patch \
file://CVE-2015-1472-wscanf-allocates-too-little-memory.patch \
file://CVE-2015-7547.patch \
- "
+ file://CVE-2015-8777.patch \
+"
+
LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://posix/rxspencer/COPYRIGHT;md5=dc5485bb394a13b2332ec1c785f5d83a \
--
2.3.5
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [dizzy][PATCH 2/4] glibc: CVE-2015-8779
2016-02-28 18:53 [dizzy][PATCH 1/4] glibc: CVE-2015-8777 Armin Kuster
@ 2016-02-28 18:53 ` Armin Kuster
2016-02-28 18:53 ` [dizzy][PATCH 3/4] glibc: CVE-2015-9761 Armin Kuster
2016-02-28 18:53 ` [dizzy][PATCH 4/4] glibc: CVE-2015-8776 Armin Kuster
2 siblings, 0 replies; 9+ messages in thread
From: Armin Kuster @ 2016-02-28 18:53 UTC (permalink / raw)
To: akuster, openembedded-core
From: Armin Kuster <akuster@mvista.com>
A stack overflow vulnerability in the catopen function was found, causing
applications which pass long strings to the catopen function to crash or,
potentially execute arbitrary code.
(From OE-Core rev: af20e323932caba8883c91dac610e1ba2b3d4ab5)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-core/glibc/glibc/CVE-2015-8779.patch | 261 ++++++++++++++++++++++
meta/recipes-core/glibc/glibc_2.20.bb | 1 +
2 files changed, 262 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-8779.patch
diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-8779.patch b/meta/recipes-core/glibc/glibc/CVE-2015-8779.patch
new file mode 100644
index 0000000..50e7f5b
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2015-8779.patch
@@ -0,0 +1,261 @@
+From 0f58539030e436449f79189b6edab17d7479796e Mon Sep 17 00:00:00 2001
+From: Paul Pluzhnikov <ppluzhnikov@google.com>
+Date: Sat, 8 Aug 2015 15:53:03 -0700
+Subject: [PATCH] Fix BZ #17905
+
+Upstream-Status: Backport
+CVE: CVE-2015-8779
+[Yocto # 8980]
+
+https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f58539030e436449f79189b6edab17d7479796e
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ ChangeLog | 8 ++++++++
+ NEWS | 2 +-
+ catgets/Makefile | 9 ++++++++-
+ catgets/catgets.c | 19 ++++++++++++-------
+ catgets/open_catalog.c | 23 ++++++++++++++---------
+ catgets/tst-catgets.c | 31 +++++++++++++++++++++++++++++++
+ 6 files changed, 74 insertions(+), 18 deletions(-)
+
+Index: git/catgets/Makefile
+===================================================================
+--- git.orig/catgets/Makefile
++++ git/catgets/Makefile
+@@ -37,6 +37,7 @@ ifeq (y,$(OPTION_EGLIBC_CATGETS))
+ ifeq ($(run-built-tests),yes)
+ tests-special += $(objpfx)de/libc.cat $(objpfx)test1.cat $(objpfx)test2.cat \
+ $(objpfx)sample.SJIS.cat $(objpfx)test-gencat.out
++tests-special += $(objpfx)tst-catgets-mem.out
+ endif
+ endif
+ gencat-modules = xmalloc
+@@ -53,9 +54,11 @@ catgets-CPPFLAGS := -DNLSPATH='"$(msgcat
+
+ generated += de.msg test1.cat test1.h test2.cat test2.h sample.SJIS.cat \
+ test-gencat.h
++generated += tst-catgets.mtrace tst-catgets-mem.out
++
+ generated-dirs += de
+
+-tst-catgets-ENV = NLSPATH="$(objpfx)%l/%N.cat" LANG=de
++tst-catgets-ENV = NLSPATH="$(objpfx)%l/%N.cat" LANG=de MALLOC_TRACE=$(objpfx)tst-catgets.mtrace
+
+ ifeq ($(run-built-tests),yes)
+ # This test just checks whether the program produces any error or not.
+@@ -89,4 +92,8 @@ $(objpfx)test-gencat.out: test-gencat.sh
+ $(objpfx)sample.SJIS.cat: sample.SJIS $(objpfx)gencat
+ $(built-program-cmd) -H $(objpfx)test-gencat.h < $(word 1,$^) > $@; \
+ $(evaluate-test)
++
++$(objpfx)tst-catgets-mem.out: $(objpfx)tst-catgets.out
++ $(common-objpfx)malloc/mtrace $(objpfx)tst-catgets.mtrace > $@; \
++ $(evaluate-test)
+ endif
+Index: git/catgets/catgets.c
+===================================================================
+--- git.orig/catgets/catgets.c
++++ git/catgets/catgets.c
+@@ -16,7 +16,6 @@
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+-#include <alloca.h>
+ #include <errno.h>
+ #include <locale.h>
+ #include <nl_types.h>
+@@ -35,6 +34,7 @@ catopen (const char *cat_name, int flag)
+ __nl_catd result;
+ const char *env_var = NULL;
+ const char *nlspath = NULL;
++ char *tmp = NULL;
+
+ if (strchr (cat_name, '/') == NULL)
+ {
+@@ -54,7 +54,10 @@ catopen (const char *cat_name, int flag)
+ {
+ /* Append the system dependent directory. */
+ size_t len = strlen (nlspath) + 1 + sizeof NLSPATH;
+- char *tmp = alloca (len);
++ tmp = malloc (len);
++
++ if (__glibc_unlikely (tmp == NULL))
++ return (nl_catd) -1;
+
+ __stpcpy (__stpcpy (__stpcpy (tmp, nlspath), ":"), NLSPATH);
+ nlspath = tmp;
+@@ -65,16 +68,18 @@ catopen (const char *cat_name, int flag)
+
+ result = (__nl_catd) malloc (sizeof (*result));
+ if (result == NULL)
+- /* We cannot get enough memory. */
+- return (nl_catd) -1;
+-
+- if (__open_catalog (cat_name, nlspath, env_var, result) != 0)
++ {
++ /* We cannot get enough memory. */
++ result = (nl_catd) -1;
++ }
++ else if (__open_catalog (cat_name, nlspath, env_var, result) != 0)
+ {
+ /* Couldn't open the file. */
+ free ((void *) result);
+- return (nl_catd) -1;
++ result = (nl_catd) -1;
+ }
+
++ free (tmp);
+ return (nl_catd) result;
+ }
+
+Index: git/catgets/open_catalog.c
+===================================================================
+--- git.orig/catgets/open_catalog.c
++++ git/catgets/open_catalog.c
+@@ -47,6 +47,7 @@ __open_catalog (const char *cat_name, co
+ size_t tab_size;
+ const char *lastp;
+ int result = -1;
++ char *buf = NULL;
+
+ if (strchr (cat_name, '/') != NULL || nlspath == NULL)
+ fd = open_not_cancel_2 (cat_name, O_RDONLY);
+@@ -57,23 +58,23 @@ __open_catalog (const char *cat_name, co
+ if (__glibc_unlikely (bufact + (n) >= bufmax)) \
+ { \
+ char *old_buf = buf; \
+- bufmax += 256 + (n); \
+- buf = (char *) alloca (bufmax); \
+- memcpy (buf, old_buf, bufact); \
++ bufmax += (bufmax < 256 + (n)) ? 256 + (n) : bufmax; \
++ buf = realloc (buf, bufmax); \
++ if (__glibc_unlikely (buf == NULL)) \
++ { \
++ free (old_buf); \
++ return -1; \
++ } \
+ }
+
+ /* The RUN_NLSPATH variable contains a colon separated list of
+ descriptions where we expect to find catalogs. We have to
+ recognize certain % substitutions and stop when we found the
+ first existing file. */
+- char *buf;
+ size_t bufact;
+- size_t bufmax;
++ size_t bufmax = 0;
+ size_t len;
+
+- buf = NULL;
+- bufmax = 0;
+-
+ fd = -1;
+ while (*run_nlspath != '\0')
+ {
+@@ -188,7 +189,10 @@ __open_catalog (const char *cat_name, co
+
+ /* Avoid dealing with directories and block devices */
+ if (__builtin_expect (fd, 0) < 0)
+- return -1;
++ {
++ free (buf);
++ return -1;
++ }
+
+ if (__builtin_expect (__fxstat64 (_STAT_VER, fd, &st), 0) < 0)
+ goto close_unlock_return;
+@@ -325,6 +329,7 @@ __open_catalog (const char *cat_name, co
+ /* Release the lock again. */
+ close_unlock_return:
+ close_not_cancel_no_status (fd);
++ free (buf);
+
+ return result;
+ }
+Index: git/catgets/tst-catgets.c
+===================================================================
+--- git.orig/catgets/tst-catgets.c
++++ git/catgets/tst-catgets.c
+@@ -1,7 +1,10 @@
++#include <assert.h>
+ #include <mcheck.h>
+ #include <nl_types.h>
+ #include <stdio.h>
++#include <stdlib.h>
+ #include <string.h>
++#include <sys/resource.h>
+
+
+ static const char *msgs[] =
+@@ -12,6 +15,33 @@ static const char *msgs[] =
+ };
+ #define nmsgs (sizeof (msgs) / sizeof (msgs[0]))
+
++
++/* Test for unbounded alloca. */
++static int
++do_bz17905 (void)
++{
++ char *buf;
++ struct rlimit rl;
++ nl_catd result;
++
++ const int sz = 1024 * 1024;
++
++ getrlimit (RLIMIT_STACK, &rl);
++ rl.rlim_cur = sz;
++ setrlimit (RLIMIT_STACK, &rl);
++
++ buf = malloc (sz + 1);
++ memset (buf, 'A', sz);
++ buf[sz] = '\0';
++ setenv ("NLSPATH", buf, 1);
++
++ result = catopen (buf, NL_CAT_LOCALE);
++ assert (result == (nl_catd) -1);
++
++ free (buf);
++ return 0;
++}
++
+ #define ROUNDS 5
+
+ int
+@@ -62,5 +92,6 @@ main (void)
+ }
+ }
+
++ result += do_bz17905 ();
+ return result;
+ }
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
++++ git/ChangeLog
+@@ -1,3 +1,11 @@
++2015-08-08 Paul Pluzhnikov <ppluzhnikov@google.com>
++
++ [BZ #17905]
++ * catgets/Makefile (tst-catgets-mem): New test.
++ * catgets/catgets.c (catopen): Don't use unbounded alloca.
++ * catgets/open_catalog.c (__open_catalog): Likewise.
++ * catgets/tst-catgets.c (do_bz17905): Test unbounded alloca.
++
+ 2015-10-15 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #18928]
+Index: git/NEWS
+===================================================================
+--- git.orig/NEWS
++++ git/NEWS
+@@ -24,7 +24,7 @@ Version 2.20
+ 17031, 17042, 17048, 17050, 17058, 17061, 17062, 17069, 17075, 17078,
+ 17079, 17084, 17086, 17088, 17092, 17097, 17125, 17135, 17137, 17150,
+ 17153, 17187, 17213, 17259, 17261, 17262, 17263, 17319, 17325, 17354,
+- 17625, 17630, 18928.
++ 17625, 17630, 18928, 17905.
+
+ * The LD_POINTER_GUARD environment variable can no longer be used to
+ disable the pointer guard feature. It is always enabled.
diff --git a/meta/recipes-core/glibc/glibc_2.20.bb b/meta/recipes-core/glibc/glibc_2.20.bb
index 5e03570..af568d9 100644
--- a/meta/recipes-core/glibc/glibc_2.20.bb
+++ b/meta/recipes-core/glibc/glibc_2.20.bb
@@ -49,6 +49,7 @@ CVEPATCHES = "\
file://CVE-2015-1472-wscanf-allocates-too-little-memory.patch \
file://CVE-2015-7547.patch \
file://CVE-2015-8777.patch \
+ file://CVE-2015-8779.patch \
"
LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
--
2.3.5
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [dizzy][PATCH 3/4] glibc: CVE-2015-9761
2016-02-28 18:53 [dizzy][PATCH 1/4] glibc: CVE-2015-8777 Armin Kuster
2016-02-28 18:53 ` [dizzy][PATCH 2/4] glibc: CVE-2015-8779 Armin Kuster
@ 2016-02-28 18:53 ` Armin Kuster
2016-03-03 8:16 ` Martin Jansa
2016-02-28 18:53 ` [dizzy][PATCH 4/4] glibc: CVE-2015-8776 Armin Kuster
2 siblings, 1 reply; 9+ messages in thread
From: Armin Kuster @ 2016-02-28 18:53 UTC (permalink / raw)
To: akuster, openembedded-core
From: Armin Kuster <akuster@mvista.com>
A stack overflow vulnerability was found in nan* functions that could cause
applications which process long strings with the nan function to crash or,
potentially, execute arbitrary code.
(From OE-Core rev: fd3da8178c8c06b549dbc19ecec40e98ab934d49)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../recipes-core/glibc/glibc/CVE-2015-9761_1.patch | 1039 ++++++++++++++++++++
.../recipes-core/glibc/glibc/CVE-2015-9761_2.patch | 388 ++++++++
meta/recipes-core/glibc/glibc_2.20.bb | 2 +
3 files changed, 1429 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch b/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
new file mode 100644
index 0000000..3aca913
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
@@ -0,0 +1,1039 @@
+From e02cabecf0d025ec4f4ddee290bdf7aadb873bb3 Mon Sep 17 00:00:00 2001
+From: Joseph Myers <joseph@codesourcery.com>
+Date: Tue, 24 Nov 2015 22:24:52 +0000
+Subject: [PATCH] Refactor strtod parsing of NaN payloads.
+
+The nan* functions handle their string argument by constructing a
+NAN(...) string on the stack as a VLA and passing it to strtod
+functions.
+
+This approach has problems discussed in bug 16961 and bug 16962: the
+stack usage is unbounded, and it gives incorrect results in certain
+cases where the argument is not a valid n-char-sequence.
+
+The natural fix for both issues is to refactor the NaN payload parsing
+out of strtod into a separate function that the nan* functions can
+call directly, so that no temporary string needs constructing on the
+stack at all. This patch does that refactoring in preparation for
+fixing those bugs (but without actually using the new functions from
+nan* - which will also require exporting them from libc at version
+GLIBC_PRIVATE). This patch is not intended to change any user-visible
+behavior, so no tests are added (fixes for the above bugs will of
+course add tests for them).
+
+This patch builds on my recent fixes for strtol and strtod issues in
+Turkish locales. Given those fixes, the parsing of NaN payloads is
+locale-independent; thus, the new functions do not need to take a
+locale_t argument.
+
+Tested for x86_64, x86, mips64 and powerpc.
+
+ * stdlib/strtod_nan.c: New file.
+ * stdlib/strtod_nan_double.h: Likewise.
+ * stdlib/strtod_nan_float.h: Likewise.
+ * stdlib/strtod_nan_main.c: Likewise.
+ * stdlib/strtod_nan_narrow.h: Likewise.
+ * stdlib/strtod_nan_wide.h: Likewise.
+ * stdlib/strtof_nan.c: Likewise.
+ * stdlib/strtold_nan.c: Likewise.
+ * sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h: Likewise.
+ * sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h: Likewise.
+ * sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h: Likewise.
+ * wcsmbs/wcstod_nan.c: Likewise.
+ * wcsmbs/wcstof_nan.c: Likewise.
+ * wcsmbs/wcstold_nan.c: Likewise.
+ * stdlib/Makefile (routines): Add strtof_nan, strtod_nan and
+ strtold_nan.
+ * wcsmbs/Makefile (routines): Add wcstod_nan, wcstold_nan and
+ wcstof_nan.
+ * include/stdlib.h (__strtof_nan): Declare and use
+ libc_hidden_proto.
+ (__strtod_nan): Likewise.
+ (__strtold_nan): Likewise.
+ (__wcstof_nan): Likewise.
+ (__wcstod_nan): Likewise.
+ (__wcstold_nan): Likewise.
+ * include/wchar.h (____wcstoull_l_internal): Declare.
+ * stdlib/strtod_l.c: Do not include <ieee754.h>.
+ (____strtoull_l_internal): Remove declaration.
+ (STRTOF_NAN): Define macro.
+ (SET_MANTISSA): Remove macro.
+ (STRTOULL): Likewise.
+ (____STRTOF_INTERNAL): Use STRTOF_NAN to parse NaN payload.
+ * stdlib/strtof_l.c (____strtoull_l_internal): Remove declaration.
+ (STRTOF_NAN): Define macro.
+ (SET_MANTISSA): Remove macro.
+ * sysdeps/ieee754/ldbl-128/strtold_l.c (STRTOF_NAN): Define macro.
+ (SET_MANTISSA): Remove macro.
+ * sysdeps/ieee754/ldbl-128ibm/strtold_l.c (STRTOF_NAN): Define
+ macro.
+ (SET_MANTISSA): Remove macro.
+ * sysdeps/ieee754/ldbl-64-128/strtold_l.c (STRTOF_NAN): Define
+ macro.
+ (SET_MANTISSA): Remove macro.
+ * sysdeps/ieee754/ldbl-96/strtold_l.c (STRTOF_NAN): Define macro.
+ (SET_MANTISSA): Remove macro.
+ * wcsmbs/wcstod_l.c (____wcstoull_l_internal): Remove declaration.
+ * wcsmbs/wcstof_l.c (____wcstoull_l_internal): Likewise.
+ * wcsmbs/wcstold_l.c (____wcstoull_l_internal): Likewise.
+
+Upstream-Status: Backport
+CVE: CVE-2015-9761 patch #1
+[Yocto # 8980]
+
+https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02cabecf0d025ec4f4ddee290bdf7aadb873bb3
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ ChangeLog | 49 ++++++++++++++++++
+ include/stdlib.h | 18 +++++++
+ include/wchar.h | 3 ++
+ stdlib/Makefile | 1 +
+ stdlib/strtod_l.c | 48 ++++--------------
+ stdlib/strtod_nan.c | 24 +++++++++
+ stdlib/strtod_nan_double.h | 30 +++++++++++
+ stdlib/strtod_nan_float.h | 29 +++++++++++
+ stdlib/strtod_nan_main.c | 63 ++++++++++++++++++++++++
+ stdlib/strtod_nan_narrow.h | 22 +++++++++
+ stdlib/strtod_nan_wide.h | 22 +++++++++
+ stdlib/strtof_l.c | 11 +----
+ stdlib/strtof_nan.c | 24 +++++++++
+ stdlib/strtold_nan.c | 30 +++++++++++
+ sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h | 33 +++++++++++++
+ sysdeps/ieee754/ldbl-128/strtold_l.c | 13 +----
+ sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h | 30 +++++++++++
+ sysdeps/ieee754/ldbl-128ibm/strtold_l.c | 10 +---
+ sysdeps/ieee754/ldbl-64-128/strtold_l.c | 13 +----
+ sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h | 30 +++++++++++
+ sysdeps/ieee754/ldbl-96/strtold_l.c | 10 +---
+ wcsmbs/Makefile | 1 +
+ wcsmbs/wcstod_l.c | 3 --
+ wcsmbs/wcstod_nan.c | 23 +++++++++
+ wcsmbs/wcstof_l.c | 3 --
+ wcsmbs/wcstof_nan.c | 23 +++++++++
+ wcsmbs/wcstold_l.c | 3 --
+ wcsmbs/wcstold_nan.c | 30 +++++++++++
+ 28 files changed, 504 insertions(+), 95 deletions(-)
+ create mode 100644 stdlib/strtod_nan.c
+ create mode 100644 stdlib/strtod_nan_double.h
+ create mode 100644 stdlib/strtod_nan_float.h
+ create mode 100644 stdlib/strtod_nan_main.c
+ create mode 100644 stdlib/strtod_nan_narrow.h
+ create mode 100644 stdlib/strtod_nan_wide.h
+ create mode 100644 stdlib/strtof_nan.c
+ create mode 100644 stdlib/strtold_nan.c
+ create mode 100644 sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
+ create mode 100644 sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
+ create mode 100644 sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
+ create mode 100644 wcsmbs/wcstod_nan.c
+ create mode 100644 wcsmbs/wcstof_nan.c
+ create mode 100644 wcsmbs/wcstold_nan.c
+
+Index: git/include/stdlib.h
+===================================================================
+--- git.orig/include/stdlib.h
++++ git/include/stdlib.h
+@@ -203,6 +203,24 @@ libc_hidden_proto (strtoll)
+ libc_hidden_proto (strtoul)
+ libc_hidden_proto (strtoull)
+
++extern float __strtof_nan (const char *, char **, char) internal_function;
++extern double __strtod_nan (const char *, char **, char) internal_function;
++extern long double __strtold_nan (const char *, char **, char)
++ internal_function;
++extern float __wcstof_nan (const wchar_t *, wchar_t **, wchar_t)
++ internal_function;
++extern double __wcstod_nan (const wchar_t *, wchar_t **, wchar_t)
++ internal_function;
++extern long double __wcstold_nan (const wchar_t *, wchar_t **, wchar_t)
++ internal_function;
++
++libc_hidden_proto (__strtof_nan)
++libc_hidden_proto (__strtod_nan)
++libc_hidden_proto (__strtold_nan)
++libc_hidden_proto (__wcstof_nan)
++libc_hidden_proto (__wcstod_nan)
++libc_hidden_proto (__wcstold_nan)
++
+ extern char *__ecvt (double __value, int __ndigit, int *__restrict __decpt,
+ int *__restrict __sign);
+ extern char *__fcvt (double __value, int __ndigit, int *__restrict __decpt,
+Index: git/include/wchar.h
+===================================================================
+--- git.orig/include/wchar.h
++++ git/include/wchar.h
+@@ -52,6 +52,9 @@ extern unsigned long long int __wcstoull
+ __restrict __endptr,
+ int __base,
+ int __group) __THROW;
++extern unsigned long long int ____wcstoull_l_internal (const wchar_t *,
++ wchar_t **, int, int,
++ __locale_t);
+ libc_hidden_proto (__wcstof_internal)
+ libc_hidden_proto (__wcstod_internal)
+ libc_hidden_proto (__wcstold_internal)
+Index: git/stdlib/Makefile
+===================================================================
+--- git.orig/stdlib/Makefile
++++ git/stdlib/Makefile
+@@ -51,6 +51,7 @@ routines-y := \
+ strtol_l strtoul_l strtoll_l strtoull_l \
+ strtof strtod strtold \
+ strtof_l strtod_l strtold_l \
++ strtof_nan strtod_nan strtold_nan \
+ system canonicalize \
+ a64l l64a \
+ getsubopt xpg_basename \
+Index: git/stdlib/strtod_l.c
+===================================================================
+--- git.orig/stdlib/strtod_l.c
++++ git/stdlib/strtod_l.c
+@@ -21,8 +21,6 @@
+ #include <xlocale.h>
+
+ extern double ____strtod_l_internal (const char *, char **, int, __locale_t);
+-extern unsigned long long int ____strtoull_l_internal (const char *, char **,
+- int, int, __locale_t);
+
+ /* Configuration part. These macros are defined by `strtold.c',
+ `strtof.c', `wcstod.c', `wcstold.c', and `wcstof.c' to produce the
+@@ -34,27 +32,20 @@ extern unsigned long long int ____strtou
+ # ifdef USE_WIDE_CHAR
+ # define STRTOF wcstod_l
+ # define __STRTOF __wcstod_l
++# define STRTOF_NAN __wcstod_nan
+ # else
+ # define STRTOF strtod_l
+ # define __STRTOF __strtod_l
++# define STRTOF_NAN __strtod_nan
+ # endif
+ # define MPN2FLOAT __mpn_construct_double
+ # define FLOAT_HUGE_VAL HUGE_VAL
+-# define SET_MANTISSA(flt, mant) \
+- do { union ieee754_double u; \
+- u.d = (flt); \
+- u.ieee_nan.mantissa0 = (mant) >> 32; \
+- u.ieee_nan.mantissa1 = (mant); \
+- if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
+- (flt) = u.d; \
+- } while (0)
+ #endif
+ /* End of configuration part. */
+ \f
+ #include <ctype.h>
+ #include <errno.h>
+ #include <float.h>
+-#include <ieee754.h>
+ #include "../locale/localeinfo.h"
+ #include <locale.h>
+ #include <math.h>
+@@ -105,7 +96,6 @@ extern unsigned long long int ____strtou
+ # define TOLOWER_C(Ch) __towlower_l ((Ch), _nl_C_locobj_ptr)
+ # define STRNCASECMP(S1, S2, N) \
+ __wcsncasecmp_l ((S1), (S2), (N), _nl_C_locobj_ptr)
+-# define STRTOULL(S, E, B) ____wcstoull_l_internal ((S), (E), (B), 0, loc)
+ #else
+ # define STRING_TYPE char
+ # define CHAR_TYPE char
+@@ -117,7 +107,6 @@ extern unsigned long long int ____strtou
+ # define TOLOWER_C(Ch) __tolower_l ((Ch), _nl_C_locobj_ptr)
+ # define STRNCASECMP(S1, S2, N) \
+ __strncasecmp_l ((S1), (S2), (N), _nl_C_locobj_ptr)
+-# define STRTOULL(S, E, B) ____strtoull_l_internal ((S), (E), (B), 0, loc)
+ #endif
+
+
+@@ -668,33 +657,14 @@ ____STRTOF_INTERNAL (nptr, endptr, group
+ if (*cp == L_('('))
+ {
+ const STRING_TYPE *startp = cp;
+- do
+- ++cp;
+- while ((*cp >= L_('0') && *cp <= L_('9'))
+- || ({ CHAR_TYPE lo = TOLOWER (*cp);
+- lo >= L_('a') && lo <= L_('z'); })
+- || *cp == L_('_'));
+-
+- if (*cp != L_(')'))
+- /* The closing brace is missing. Only match the NAN
+- part. */
+- cp = startp;
++ STRING_TYPE *endp;
++ retval = STRTOF_NAN (cp + 1, &endp, L_(')'));
++ if (*endp == L_(')'))
++ /* Consume the closing parenthesis. */
++ cp = endp + 1;
+ else
+- {
+- /* This is a system-dependent way to specify the
+- bitmask used for the NaN. We expect it to be
+- a number which is put in the mantissa of the
+- number. */
+- STRING_TYPE *endp;
+- unsigned long long int mant;
+-
+- mant = STRTOULL (startp + 1, &endp, 0);
+- if (endp == cp)
+- SET_MANTISSA (retval, mant);
+-
+- /* Consume the closing brace. */
+- ++cp;
+- }
++ /* Only match the NAN part. */
++ cp = startp;
+ }
+
+ if (endptr != NULL)
+Index: git/stdlib/strtod_nan.c
+===================================================================
+--- /dev/null
++++ git/stdlib/strtod_nan.c
+@@ -0,0 +1,24 @@
++/* Convert string for NaN payload to corresponding NaN. Narrow
++ strings, double.
++ Copyright (C) 2015 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <strtod_nan_narrow.h>
++#include <strtod_nan_double.h>
++
++#define STRTOD_NAN __strtod_nan
++#include <strtod_nan_main.c>
+Index: git/stdlib/strtod_nan_double.h
+===================================================================
+--- /dev/null
++++ git/stdlib/strtod_nan_double.h
+@@ -0,0 +1,30 @@
++/* Convert string for NaN payload to corresponding NaN. For double.
++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#define FLOAT double
++#define SET_MANTISSA(flt, mant) \
++ do \
++ { \
++ union ieee754_double u; \
++ u.d = (flt); \
++ u.ieee_nan.mantissa0 = (mant) >> 32; \
++ u.ieee_nan.mantissa1 = (mant); \
++ if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
++ (flt) = u.d; \
++ } \
++ while (0)
+Index: git/stdlib/strtod_nan_float.h
+===================================================================
+--- /dev/null
++++ git/stdlib/strtod_nan_float.h
+@@ -0,0 +1,29 @@
++/* Convert string for NaN payload to corresponding NaN. For float.
++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#define FLOAT float
++#define SET_MANTISSA(flt, mant) \
++ do \
++ { \
++ union ieee754_float u; \
++ u.f = (flt); \
++ u.ieee_nan.mantissa = (mant); \
++ if (u.ieee.mantissa != 0) \
++ (flt) = u.f; \
++ } \
++ while (0)
+Index: git/stdlib/strtod_nan_main.c
+===================================================================
+--- /dev/null
++++ git/stdlib/strtod_nan_main.c
+@@ -0,0 +1,63 @@
++/* Convert string for NaN payload to corresponding NaN.
++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <ieee754.h>
++#include <locale.h>
++#include <math.h>
++#include <stdlib.h>
++#include <wchar.h>
++
++
++/* If STR starts with an optional n-char-sequence as defined by ISO C
++ (a sequence of ASCII letters, digits and underscores), followed by
++ ENDC, return a NaN whose payload is set based on STR. Otherwise,
++ return a default NAN. If ENDPTR is not NULL, set *ENDPTR to point
++ to the character after the initial n-char-sequence. */
++
++internal_function
++FLOAT
++STRTOD_NAN (const STRING_TYPE *str, STRING_TYPE **endptr, STRING_TYPE endc)
++{
++ const STRING_TYPE *cp = str;
++
++ while ((*cp >= L_('0') && *cp <= L_('9'))
++ || (*cp >= L_('A') && *cp <= L_('Z'))
++ || (*cp >= L_('a') && *cp <= L_('z'))
++ || *cp == L_('_'))
++ ++cp;
++
++ FLOAT retval = NAN;
++ if (*cp != endc)
++ goto out;
++
++ /* This is a system-dependent way to specify the bitmask used for
++ the NaN. We expect it to be a number which is put in the
++ mantissa of the number. */
++ STRING_TYPE *endp;
++ unsigned long long int mant;
++
++ mant = STRTOULL (str, &endp, 0);
++ if (endp == cp)
++ SET_MANTISSA (retval, mant);
++
++ out:
++ if (endptr != NULL)
++ *endptr = (STRING_TYPE *) cp;
++ return retval;
++}
++libc_hidden_def (STRTOD_NAN)
+Index: git/stdlib/strtod_nan_narrow.h
+===================================================================
+--- /dev/null
++++ git/stdlib/strtod_nan_narrow.h
+@@ -0,0 +1,22 @@
++/* Convert string for NaN payload to corresponding NaN. Narrow strings.
++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#define STRING_TYPE char
++#define L_(Ch) Ch
++#define STRTOULL(S, E, B) ____strtoull_l_internal ((S), (E), (B), 0, \
++ _nl_C_locobj_ptr)
+Index: git/stdlib/strtod_nan_wide.h
+===================================================================
+--- /dev/null
++++ git/stdlib/strtod_nan_wide.h
+@@ -0,0 +1,22 @@
++/* Convert string for NaN payload to corresponding NaN. Wide strings.
++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#define STRING_TYPE wchar_t
++#define L_(Ch) L##Ch
++#define STRTOULL(S, E, B) ____wcstoull_l_internal ((S), (E), (B), 0, \
++ _nl_C_locobj_ptr)
+Index: git/stdlib/strtof_l.c
+===================================================================
+--- git.orig/stdlib/strtof_l.c
++++ git/stdlib/strtof_l.c
+@@ -20,26 +20,19 @@
+ #include <xlocale.h>
+
+ extern float ____strtof_l_internal (const char *, char **, int, __locale_t);
+-extern unsigned long long int ____strtoull_l_internal (const char *, char **,
+- int, int, __locale_t);
+
+ #define FLOAT float
+ #define FLT FLT
+ #ifdef USE_WIDE_CHAR
+ # define STRTOF wcstof_l
+ # define __STRTOF __wcstof_l
++# define STRTOF_NAN __wcstof_nan
+ #else
+ # define STRTOF strtof_l
+ # define __STRTOF __strtof_l
++# define STRTOF_NAN __strtof_nan
+ #endif
+ #define MPN2FLOAT __mpn_construct_float
+ #define FLOAT_HUGE_VAL HUGE_VALF
+-#define SET_MANTISSA(flt, mant) \
+- do { union ieee754_float u; \
+- u.f = (flt); \
+- u.ieee_nan.mantissa = (mant); \
+- if (u.ieee.mantissa != 0) \
+- (flt) = u.f; \
+- } while (0)
+
+ #include "strtod_l.c"
+Index: git/stdlib/strtof_nan.c
+===================================================================
+--- /dev/null
++++ git/stdlib/strtof_nan.c
+@@ -0,0 +1,24 @@
++/* Convert string for NaN payload to corresponding NaN. Narrow
++ strings, float.
++ Copyright (C) 2015 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <strtod_nan_narrow.h>
++#include <strtod_nan_float.h>
++
++#define STRTOD_NAN __strtof_nan
++#include <strtod_nan_main.c>
+Index: git/stdlib/strtold_nan.c
+===================================================================
+--- /dev/null
++++ git/stdlib/strtold_nan.c
+@@ -0,0 +1,30 @@
++/* Convert string for NaN payload to corresponding NaN. Narrow
++ strings, long double.
++ Copyright (C) 2015 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <math.h>
++
++/* This function is unused if long double and double have the same
++ representation. */
++#ifndef __NO_LONG_DOUBLE_MATH
++# include <strtod_nan_narrow.h>
++# include <strtod_nan_ldouble.h>
++
++# define STRTOD_NAN __strtold_nan
++# include <strtod_nan_main.c>
++#endif
+Index: git/sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
+===================================================================
+--- /dev/null
++++ git/sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
+@@ -0,0 +1,33 @@
++/* Convert string for NaN payload to corresponding NaN. For ldbl-128.
++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#define FLOAT long double
++#define SET_MANTISSA(flt, mant) \
++ do \
++ { \
++ union ieee854_long_double u; \
++ u.d = (flt); \
++ u.ieee_nan.mantissa0 = 0; \
++ u.ieee_nan.mantissa1 = 0; \
++ u.ieee_nan.mantissa2 = (mant) >> 32; \
++ u.ieee_nan.mantissa3 = (mant); \
++ if ((u.ieee.mantissa0 | u.ieee.mantissa1 \
++ | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \
++ (flt) = u.d; \
++ } \
++ while (0)
+Index: git/sysdeps/ieee754/ldbl-128/strtold_l.c
+===================================================================
+--- git.orig/sysdeps/ieee754/ldbl-128/strtold_l.c
++++ git/sysdeps/ieee754/ldbl-128/strtold_l.c
+@@ -25,22 +25,13 @@
+ #ifdef USE_WIDE_CHAR
+ # define STRTOF wcstold_l
+ # define __STRTOF __wcstold_l
++# define STRTOF_NAN __wcstold_nan
+ #else
+ # define STRTOF strtold_l
+ # define __STRTOF __strtold_l
++# define STRTOF_NAN __strtold_nan
+ #endif
+ #define MPN2FLOAT __mpn_construct_long_double
+ #define FLOAT_HUGE_VAL HUGE_VALL
+-#define SET_MANTISSA(flt, mant) \
+- do { union ieee854_long_double u; \
+- u.d = (flt); \
+- u.ieee_nan.mantissa0 = 0; \
+- u.ieee_nan.mantissa1 = 0; \
+- u.ieee_nan.mantissa2 = (mant) >> 32; \
+- u.ieee_nan.mantissa3 = (mant); \
+- if ((u.ieee.mantissa0 | u.ieee.mantissa1 \
+- | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \
+- (flt) = u.d; \
+- } while (0)
+
+ #include <strtod_l.c>
+Index: git/sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
+===================================================================
+--- /dev/null
++++ git/sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
+@@ -0,0 +1,30 @@
++/* Convert string for NaN payload to corresponding NaN. For ldbl-128ibm.
++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#define FLOAT long double
++#define SET_MANTISSA(flt, mant) \
++ do \
++ { \
++ union ibm_extended_long_double u; \
++ u.ld = (flt); \
++ u.d[0].ieee_nan.mantissa0 = (mant) >> 32; \
++ u.d[0].ieee_nan.mantissa1 = (mant); \
++ if ((u.d[0].ieee.mantissa0 | u.d[0].ieee.mantissa1) != 0) \
++ (flt) = u.ld; \
++ } \
++ while (0)
+Index: git/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
+===================================================================
+--- git.orig/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
++++ git/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
+@@ -30,25 +30,19 @@ extern long double ____new_wcstold_l (co
+ # define STRTOF __new_wcstold_l
+ # define __STRTOF ____new_wcstold_l
+ # define ____STRTOF_INTERNAL ____wcstold_l_internal
++# define STRTOF_NAN __wcstold_nan
+ #else
+ extern long double ____new_strtold_l (const char *, char **, __locale_t);
+ # define STRTOF __new_strtold_l
+ # define __STRTOF ____new_strtold_l
+ # define ____STRTOF_INTERNAL ____strtold_l_internal
++# define STRTOF_NAN __strtold_nan
+ #endif
+ extern __typeof (__STRTOF) STRTOF;
+ libc_hidden_proto (__STRTOF)
+ libc_hidden_proto (STRTOF)
+ #define MPN2FLOAT __mpn_construct_long_double
+ #define FLOAT_HUGE_VAL HUGE_VALL
+-# define SET_MANTISSA(flt, mant) \
+- do { union ibm_extended_long_double u; \
+- u.ld = (flt); \
+- u.d[0].ieee_nan.mantissa0 = (mant) >> 32; \
+- u.d[0].ieee_nan.mantissa1 = (mant); \
+- if ((u.d[0].ieee.mantissa0 | u.d[0].ieee.mantissa1) != 0) \
+- (flt) = u.ld; \
+- } while (0)
+
+ #include <strtod_l.c>
+
+Index: git/sysdeps/ieee754/ldbl-64-128/strtold_l.c
+===================================================================
+--- git.orig/sysdeps/ieee754/ldbl-64-128/strtold_l.c
++++ git/sysdeps/ieee754/ldbl-64-128/strtold_l.c
+@@ -30,28 +30,19 @@ extern long double ____new_wcstold_l (co
+ # define STRTOF __new_wcstold_l
+ # define __STRTOF ____new_wcstold_l
+ # define ____STRTOF_INTERNAL ____wcstold_l_internal
++# define STRTOF_NAN __wcstold_nan
+ #else
+ extern long double ____new_strtold_l (const char *, char **, __locale_t);
+ # define STRTOF __new_strtold_l
+ # define __STRTOF ____new_strtold_l
+ # define ____STRTOF_INTERNAL ____strtold_l_internal
++# define STRTOF_NAN __strtold_nan
+ #endif
+ extern __typeof (__STRTOF) STRTOF;
+ libc_hidden_proto (__STRTOF)
+ libc_hidden_proto (STRTOF)
+ #define MPN2FLOAT __mpn_construct_long_double
+ #define FLOAT_HUGE_VAL HUGE_VALL
+-#define SET_MANTISSA(flt, mant) \
+- do { union ieee854_long_double u; \
+- u.d = (flt); \
+- u.ieee_nan.mantissa0 = 0; \
+- u.ieee_nan.mantissa1 = 0; \
+- u.ieee_nan.mantissa2 = (mant) >> 32; \
+- u.ieee_nan.mantissa3 = (mant); \
+- if ((u.ieee.mantissa0 | u.ieee.mantissa1 \
+- | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \
+- (flt) = u.d; \
+- } while (0)
+
+ #include <strtod_l.c>
+
+Index: git/sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
+===================================================================
+--- /dev/null
++++ git/sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
+@@ -0,0 +1,30 @@
++/* Convert string for NaN payload to corresponding NaN. For ldbl-96.
++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#define FLOAT long double
++#define SET_MANTISSA(flt, mant) \
++ do \
++ { \
++ union ieee854_long_double u; \
++ u.d = (flt); \
++ u.ieee_nan.mantissa0 = (mant) >> 32; \
++ u.ieee_nan.mantissa1 = (mant); \
++ if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
++ (flt) = u.d; \
++ } \
++ while (0)
+Index: git/sysdeps/ieee754/ldbl-96/strtold_l.c
+===================================================================
+--- git.orig/sysdeps/ieee754/ldbl-96/strtold_l.c
++++ git/sysdeps/ieee754/ldbl-96/strtold_l.c
+@@ -25,19 +25,13 @@
+ #ifdef USE_WIDE_CHAR
+ # define STRTOF wcstold_l
+ # define __STRTOF __wcstold_l
++# define STRTOF_NAN __wcstold_nan
+ #else
+ # define STRTOF strtold_l
+ # define __STRTOF __strtold_l
++# define STRTOF_NAN __strtold_nan
+ #endif
+ #define MPN2FLOAT __mpn_construct_long_double
+ #define FLOAT_HUGE_VAL HUGE_VALL
+-#define SET_MANTISSA(flt, mant) \
+- do { union ieee854_long_double u; \
+- u.d = (flt); \
+- u.ieee_nan.mantissa0 = (mant) >> 32; \
+- u.ieee_nan.mantissa1 = (mant); \
+- if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
+- (flt) = u.d; \
+- } while (0)
+
+ #include <stdlib/strtod_l.c>
+Index: git/wcsmbs/Makefile
+===================================================================
+--- git.orig/wcsmbs/Makefile
++++ git/wcsmbs/Makefile
+@@ -39,6 +39,7 @@ routines-$(OPTION_POSIX_C_LANG_WIDE_CHAR
+ wcstol wcstoul wcstoll wcstoull wcstod wcstold wcstof \
+ wcstol_l wcstoul_l wcstoll_l wcstoull_l \
+ wcstod_l wcstold_l wcstof_l \
++ wcstod_nan wcstold_nan wcstof_nan \
+ wcscoll wcsxfrm \
+ wcwidth wcswidth \
+ wcscoll_l wcsxfrm_l \
+Index: git/wcsmbs/wcstod_l.c
+===================================================================
+--- git.orig/wcsmbs/wcstod_l.c
++++ git/wcsmbs/wcstod_l.c
+@@ -23,9 +23,6 @@
+
+ extern double ____wcstod_l_internal (const wchar_t *, wchar_t **, int,
+ __locale_t);
+-extern unsigned long long int ____wcstoull_l_internal (const wchar_t *,
+- wchar_t **, int, int,
+- __locale_t);
+
+ #define USE_WIDE_CHAR 1
+
+Index: git/wcsmbs/wcstod_nan.c
+===================================================================
+--- /dev/null
++++ git/wcsmbs/wcstod_nan.c
+@@ -0,0 +1,23 @@
++/* Convert string for NaN payload to corresponding NaN. Wide strings, double.
++ Copyright (C) 2015 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include "../stdlib/strtod_nan_wide.h"
++#include "../stdlib/strtod_nan_double.h"
++
++#define STRTOD_NAN __wcstod_nan
++#include "../stdlib/strtod_nan_main.c"
+Index: git/wcsmbs/wcstof_l.c
+===================================================================
+--- git.orig/wcsmbs/wcstof_l.c
++++ git/wcsmbs/wcstof_l.c
+@@ -25,8 +25,5 @@
+
+ extern float ____wcstof_l_internal (const wchar_t *, wchar_t **, int,
+ __locale_t);
+-extern unsigned long long int ____wcstoull_l_internal (const wchar_t *,
+- wchar_t **, int, int,
+- __locale_t);
+
+ #include <stdlib/strtof_l.c>
+Index: git/wcsmbs/wcstof_nan.c
+===================================================================
+--- /dev/null
++++ git/wcsmbs/wcstof_nan.c
+@@ -0,0 +1,23 @@
++/* Convert string for NaN payload to corresponding NaN. Wide strings, float.
++ Copyright (C) 2015 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include "../stdlib/strtod_nan_wide.h"
++#include "../stdlib/strtod_nan_float.h"
++
++#define STRTOD_NAN __wcstof_nan
++#include "../stdlib/strtod_nan_main.c"
+Index: git/wcsmbs/wcstold_l.c
+===================================================================
+--- git.orig/wcsmbs/wcstold_l.c
++++ git/wcsmbs/wcstold_l.c
+@@ -24,8 +24,5 @@
+
+ extern long double ____wcstold_l_internal (const wchar_t *, wchar_t **, int,
+ __locale_t);
+-extern unsigned long long int ____wcstoull_l_internal (const wchar_t *,
+- wchar_t **, int, int,
+- __locale_t);
+
+ #include <strtold_l.c>
+Index: git/wcsmbs/wcstold_nan.c
+===================================================================
+--- /dev/null
++++ git/wcsmbs/wcstold_nan.c
+@@ -0,0 +1,30 @@
++/* Convert string for NaN payload to corresponding NaN. Wide strings,
++ long double.
++ Copyright (C) 2015 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <math.h>
++
++/* This function is unused if long double and double have the same
++ representation. */
++#ifndef __NO_LONG_DOUBLE_MATH
++# include "../stdlib/strtod_nan_wide.h"
++# include <strtod_nan_ldouble.h>
++
++# define STRTOD_NAN __wcstold_nan
++# include "../stdlib/strtod_nan_main.c"
++#endif
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
++++ git/ChangeLog
+@@ -1,3 +1,57 @@
++2015-11-24 Joseph Myers <joseph@codesourcery.com>
++
++ * stdlib/strtod_nan.c: New file.
++ * stdlib/strtod_nan_double.h: Likewise.
++ * stdlib/strtod_nan_float.h: Likewise.
++ * stdlib/strtod_nan_main.c: Likewise.
++ * stdlib/strtod_nan_narrow.h: Likewise.
++ * stdlib/strtod_nan_wide.h: Likewise.
++ * stdlib/strtof_nan.c: Likewise.
++ * stdlib/strtold_nan.c: Likewise.
++ * sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h: Likewise.
++ * sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h: Likewise.
++ * sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h: Likewise.
++ * wcsmbs/wcstod_nan.c: Likewise.
++ * wcsmbs/wcstof_nan.c: Likewise.
++ * wcsmbs/wcstold_nan.c: Likewise.
++ * stdlib/Makefile (routines): Add strtof_nan, strtod_nan and
++ strtold_nan.
++ * wcsmbs/Makefile (routines): Add wcstod_nan, wcstold_nan and
++ wcstof_nan.
++ * include/stdlib.h (__strtof_nan): Declare and use
++ libc_hidden_proto.
++ (__strtod_nan): Likewise.
++ (__strtold_nan): Likewise.
++ (__wcstof_nan): Likewise.
++ (__wcstod_nan): Likewise.
++ (__wcstold_nan): Likewise.
++ * include/wchar.h (____wcstoull_l_internal): Declare.
++ * stdlib/strtod_l.c: Do not include <ieee754.h>.
++ (____strtoull_l_internal): Remove declaration.
++ (STRTOF_NAN): Define macro.
++ (SET_MANTISSA): Remove macro.
++ (STRTOULL): Likewise.
++ (____STRTOF_INTERNAL): Use STRTOF_NAN to parse NaN payload.
++ * stdlib/strtof_l.c (____strtoull_l_internal): Remove declaration.
++ (STRTOF_NAN): Define macro.
++ (SET_MANTISSA): Remove macro.
++ * sysdeps/ieee754/ldbl-128/strtold_l.c (STRTOF_NAN): Define macro.
++ (SET_MANTISSA): Remove macro.
++ * sysdeps/ieee754/ldbl-128ibm/strtold_l.c (STRTOF_NAN): Define
++ macro.
++ (SET_MANTISSA): Remove macro.
++ * sysdeps/ieee754/ldbl-64-128/strtold_l.c (STRTOF_NAN): Define
++ macro.
++ (SET_MANTISSA): Remove macro.
++ * sysdeps/ieee754/ldbl-96/strtold_l.c (STRTOF_NAN): Define macro.
++ (SET_MANTISSA): Remove macro.
++ * wcsmbs/wcstod_l.c (____wcstoull_l_internal): Remove declaration.
++ * wcsmbs/wcstof_l.c (____wcstoull_l_internal): Likewise.
++ * wcsmbs/wcstold_l.c (____wcstoull_l_internal): Likewise.
++
++ [BZ #19266]
++ * stdlib/strtod_l.c (____STRTOF_INTERNAL): Check directly for
++ upper case and lower case letters inside NAN(), not using TOLOWER.
+ 2015-08-08 Paul Pluzhnikov <ppluzhnikov@google.com>
+
+ [BZ #17905]
diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch b/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
new file mode 100644
index 0000000..0df5e50
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
@@ -0,0 +1,388 @@
+From 8f5e8b01a1da2a207228f2072c934fa5918554b8 Mon Sep 17 00:00:00 2001
+From: Joseph Myers <joseph@codesourcery.com>
+Date: Fri, 4 Dec 2015 20:36:28 +0000
+Subject: [PATCH] Fix nan functions handling of payload strings (bug 16961, bug
+ 16962).
+
+The nan, nanf and nanl functions handle payload strings by doing e.g.:
+
+ if (tagp[0] != '\0')
+ {
+ char buf[6 + strlen (tagp)];
+ sprintf (buf, "NAN(%s)", tagp);
+ return strtod (buf, NULL);
+ }
+
+This is an unbounded stack allocation based on the length of the
+argument. Furthermore, if the argument starts with an n-char-sequence
+followed by ')', that n-char-sequence is wrongly treated as
+significant for determining the payload of the resulting NaN, when ISO
+C says the call should be equivalent to strtod ("NAN", NULL), without
+being affected by that initial n-char-sequence. This patch fixes both
+those problems by using the __strtod_nan etc. functions recently
+factored out of strtod etc. for that purpose, with those functions
+being exported from libc at version GLIBC_PRIVATE.
+
+Tested for x86_64, x86, mips64 and powerpc.
+
+ [BZ #16961]
+ [BZ #16962]
+ * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
+ string on the stack for strtod.
+ * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
+ a string on the stack for strtof.
+ * math/s_nanl.c (__nanl): Use __strtold_nan instead of
+ constructing a string on the stack for strtold.
+ * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
+ __strtold_nan to GLIBC_PRIVATE.
+ * math/test-nan-overflow.c: New file.
+ * math/test-nan-payload.c: Likewise.
+ * math/Makefile (tests): Add test-nan-overflow and
+ test-nan-payload.
+
+Upstream-Status: Backport
+CVE: CVE-2015-9761 patch #2
+[Yocto # 8980]
+
+https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f5e8b01a1da2a207228f2072c934fa5918554b8
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ ChangeLog | 17 +++++++
+ NEWS | 6 +++
+ math/Makefile | 3 +-
+ math/s_nan.c | 9 +---
+ math/s_nanf.c | 9 +---
+ math/s_nanl.c | 9 +---
+ math/test-nan-overflow.c | 66 +++++++++++++++++++++++++
+ math/test-nan-payload.c | 122 +++++++++++++++++++++++++++++++++++++++++++++++
+ stdlib/Versions | 1 +
+ 9 files changed, 217 insertions(+), 25 deletions(-)
+ create mode 100644 math/test-nan-overflow.c
+ create mode 100644 math/test-nan-payload.c
+
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
++++ git/ChangeLog
+@@ -1,3 +1,20 @@
++2015-12-04 Joseph Myers <joseph@codesourcery.com>
++
++ [BZ #16961]
++ [BZ #16962]
++ * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
++ string on the stack for strtod.
++ * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
++ a string on the stack for strtof.
++ * math/s_nanl.c (__nanl): Use __strtold_nan instead of
++ constructing a string on the stack for strtold.
++ * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
++ __strtold_nan to GLIBC_PRIVATE.
++ * math/test-nan-overflow.c: New file.
++ * math/test-nan-payload.c: Likewise.
++ * math/Makefile (tests): Add test-nan-overflow and
++ test-nan-payload.
++
+ 2015-11-24 Joseph Myers <joseph@codesourcery.com>
+
+ * stdlib/strtod_nan.c: New file.
+Index: git/NEWS
+===================================================================
+--- git.orig/NEWS
++++ git/NEWS
+@@ -7,6 +7,12 @@ using `glibc' in the "product" field.
+ \f
+ Version 2.21
+
++Security related changes:
++
++* The nan, nanf and nanl functions no longer have unbounded stack usage
++ depending on the length of the string passed as an argument to the
++ functions. Reported by Joseph Myers.
++
+ * The following bugs are resolved with this release:
+
+ 6652, 10672, 12674, 12847, 12926, 13862, 14132, 14138, 14171, 14498,
+Index: git/math/s_nan.c
+===================================================================
+--- git.orig/math/s_nan.c
++++ git/math/s_nan.c
+@@ -28,14 +28,7 @@
+ double
+ __nan (const char *tagp)
+ {
+- if (tagp[0] != '\0')
+- {
+- char buf[6 + strlen (tagp)];
+- sprintf (buf, "NAN(%s)", tagp);
+- return strtod (buf, NULL);
+- }
+-
+- return NAN;
++ return __strtod_nan (tagp, NULL, 0);
+ }
+ weak_alias (__nan, nan)
+ #ifdef NO_LONG_DOUBLE
+Index: git/math/s_nanf.c
+===================================================================
+--- git.orig/math/s_nanf.c
++++ git/math/s_nanf.c
+@@ -28,13 +28,6 @@
+ float
+ __nanf (const char *tagp)
+ {
+- if (tagp[0] != '\0')
+- {
+- char buf[6 + strlen (tagp)];
+- sprintf (buf, "NAN(%s)", tagp);
+- return strtof (buf, NULL);
+- }
+-
+- return NAN;
++ return __strtof_nan (tagp, NULL, 0);
+ }
+ weak_alias (__nanf, nanf)
+Index: git/math/s_nanl.c
+===================================================================
+--- git.orig/math/s_nanl.c
++++ git/math/s_nanl.c
+@@ -28,13 +28,6 @@
+ long double
+ __nanl (const char *tagp)
+ {
+- if (tagp[0] != '\0')
+- {
+- char buf[6 + strlen (tagp)];
+- sprintf (buf, "NAN(%s)", tagp);
+- return strtold (buf, NULL);
+- }
+-
+- return NAN;
++ return __strtold_nan (tagp, NULL, 0);
+ }
+ weak_alias (__nanl, nanl)
+Index: git/math/test-nan-overflow.c
+===================================================================
+--- /dev/null
++++ git/math/test-nan-overflow.c
+@@ -0,0 +1,66 @@
++/* Test nan functions stack overflow (bug 16962).
++ Copyright (C) 2015 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <math.h>
++#include <stdio.h>
++#include <string.h>
++#include <sys/resource.h>
++
++#define STACK_LIM 1048576
++#define STRING_SIZE (2 * STACK_LIM)
++
++static int
++do_test (void)
++{
++ int result = 0;
++ struct rlimit lim;
++ getrlimit (RLIMIT_STACK, &lim);
++ lim.rlim_cur = STACK_LIM;
++ setrlimit (RLIMIT_STACK, &lim);
++ char *nanstr = malloc (STRING_SIZE);
++ if (nanstr == NULL)
++ {
++ puts ("malloc failed, cannot test");
++ return 77;
++ }
++ memset (nanstr, '0', STRING_SIZE - 1);
++ nanstr[STRING_SIZE - 1] = 0;
++#define NAN_TEST(TYPE, FUNC) \
++ do \
++ { \
++ char *volatile p = nanstr; \
++ volatile TYPE v = FUNC (p); \
++ if (isnan (v)) \
++ puts ("PASS: " #FUNC); \
++ else \
++ { \
++ puts ("FAIL: " #FUNC); \
++ result = 1; \
++ } \
++ } \
++ while (0)
++ NAN_TEST (float, nanf);
++ NAN_TEST (double, nan);
++#ifndef NO_LONG_DOUBLE
++ NAN_TEST (long double, nanl);
++#endif
++ return result;
++}
++
++#define TEST_FUNCTION do_test ()
++#include "../test-skeleton.c"
+Index: git/math/test-nan-payload.c
+===================================================================
+--- /dev/null
++++ git/math/test-nan-payload.c
+@@ -0,0 +1,122 @@
++/* Test nan functions payload handling (bug 16961).
++ Copyright (C) 2015 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <float.h>
++#include <math.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++
++/* Avoid built-in functions. */
++#define WRAP_NAN(FUNC, STR) \
++ ({ const char *volatile wns = (STR); FUNC (wns); })
++#define WRAP_STRTO(FUNC, STR) \
++ ({ const char *volatile wss = (STR); FUNC (wss, NULL); })
++
++#define CHECK_IS_NAN(TYPE, A) \
++ do \
++ { \
++ if (isnan (A)) \
++ puts ("PASS: " #TYPE " " #A); \
++ else \
++ { \
++ puts ("FAIL: " #TYPE " " #A); \
++ result = 1; \
++ } \
++ } \
++ while (0)
++
++#define CHECK_SAME_NAN(TYPE, A, B) \
++ do \
++ { \
++ if (memcmp (&(A), &(B), sizeof (A)) == 0) \
++ puts ("PASS: " #TYPE " " #A " = " #B); \
++ else \
++ { \
++ puts ("FAIL: " #TYPE " " #A " = " #B); \
++ result = 1; \
++ } \
++ } \
++ while (0)
++
++#define CHECK_DIFF_NAN(TYPE, A, B) \
++ do \
++ { \
++ if (memcmp (&(A), &(B), sizeof (A)) != 0) \
++ puts ("PASS: " #TYPE " " #A " != " #B); \
++ else \
++ { \
++ puts ("FAIL: " #TYPE " " #A " != " #B); \
++ result = 1; \
++ } \
++ } \
++ while (0)
++
++/* Cannot test payloads by memcmp for formats where NaNs have padding
++ bits. */
++#define CAN_TEST_EQ(MANT_DIG) ((MANT_DIG) != 64 && (MANT_DIG) != 106)
++
++#define RUN_TESTS(TYPE, SFUNC, FUNC, MANT_DIG) \
++ do \
++ { \
++ TYPE n123 = WRAP_NAN (FUNC, "123"); \
++ CHECK_IS_NAN (TYPE, n123); \
++ TYPE s123 = WRAP_STRTO (SFUNC, "NAN(123)"); \
++ CHECK_IS_NAN (TYPE, s123); \
++ TYPE n456 = WRAP_NAN (FUNC, "456"); \
++ CHECK_IS_NAN (TYPE, n456); \
++ TYPE s456 = WRAP_STRTO (SFUNC, "NAN(456)"); \
++ CHECK_IS_NAN (TYPE, s456); \
++ TYPE n123x = WRAP_NAN (FUNC, "123)"); \
++ CHECK_IS_NAN (TYPE, n123x); \
++ TYPE nemp = WRAP_NAN (FUNC, ""); \
++ CHECK_IS_NAN (TYPE, nemp); \
++ TYPE semp = WRAP_STRTO (SFUNC, "NAN()"); \
++ CHECK_IS_NAN (TYPE, semp); \
++ TYPE sx = WRAP_STRTO (SFUNC, "NAN"); \
++ CHECK_IS_NAN (TYPE, sx); \
++ if (CAN_TEST_EQ (MANT_DIG)) \
++ CHECK_SAME_NAN (TYPE, n123, s123); \
++ if (CAN_TEST_EQ (MANT_DIG)) \
++ CHECK_SAME_NAN (TYPE, n456, s456); \
++ if (CAN_TEST_EQ (MANT_DIG)) \
++ CHECK_SAME_NAN (TYPE, nemp, semp); \
++ if (CAN_TEST_EQ (MANT_DIG)) \
++ CHECK_SAME_NAN (TYPE, n123x, sx); \
++ CHECK_DIFF_NAN (TYPE, n123, n456); \
++ CHECK_DIFF_NAN (TYPE, n123, nemp); \
++ CHECK_DIFF_NAN (TYPE, n123, n123x); \
++ CHECK_DIFF_NAN (TYPE, n456, nemp); \
++ CHECK_DIFF_NAN (TYPE, n456, n123x); \
++ } \
++ while (0)
++
++static int
++do_test (void)
++{
++ int result = 0;
++ RUN_TESTS (float, strtof, nanf, FLT_MANT_DIG);
++ RUN_TESTS (double, strtod, nan, DBL_MANT_DIG);
++#ifndef NO_LONG_DOUBLE
++ RUN_TESTS (long double, strtold, nanl, LDBL_MANT_DIG);
++#endif
++ return result;
++}
++
++#define TEST_FUNCTION do_test ()
++#include "../test-skeleton.c"
+Index: git/stdlib/Versions
+===================================================================
+--- git.orig/stdlib/Versions
++++ git/stdlib/Versions
+@@ -118,5 +118,6 @@ libc {
+ # Used from other libraries
+ __libc_secure_getenv;
+ __call_tls_dtors;
++ __strtof_nan; __strtod_nan; __strtold_nan;
+ }
+ }
+Index: git/math/Makefile
+===================================================================
+--- git.orig/math/Makefile
++++ git/math/Makefile
+@@ -92,7 +92,9 @@ tests = test-matherr test-fenv atest-exp
+ test-misc test-fpucw test-fpucw-ieee tst-definitions test-tgmath \
+ test-tgmath-ret bug-nextafter bug-nexttoward bug-tgmath1 \
+ test-tgmath-int test-tgmath2 test-powl tst-CMPLX tst-CMPLX2 test-snan \
+- test-fenv-tls test-fenv-preserve test-fenv-return $(tests-static)
++ test-fenv-tls test-fenv-preserve test-fenv-return \
++ test-nan-overflow test-nan-payload \
++ $(tests-static)
+ tests-static = test-fpucw-static test-fpucw-ieee-static
+ # We do the `long double' tests only if this data type is available and
+ # distinct from `double'.
diff --git a/meta/recipes-core/glibc/glibc_2.20.bb b/meta/recipes-core/glibc/glibc_2.20.bb
index af568d9..d099d5d 100644
--- a/meta/recipes-core/glibc/glibc_2.20.bb
+++ b/meta/recipes-core/glibc/glibc_2.20.bb
@@ -50,6 +50,8 @@ CVEPATCHES = "\
file://CVE-2015-7547.patch \
file://CVE-2015-8777.patch \
file://CVE-2015-8779.patch \
+ file://CVE-2015-9761_1.patch \
+ file://CVE-2015-9761_2.patch \
"
LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
--
2.3.5
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [dizzy][PATCH 4/4] glibc: CVE-2015-8776
2016-02-28 18:53 [dizzy][PATCH 1/4] glibc: CVE-2015-8777 Armin Kuster
2016-02-28 18:53 ` [dizzy][PATCH 2/4] glibc: CVE-2015-8779 Armin Kuster
2016-02-28 18:53 ` [dizzy][PATCH 3/4] glibc: CVE-2015-9761 Armin Kuster
@ 2016-02-28 18:53 ` Armin Kuster
2 siblings, 0 replies; 9+ messages in thread
From: Armin Kuster @ 2016-02-28 18:53 UTC (permalink / raw)
To: akuster, openembedded-core
From: Armin Kuster <akuster@mvista.com>
it was found that out-of-range time values passed to the strftime function may
cause it to crash, leading to a denial of service, or potentially disclosure
information.
(From OE-Core rev: b9bc001ee834e4f8f756a2eaf2671aac3324b0ee)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-core/glibc/glibc/CVE-2015-8776.patch | 155 ++++++++++++++++++++++
meta/recipes-core/glibc/glibc_2.20.bb | 1 +
2 files changed, 156 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-8776.patch
diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-8776.patch b/meta/recipes-core/glibc/glibc/CVE-2015-8776.patch
new file mode 100644
index 0000000..684f344
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2015-8776.patch
@@ -0,0 +1,155 @@
+From d36c75fc0d44deec29635dd239b0fbd206ca49b7 Mon Sep 17 00:00:00 2001
+From: Paul Pluzhnikov <ppluzhnikov@google.com>
+Date: Sat, 26 Sep 2015 13:27:48 -0700
+Subject: [PATCH] Fix BZ #18985 -- out of range data to strftime() causes a
+ segfault
+
+Upstream-Status: Backport
+CVE: CVE-2015-8776
+[Yocto # 8980]
+
+https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d36c75fc0d44deec29635dd239b0fbd206ca49b7
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ ChangeLog | 8 ++++++++
+ NEWS | 2 +-
+ time/strftime_l.c | 20 +++++++++++++-------
+ time/tst-strftime.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++-
+ 4 files changed, 73 insertions(+), 9 deletions(-)
+
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
++++ git/ChangeLog
+@@ -1,3 +1,11 @@
++2015-09-26 Paul Pluzhnikov <ppluzhnikov@google.com>
++
++ [BZ #18985]
++ * time/strftime_l.c (a_wkday, f_wkday, a_month, f_month): Range check.
++ (__strftime_internal): Likewise.
++ * time/tst-strftime.c (do_bz18985): New test.
++ (do_test): Call it.
++
+ 2015-12-04 Joseph Myers <joseph@codesourcery.com>
+
+ [BZ #16961]
+Index: git/time/strftime_l.c
+===================================================================
+--- git.orig/time/strftime_l.c
++++ git/time/strftime_l.c
+@@ -514,13 +514,17 @@ __strftime_internal (s, maxsize, format,
+ only a few elements. Dereference the pointers only if the format
+ requires this. Then it is ok to fail if the pointers are invalid. */
+ # define a_wkday \
+- ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(ABDAY_1) + tp->tm_wday))
++ ((const CHAR_T *) (tp->tm_wday < 0 || tp->tm_wday > 6 \
++ ? "?" : _NL_CURRENT (LC_TIME, NLW(ABDAY_1) + tp->tm_wday)))
+ # define f_wkday \
+- ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(DAY_1) + tp->tm_wday))
++ ((const CHAR_T *) (tp->tm_wday < 0 || tp->tm_wday > 6 \
++ ? "?" : _NL_CURRENT (LC_TIME, NLW(DAY_1) + tp->tm_wday)))
+ # define a_month \
+- ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(ABMON_1) + tp->tm_mon))
++ ((const CHAR_T *) (tp->tm_mon < 0 || tp->tm_mon > 11 \
++ ? "?" : _NL_CURRENT (LC_TIME, NLW(ABMON_1) + tp->tm_mon)))
+ # define f_month \
+- ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(MON_1) + tp->tm_mon))
++ ((const CHAR_T *) (tp->tm_mon < 0 || tp->tm_mon > 11 \
++ ? "?" : _NL_CURRENT (LC_TIME, NLW(MON_1) + tp->tm_mon)))
+ # define ampm \
+ ((const CHAR_T *) _NL_CURRENT (LC_TIME, tp->tm_hour > 11 \
+ ? NLW(PM_STR) : NLW(AM_STR)))
+@@ -530,8 +534,10 @@ __strftime_internal (s, maxsize, format,
+ # define ap_len STRLEN (ampm)
+ #else
+ # if !HAVE_STRFTIME
+-# define f_wkday (weekday_name[tp->tm_wday])
+-# define f_month (month_name[tp->tm_mon])
++# define f_wkday (tp->tm_wday < 0 || tp->tm_wday > 6 \
++ ? "?" : weekday_name[tp->tm_wday])
++# define f_month (tp->tm_mon < 0 || tp->tm_mon > 11 \
++ ? "?" : month_name[tp->tm_mon])
+ # define a_wkday f_wkday
+ # define a_month f_month
+ # define ampm (L_("AMPM") + 2 * (tp->tm_hour > 11))
+@@ -1325,7 +1331,7 @@ __strftime_internal (s, maxsize, format,
+ *tzset_called = true;
+ }
+ # endif
+- zone = tzname[tp->tm_isdst];
++ zone = tp->tm_isdst <= 1 ? tzname[tp->tm_isdst] : "?";
+ }
+ #endif
+ if (! zone)
+Index: git/time/tst-strftime.c
+===================================================================
+--- git.orig/time/tst-strftime.c
++++ git/time/tst-strftime.c
+@@ -4,6 +4,56 @@
+ #include <time.h>
+
+
++static int
++do_bz18985 (void)
++{
++ char buf[1000];
++ struct tm ttm;
++ int rc, ret = 0;
++
++ memset (&ttm, 1, sizeof (ttm));
++ ttm.tm_zone = NULL; /* Dereferenced directly if non-NULL. */
++ rc = strftime (buf, sizeof (buf), "%a %A %b %B %c %z %Z", &ttm);
++
++ if (rc == 66)
++ {
++ const char expected[]
++ = "? ? ? ? ? ? 16843009 16843009:16843009:16843009 16844909 +467836 ?";
++ if (0 != strcmp (buf, expected))
++ {
++ printf ("expected:\n %s\ngot:\n %s\n", expected, buf);
++ ret += 1;
++ }
++ }
++ else
++ {
++ printf ("expected 66, got %d\n", rc);
++ ret += 1;
++ }
++
++ /* Check negative values as well. */
++ memset (&ttm, 0xFF, sizeof (ttm));
++ ttm.tm_zone = NULL; /* Dereferenced directly if non-NULL. */
++ rc = strftime (buf, sizeof (buf), "%a %A %b %B %c %z %Z", &ttm);
++
++ if (rc == 30)
++ {
++ const char expected[] = "? ? ? ? ? ? -1 -1:-1:-1 1899 ";
++ if (0 != strcmp (buf, expected))
++ {
++ printf ("expected:\n %s\ngot:\n %s\n", expected, buf);
++ ret += 1;
++ }
++ }
++ else
++ {
++ printf ("expected 30, got %d\n", rc);
++ ret += 1;
++ }
++
++ return ret;
++}
++
+ static struct
+ {
+ const char *fmt;
+@@ -104,7 +154,7 @@ do_test (void)
+ }
+ }
+
+- return result;
++ return result + do_bz18985 ();
+ }
+
+ #define TEST_FUNCTION do_test ()
diff --git a/meta/recipes-core/glibc/glibc_2.20.bb b/meta/recipes-core/glibc/glibc_2.20.bb
index d099d5d..8aaf94e 100644
--- a/meta/recipes-core/glibc/glibc_2.20.bb
+++ b/meta/recipes-core/glibc/glibc_2.20.bb
@@ -52,6 +52,7 @@ CVEPATCHES = "\
file://CVE-2015-8779.patch \
file://CVE-2015-9761_1.patch \
file://CVE-2015-9761_2.patch \
+ file://CVE-2015-8776.patch \
"
LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
--
2.3.5
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [dizzy][PATCH 3/4] glibc: CVE-2015-9761
2016-02-28 18:53 ` [dizzy][PATCH 3/4] glibc: CVE-2015-9761 Armin Kuster
@ 2016-03-03 8:16 ` Martin Jansa
[not found] ` <56D89FF7.2050201@mvista.com>
0 siblings, 1 reply; 9+ messages in thread
From: Martin Jansa @ 2016-03-03 8:16 UTC (permalink / raw)
To: Armin Kuster; +Cc: akuster, openembedded-core
[-- Attachment #1: Type: text/plain, Size: 61325 bytes --]
On Sun, Feb 28, 2016 at 10:53:34AM -0800, Armin Kuster wrote:
> From: Armin Kuster <akuster@mvista.com>
I think this is 2014-9761 not 2015-9761
But other than that please merge this series.
> A stack overflow vulnerability was found in nan* functions that could cause
> applications which process long strings with the nan function to crash or,
> potentially, execute arbitrary code.
>
> (From OE-Core rev: fd3da8178c8c06b549dbc19ecec40e98ab934d49)
>
> Signed-off-by: Armin Kuster <akuster@mvista.com>
> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> Signed-off-by: Armin Kuster <akuster@mvista.com>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> ---
> .../recipes-core/glibc/glibc/CVE-2015-9761_1.patch | 1039 ++++++++++++++++++++
> .../recipes-core/glibc/glibc/CVE-2015-9761_2.patch | 388 ++++++++
> meta/recipes-core/glibc/glibc_2.20.bb | 2 +
> 3 files changed, 1429 insertions(+)
> create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
> create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
>
> diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch b/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
> new file mode 100644
> index 0000000..3aca913
> --- /dev/null
> +++ b/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
> @@ -0,0 +1,1039 @@
> +From e02cabecf0d025ec4f4ddee290bdf7aadb873bb3 Mon Sep 17 00:00:00 2001
> +From: Joseph Myers <joseph@codesourcery.com>
> +Date: Tue, 24 Nov 2015 22:24:52 +0000
> +Subject: [PATCH] Refactor strtod parsing of NaN payloads.
> +
> +The nan* functions handle their string argument by constructing a
> +NAN(...) string on the stack as a VLA and passing it to strtod
> +functions.
> +
> +This approach has problems discussed in bug 16961 and bug 16962: the
> +stack usage is unbounded, and it gives incorrect results in certain
> +cases where the argument is not a valid n-char-sequence.
> +
> +The natural fix for both issues is to refactor the NaN payload parsing
> +out of strtod into a separate function that the nan* functions can
> +call directly, so that no temporary string needs constructing on the
> +stack at all. This patch does that refactoring in preparation for
> +fixing those bugs (but without actually using the new functions from
> +nan* - which will also require exporting them from libc at version
> +GLIBC_PRIVATE). This patch is not intended to change any user-visible
> +behavior, so no tests are added (fixes for the above bugs will of
> +course add tests for them).
> +
> +This patch builds on my recent fixes for strtol and strtod issues in
> +Turkish locales. Given those fixes, the parsing of NaN payloads is
> +locale-independent; thus, the new functions do not need to take a
> +locale_t argument.
> +
> +Tested for x86_64, x86, mips64 and powerpc.
> +
> + * stdlib/strtod_nan.c: New file.
> + * stdlib/strtod_nan_double.h: Likewise.
> + * stdlib/strtod_nan_float.h: Likewise.
> + * stdlib/strtod_nan_main.c: Likewise.
> + * stdlib/strtod_nan_narrow.h: Likewise.
> + * stdlib/strtod_nan_wide.h: Likewise.
> + * stdlib/strtof_nan.c: Likewise.
> + * stdlib/strtold_nan.c: Likewise.
> + * sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h: Likewise.
> + * sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h: Likewise.
> + * sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h: Likewise.
> + * wcsmbs/wcstod_nan.c: Likewise.
> + * wcsmbs/wcstof_nan.c: Likewise.
> + * wcsmbs/wcstold_nan.c: Likewise.
> + * stdlib/Makefile (routines): Add strtof_nan, strtod_nan and
> + strtold_nan.
> + * wcsmbs/Makefile (routines): Add wcstod_nan, wcstold_nan and
> + wcstof_nan.
> + * include/stdlib.h (__strtof_nan): Declare and use
> + libc_hidden_proto.
> + (__strtod_nan): Likewise.
> + (__strtold_nan): Likewise.
> + (__wcstof_nan): Likewise.
> + (__wcstod_nan): Likewise.
> + (__wcstold_nan): Likewise.
> + * include/wchar.h (____wcstoull_l_internal): Declare.
> + * stdlib/strtod_l.c: Do not include <ieee754.h>.
> + (____strtoull_l_internal): Remove declaration.
> + (STRTOF_NAN): Define macro.
> + (SET_MANTISSA): Remove macro.
> + (STRTOULL): Likewise.
> + (____STRTOF_INTERNAL): Use STRTOF_NAN to parse NaN payload.
> + * stdlib/strtof_l.c (____strtoull_l_internal): Remove declaration.
> + (STRTOF_NAN): Define macro.
> + (SET_MANTISSA): Remove macro.
> + * sysdeps/ieee754/ldbl-128/strtold_l.c (STRTOF_NAN): Define macro.
> + (SET_MANTISSA): Remove macro.
> + * sysdeps/ieee754/ldbl-128ibm/strtold_l.c (STRTOF_NAN): Define
> + macro.
> + (SET_MANTISSA): Remove macro.
> + * sysdeps/ieee754/ldbl-64-128/strtold_l.c (STRTOF_NAN): Define
> + macro.
> + (SET_MANTISSA): Remove macro.
> + * sysdeps/ieee754/ldbl-96/strtold_l.c (STRTOF_NAN): Define macro.
> + (SET_MANTISSA): Remove macro.
> + * wcsmbs/wcstod_l.c (____wcstoull_l_internal): Remove declaration.
> + * wcsmbs/wcstof_l.c (____wcstoull_l_internal): Likewise.
> + * wcsmbs/wcstold_l.c (____wcstoull_l_internal): Likewise.
> +
> +Upstream-Status: Backport
> +CVE: CVE-2015-9761 patch #1
> +[Yocto # 8980]
> +
> +https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02cabecf0d025ec4f4ddee290bdf7aadb873bb3
> +
> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> +
> +---
> + ChangeLog | 49 ++++++++++++++++++
> + include/stdlib.h | 18 +++++++
> + include/wchar.h | 3 ++
> + stdlib/Makefile | 1 +
> + stdlib/strtod_l.c | 48 ++++--------------
> + stdlib/strtod_nan.c | 24 +++++++++
> + stdlib/strtod_nan_double.h | 30 +++++++++++
> + stdlib/strtod_nan_float.h | 29 +++++++++++
> + stdlib/strtod_nan_main.c | 63 ++++++++++++++++++++++++
> + stdlib/strtod_nan_narrow.h | 22 +++++++++
> + stdlib/strtod_nan_wide.h | 22 +++++++++
> + stdlib/strtof_l.c | 11 +----
> + stdlib/strtof_nan.c | 24 +++++++++
> + stdlib/strtold_nan.c | 30 +++++++++++
> + sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h | 33 +++++++++++++
> + sysdeps/ieee754/ldbl-128/strtold_l.c | 13 +----
> + sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h | 30 +++++++++++
> + sysdeps/ieee754/ldbl-128ibm/strtold_l.c | 10 +---
> + sysdeps/ieee754/ldbl-64-128/strtold_l.c | 13 +----
> + sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h | 30 +++++++++++
> + sysdeps/ieee754/ldbl-96/strtold_l.c | 10 +---
> + wcsmbs/Makefile | 1 +
> + wcsmbs/wcstod_l.c | 3 --
> + wcsmbs/wcstod_nan.c | 23 +++++++++
> + wcsmbs/wcstof_l.c | 3 --
> + wcsmbs/wcstof_nan.c | 23 +++++++++
> + wcsmbs/wcstold_l.c | 3 --
> + wcsmbs/wcstold_nan.c | 30 +++++++++++
> + 28 files changed, 504 insertions(+), 95 deletions(-)
> + create mode 100644 stdlib/strtod_nan.c
> + create mode 100644 stdlib/strtod_nan_double.h
> + create mode 100644 stdlib/strtod_nan_float.h
> + create mode 100644 stdlib/strtod_nan_main.c
> + create mode 100644 stdlib/strtod_nan_narrow.h
> + create mode 100644 stdlib/strtod_nan_wide.h
> + create mode 100644 stdlib/strtof_nan.c
> + create mode 100644 stdlib/strtold_nan.c
> + create mode 100644 sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
> + create mode 100644 sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
> + create mode 100644 sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
> + create mode 100644 wcsmbs/wcstod_nan.c
> + create mode 100644 wcsmbs/wcstof_nan.c
> + create mode 100644 wcsmbs/wcstold_nan.c
> +
> +Index: git/include/stdlib.h
> +===================================================================
> +--- git.orig/include/stdlib.h
> ++++ git/include/stdlib.h
> +@@ -203,6 +203,24 @@ libc_hidden_proto (strtoll)
> + libc_hidden_proto (strtoul)
> + libc_hidden_proto (strtoull)
> +
> ++extern float __strtof_nan (const char *, char **, char) internal_function;
> ++extern double __strtod_nan (const char *, char **, char) internal_function;
> ++extern long double __strtold_nan (const char *, char **, char)
> ++ internal_function;
> ++extern float __wcstof_nan (const wchar_t *, wchar_t **, wchar_t)
> ++ internal_function;
> ++extern double __wcstod_nan (const wchar_t *, wchar_t **, wchar_t)
> ++ internal_function;
> ++extern long double __wcstold_nan (const wchar_t *, wchar_t **, wchar_t)
> ++ internal_function;
> ++
> ++libc_hidden_proto (__strtof_nan)
> ++libc_hidden_proto (__strtod_nan)
> ++libc_hidden_proto (__strtold_nan)
> ++libc_hidden_proto (__wcstof_nan)
> ++libc_hidden_proto (__wcstod_nan)
> ++libc_hidden_proto (__wcstold_nan)
> ++
> + extern char *__ecvt (double __value, int __ndigit, int *__restrict __decpt,
> + int *__restrict __sign);
> + extern char *__fcvt (double __value, int __ndigit, int *__restrict __decpt,
> +Index: git/include/wchar.h
> +===================================================================
> +--- git.orig/include/wchar.h
> ++++ git/include/wchar.h
> +@@ -52,6 +52,9 @@ extern unsigned long long int __wcstoull
> + __restrict __endptr,
> + int __base,
> + int __group) __THROW;
> ++extern unsigned long long int ____wcstoull_l_internal (const wchar_t *,
> ++ wchar_t **, int, int,
> ++ __locale_t);
> + libc_hidden_proto (__wcstof_internal)
> + libc_hidden_proto (__wcstod_internal)
> + libc_hidden_proto (__wcstold_internal)
> +Index: git/stdlib/Makefile
> +===================================================================
> +--- git.orig/stdlib/Makefile
> ++++ git/stdlib/Makefile
> +@@ -51,6 +51,7 @@ routines-y := \
> + strtol_l strtoul_l strtoll_l strtoull_l \
> + strtof strtod strtold \
> + strtof_l strtod_l strtold_l \
> ++ strtof_nan strtod_nan strtold_nan \
> + system canonicalize \
> + a64l l64a \
> + getsubopt xpg_basename \
> +Index: git/stdlib/strtod_l.c
> +===================================================================
> +--- git.orig/stdlib/strtod_l.c
> ++++ git/stdlib/strtod_l.c
> +@@ -21,8 +21,6 @@
> + #include <xlocale.h>
> +
> + extern double ____strtod_l_internal (const char *, char **, int, __locale_t);
> +-extern unsigned long long int ____strtoull_l_internal (const char *, char **,
> +- int, int, __locale_t);
> +
> + /* Configuration part. These macros are defined by `strtold.c',
> + `strtof.c', `wcstod.c', `wcstold.c', and `wcstof.c' to produce the
> +@@ -34,27 +32,20 @@ extern unsigned long long int ____strtou
> + # ifdef USE_WIDE_CHAR
> + # define STRTOF wcstod_l
> + # define __STRTOF __wcstod_l
> ++# define STRTOF_NAN __wcstod_nan
> + # else
> + # define STRTOF strtod_l
> + # define __STRTOF __strtod_l
> ++# define STRTOF_NAN __strtod_nan
> + # endif
> + # define MPN2FLOAT __mpn_construct_double
> + # define FLOAT_HUGE_VAL HUGE_VAL
> +-# define SET_MANTISSA(flt, mant) \
> +- do { union ieee754_double u; \
> +- u.d = (flt); \
> +- u.ieee_nan.mantissa0 = (mant) >> 32; \
> +- u.ieee_nan.mantissa1 = (mant); \
> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
> +- (flt) = u.d; \
> +- } while (0)
> + #endif
> + /* End of configuration part. */
> + \f
> + #include <ctype.h>
> + #include <errno.h>
> + #include <float.h>
> +-#include <ieee754.h>
> + #include "../locale/localeinfo.h"
> + #include <locale.h>
> + #include <math.h>
> +@@ -105,7 +96,6 @@ extern unsigned long long int ____strtou
> + # define TOLOWER_C(Ch) __towlower_l ((Ch), _nl_C_locobj_ptr)
> + # define STRNCASECMP(S1, S2, N) \
> + __wcsncasecmp_l ((S1), (S2), (N), _nl_C_locobj_ptr)
> +-# define STRTOULL(S, E, B) ____wcstoull_l_internal ((S), (E), (B), 0, loc)
> + #else
> + # define STRING_TYPE char
> + # define CHAR_TYPE char
> +@@ -117,7 +107,6 @@ extern unsigned long long int ____strtou
> + # define TOLOWER_C(Ch) __tolower_l ((Ch), _nl_C_locobj_ptr)
> + # define STRNCASECMP(S1, S2, N) \
> + __strncasecmp_l ((S1), (S2), (N), _nl_C_locobj_ptr)
> +-# define STRTOULL(S, E, B) ____strtoull_l_internal ((S), (E), (B), 0, loc)
> + #endif
> +
> +
> +@@ -668,33 +657,14 @@ ____STRTOF_INTERNAL (nptr, endptr, group
> + if (*cp == L_('('))
> + {
> + const STRING_TYPE *startp = cp;
> +- do
> +- ++cp;
> +- while ((*cp >= L_('0') && *cp <= L_('9'))
> +- || ({ CHAR_TYPE lo = TOLOWER (*cp);
> +- lo >= L_('a') && lo <= L_('z'); })
> +- || *cp == L_('_'));
> +-
> +- if (*cp != L_(')'))
> +- /* The closing brace is missing. Only match the NAN
> +- part. */
> +- cp = startp;
> ++ STRING_TYPE *endp;
> ++ retval = STRTOF_NAN (cp + 1, &endp, L_(')'));
> ++ if (*endp == L_(')'))
> ++ /* Consume the closing parenthesis. */
> ++ cp = endp + 1;
> + else
> +- {
> +- /* This is a system-dependent way to specify the
> +- bitmask used for the NaN. We expect it to be
> +- a number which is put in the mantissa of the
> +- number. */
> +- STRING_TYPE *endp;
> +- unsigned long long int mant;
> +-
> +- mant = STRTOULL (startp + 1, &endp, 0);
> +- if (endp == cp)
> +- SET_MANTISSA (retval, mant);
> +-
> +- /* Consume the closing brace. */
> +- ++cp;
> +- }
> ++ /* Only match the NAN part. */
> ++ cp = startp;
> + }
> +
> + if (endptr != NULL)
> +Index: git/stdlib/strtod_nan.c
> +===================================================================
> +--- /dev/null
> ++++ git/stdlib/strtod_nan.c
> +@@ -0,0 +1,24 @@
> ++/* Convert string for NaN payload to corresponding NaN. Narrow
> ++ strings, double.
> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> ++ This file is part of the GNU C Library.
> ++
> ++ The GNU C Library is free software; you can redistribute it and/or
> ++ modify it under the terms of the GNU Lesser General Public
> ++ License as published by the Free Software Foundation; either
> ++ version 2.1 of the License, or (at your option) any later version.
> ++
> ++ The GNU C Library is distributed in the hope that it will be useful,
> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> ++ Lesser General Public License for more details.
> ++
> ++ You should have received a copy of the GNU Lesser General Public
> ++ License along with the GNU C Library; if not, see
> ++ <http://www.gnu.org/licenses/>. */
> ++
> ++#include <strtod_nan_narrow.h>
> ++#include <strtod_nan_double.h>
> ++
> ++#define STRTOD_NAN __strtod_nan
> ++#include <strtod_nan_main.c>
> +Index: git/stdlib/strtod_nan_double.h
> +===================================================================
> +--- /dev/null
> ++++ git/stdlib/strtod_nan_double.h
> +@@ -0,0 +1,30 @@
> ++/* Convert string for NaN payload to corresponding NaN. For double.
> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> ++ This file is part of the GNU C Library.
> ++
> ++ The GNU C Library is free software; you can redistribute it and/or
> ++ modify it under the terms of the GNU Lesser General Public
> ++ License as published by the Free Software Foundation; either
> ++ version 2.1 of the License, or (at your option) any later version.
> ++
> ++ The GNU C Library is distributed in the hope that it will be useful,
> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> ++ Lesser General Public License for more details.
> ++
> ++ You should have received a copy of the GNU Lesser General Public
> ++ License along with the GNU C Library; if not, see
> ++ <http://www.gnu.org/licenses/>. */
> ++
> ++#define FLOAT double
> ++#define SET_MANTISSA(flt, mant) \
> ++ do \
> ++ { \
> ++ union ieee754_double u; \
> ++ u.d = (flt); \
> ++ u.ieee_nan.mantissa0 = (mant) >> 32; \
> ++ u.ieee_nan.mantissa1 = (mant); \
> ++ if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
> ++ (flt) = u.d; \
> ++ } \
> ++ while (0)
> +Index: git/stdlib/strtod_nan_float.h
> +===================================================================
> +--- /dev/null
> ++++ git/stdlib/strtod_nan_float.h
> +@@ -0,0 +1,29 @@
> ++/* Convert string for NaN payload to corresponding NaN. For float.
> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> ++ This file is part of the GNU C Library.
> ++
> ++ The GNU C Library is free software; you can redistribute it and/or
> ++ modify it under the terms of the GNU Lesser General Public
> ++ License as published by the Free Software Foundation; either
> ++ version 2.1 of the License, or (at your option) any later version.
> ++
> ++ The GNU C Library is distributed in the hope that it will be useful,
> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> ++ Lesser General Public License for more details.
> ++
> ++ You should have received a copy of the GNU Lesser General Public
> ++ License along with the GNU C Library; if not, see
> ++ <http://www.gnu.org/licenses/>. */
> ++
> ++#define FLOAT float
> ++#define SET_MANTISSA(flt, mant) \
> ++ do \
> ++ { \
> ++ union ieee754_float u; \
> ++ u.f = (flt); \
> ++ u.ieee_nan.mantissa = (mant); \
> ++ if (u.ieee.mantissa != 0) \
> ++ (flt) = u.f; \
> ++ } \
> ++ while (0)
> +Index: git/stdlib/strtod_nan_main.c
> +===================================================================
> +--- /dev/null
> ++++ git/stdlib/strtod_nan_main.c
> +@@ -0,0 +1,63 @@
> ++/* Convert string for NaN payload to corresponding NaN.
> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> ++ This file is part of the GNU C Library.
> ++
> ++ The GNU C Library is free software; you can redistribute it and/or
> ++ modify it under the terms of the GNU Lesser General Public
> ++ License as published by the Free Software Foundation; either
> ++ version 2.1 of the License, or (at your option) any later version.
> ++
> ++ The GNU C Library is distributed in the hope that it will be useful,
> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> ++ Lesser General Public License for more details.
> ++
> ++ You should have received a copy of the GNU Lesser General Public
> ++ License along with the GNU C Library; if not, see
> ++ <http://www.gnu.org/licenses/>. */
> ++
> ++#include <ieee754.h>
> ++#include <locale.h>
> ++#include <math.h>
> ++#include <stdlib.h>
> ++#include <wchar.h>
> ++
> ++
> ++/* If STR starts with an optional n-char-sequence as defined by ISO C
> ++ (a sequence of ASCII letters, digits and underscores), followed by
> ++ ENDC, return a NaN whose payload is set based on STR. Otherwise,
> ++ return a default NAN. If ENDPTR is not NULL, set *ENDPTR to point
> ++ to the character after the initial n-char-sequence. */
> ++
> ++internal_function
> ++FLOAT
> ++STRTOD_NAN (const STRING_TYPE *str, STRING_TYPE **endptr, STRING_TYPE endc)
> ++{
> ++ const STRING_TYPE *cp = str;
> ++
> ++ while ((*cp >= L_('0') && *cp <= L_('9'))
> ++ || (*cp >= L_('A') && *cp <= L_('Z'))
> ++ || (*cp >= L_('a') && *cp <= L_('z'))
> ++ || *cp == L_('_'))
> ++ ++cp;
> ++
> ++ FLOAT retval = NAN;
> ++ if (*cp != endc)
> ++ goto out;
> ++
> ++ /* This is a system-dependent way to specify the bitmask used for
> ++ the NaN. We expect it to be a number which is put in the
> ++ mantissa of the number. */
> ++ STRING_TYPE *endp;
> ++ unsigned long long int mant;
> ++
> ++ mant = STRTOULL (str, &endp, 0);
> ++ if (endp == cp)
> ++ SET_MANTISSA (retval, mant);
> ++
> ++ out:
> ++ if (endptr != NULL)
> ++ *endptr = (STRING_TYPE *) cp;
> ++ return retval;
> ++}
> ++libc_hidden_def (STRTOD_NAN)
> +Index: git/stdlib/strtod_nan_narrow.h
> +===================================================================
> +--- /dev/null
> ++++ git/stdlib/strtod_nan_narrow.h
> +@@ -0,0 +1,22 @@
> ++/* Convert string for NaN payload to corresponding NaN. Narrow strings.
> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> ++ This file is part of the GNU C Library.
> ++
> ++ The GNU C Library is free software; you can redistribute it and/or
> ++ modify it under the terms of the GNU Lesser General Public
> ++ License as published by the Free Software Foundation; either
> ++ version 2.1 of the License, or (at your option) any later version.
> ++
> ++ The GNU C Library is distributed in the hope that it will be useful,
> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> ++ Lesser General Public License for more details.
> ++
> ++ You should have received a copy of the GNU Lesser General Public
> ++ License along with the GNU C Library; if not, see
> ++ <http://www.gnu.org/licenses/>. */
> ++
> ++#define STRING_TYPE char
> ++#define L_(Ch) Ch
> ++#define STRTOULL(S, E, B) ____strtoull_l_internal ((S), (E), (B), 0, \
> ++ _nl_C_locobj_ptr)
> +Index: git/stdlib/strtod_nan_wide.h
> +===================================================================
> +--- /dev/null
> ++++ git/stdlib/strtod_nan_wide.h
> +@@ -0,0 +1,22 @@
> ++/* Convert string for NaN payload to corresponding NaN. Wide strings.
> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> ++ This file is part of the GNU C Library.
> ++
> ++ The GNU C Library is free software; you can redistribute it and/or
> ++ modify it under the terms of the GNU Lesser General Public
> ++ License as published by the Free Software Foundation; either
> ++ version 2.1 of the License, or (at your option) any later version.
> ++
> ++ The GNU C Library is distributed in the hope that it will be useful,
> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> ++ Lesser General Public License for more details.
> ++
> ++ You should have received a copy of the GNU Lesser General Public
> ++ License along with the GNU C Library; if not, see
> ++ <http://www.gnu.org/licenses/>. */
> ++
> ++#define STRING_TYPE wchar_t
> ++#define L_(Ch) L##Ch
> ++#define STRTOULL(S, E, B) ____wcstoull_l_internal ((S), (E), (B), 0, \
> ++ _nl_C_locobj_ptr)
> +Index: git/stdlib/strtof_l.c
> +===================================================================
> +--- git.orig/stdlib/strtof_l.c
> ++++ git/stdlib/strtof_l.c
> +@@ -20,26 +20,19 @@
> + #include <xlocale.h>
> +
> + extern float ____strtof_l_internal (const char *, char **, int, __locale_t);
> +-extern unsigned long long int ____strtoull_l_internal (const char *, char **,
> +- int, int, __locale_t);
> +
> + #define FLOAT float
> + #define FLT FLT
> + #ifdef USE_WIDE_CHAR
> + # define STRTOF wcstof_l
> + # define __STRTOF __wcstof_l
> ++# define STRTOF_NAN __wcstof_nan
> + #else
> + # define STRTOF strtof_l
> + # define __STRTOF __strtof_l
> ++# define STRTOF_NAN __strtof_nan
> + #endif
> + #define MPN2FLOAT __mpn_construct_float
> + #define FLOAT_HUGE_VAL HUGE_VALF
> +-#define SET_MANTISSA(flt, mant) \
> +- do { union ieee754_float u; \
> +- u.f = (flt); \
> +- u.ieee_nan.mantissa = (mant); \
> +- if (u.ieee.mantissa != 0) \
> +- (flt) = u.f; \
> +- } while (0)
> +
> + #include "strtod_l.c"
> +Index: git/stdlib/strtof_nan.c
> +===================================================================
> +--- /dev/null
> ++++ git/stdlib/strtof_nan.c
> +@@ -0,0 +1,24 @@
> ++/* Convert string for NaN payload to corresponding NaN. Narrow
> ++ strings, float.
> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> ++ This file is part of the GNU C Library.
> ++
> ++ The GNU C Library is free software; you can redistribute it and/or
> ++ modify it under the terms of the GNU Lesser General Public
> ++ License as published by the Free Software Foundation; either
> ++ version 2.1 of the License, or (at your option) any later version.
> ++
> ++ The GNU C Library is distributed in the hope that it will be useful,
> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> ++ Lesser General Public License for more details.
> ++
> ++ You should have received a copy of the GNU Lesser General Public
> ++ License along with the GNU C Library; if not, see
> ++ <http://www.gnu.org/licenses/>. */
> ++
> ++#include <strtod_nan_narrow.h>
> ++#include <strtod_nan_float.h>
> ++
> ++#define STRTOD_NAN __strtof_nan
> ++#include <strtod_nan_main.c>
> +Index: git/stdlib/strtold_nan.c
> +===================================================================
> +--- /dev/null
> ++++ git/stdlib/strtold_nan.c
> +@@ -0,0 +1,30 @@
> ++/* Convert string for NaN payload to corresponding NaN. Narrow
> ++ strings, long double.
> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> ++ This file is part of the GNU C Library.
> ++
> ++ The GNU C Library is free software; you can redistribute it and/or
> ++ modify it under the terms of the GNU Lesser General Public
> ++ License as published by the Free Software Foundation; either
> ++ version 2.1 of the License, or (at your option) any later version.
> ++
> ++ The GNU C Library is distributed in the hope that it will be useful,
> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> ++ Lesser General Public License for more details.
> ++
> ++ You should have received a copy of the GNU Lesser General Public
> ++ License along with the GNU C Library; if not, see
> ++ <http://www.gnu.org/licenses/>. */
> ++
> ++#include <math.h>
> ++
> ++/* This function is unused if long double and double have the same
> ++ representation. */
> ++#ifndef __NO_LONG_DOUBLE_MATH
> ++# include <strtod_nan_narrow.h>
> ++# include <strtod_nan_ldouble.h>
> ++
> ++# define STRTOD_NAN __strtold_nan
> ++# include <strtod_nan_main.c>
> ++#endif
> +Index: git/sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
> +===================================================================
> +--- /dev/null
> ++++ git/sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
> +@@ -0,0 +1,33 @@
> ++/* Convert string for NaN payload to corresponding NaN. For ldbl-128.
> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> ++ This file is part of the GNU C Library.
> ++
> ++ The GNU C Library is free software; you can redistribute it and/or
> ++ modify it under the terms of the GNU Lesser General Public
> ++ License as published by the Free Software Foundation; either
> ++ version 2.1 of the License, or (at your option) any later version.
> ++
> ++ The GNU C Library is distributed in the hope that it will be useful,
> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> ++ Lesser General Public License for more details.
> ++
> ++ You should have received a copy of the GNU Lesser General Public
> ++ License along with the GNU C Library; if not, see
> ++ <http://www.gnu.org/licenses/>. */
> ++
> ++#define FLOAT long double
> ++#define SET_MANTISSA(flt, mant) \
> ++ do \
> ++ { \
> ++ union ieee854_long_double u; \
> ++ u.d = (flt); \
> ++ u.ieee_nan.mantissa0 = 0; \
> ++ u.ieee_nan.mantissa1 = 0; \
> ++ u.ieee_nan.mantissa2 = (mant) >> 32; \
> ++ u.ieee_nan.mantissa3 = (mant); \
> ++ if ((u.ieee.mantissa0 | u.ieee.mantissa1 \
> ++ | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \
> ++ (flt) = u.d; \
> ++ } \
> ++ while (0)
> +Index: git/sysdeps/ieee754/ldbl-128/strtold_l.c
> +===================================================================
> +--- git.orig/sysdeps/ieee754/ldbl-128/strtold_l.c
> ++++ git/sysdeps/ieee754/ldbl-128/strtold_l.c
> +@@ -25,22 +25,13 @@
> + #ifdef USE_WIDE_CHAR
> + # define STRTOF wcstold_l
> + # define __STRTOF __wcstold_l
> ++# define STRTOF_NAN __wcstold_nan
> + #else
> + # define STRTOF strtold_l
> + # define __STRTOF __strtold_l
> ++# define STRTOF_NAN __strtold_nan
> + #endif
> + #define MPN2FLOAT __mpn_construct_long_double
> + #define FLOAT_HUGE_VAL HUGE_VALL
> +-#define SET_MANTISSA(flt, mant) \
> +- do { union ieee854_long_double u; \
> +- u.d = (flt); \
> +- u.ieee_nan.mantissa0 = 0; \
> +- u.ieee_nan.mantissa1 = 0; \
> +- u.ieee_nan.mantissa2 = (mant) >> 32; \
> +- u.ieee_nan.mantissa3 = (mant); \
> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1 \
> +- | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \
> +- (flt) = u.d; \
> +- } while (0)
> +
> + #include <strtod_l.c>
> +Index: git/sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
> +===================================================================
> +--- /dev/null
> ++++ git/sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
> +@@ -0,0 +1,30 @@
> ++/* Convert string for NaN payload to corresponding NaN. For ldbl-128ibm.
> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> ++ This file is part of the GNU C Library.
> ++
> ++ The GNU C Library is free software; you can redistribute it and/or
> ++ modify it under the terms of the GNU Lesser General Public
> ++ License as published by the Free Software Foundation; either
> ++ version 2.1 of the License, or (at your option) any later version.
> ++
> ++ The GNU C Library is distributed in the hope that it will be useful,
> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> ++ Lesser General Public License for more details.
> ++
> ++ You should have received a copy of the GNU Lesser General Public
> ++ License along with the GNU C Library; if not, see
> ++ <http://www.gnu.org/licenses/>. */
> ++
> ++#define FLOAT long double
> ++#define SET_MANTISSA(flt, mant) \
> ++ do \
> ++ { \
> ++ union ibm_extended_long_double u; \
> ++ u.ld = (flt); \
> ++ u.d[0].ieee_nan.mantissa0 = (mant) >> 32; \
> ++ u.d[0].ieee_nan.mantissa1 = (mant); \
> ++ if ((u.d[0].ieee.mantissa0 | u.d[0].ieee.mantissa1) != 0) \
> ++ (flt) = u.ld; \
> ++ } \
> ++ while (0)
> +Index: git/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
> +===================================================================
> +--- git.orig/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
> ++++ git/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
> +@@ -30,25 +30,19 @@ extern long double ____new_wcstold_l (co
> + # define STRTOF __new_wcstold_l
> + # define __STRTOF ____new_wcstold_l
> + # define ____STRTOF_INTERNAL ____wcstold_l_internal
> ++# define STRTOF_NAN __wcstold_nan
> + #else
> + extern long double ____new_strtold_l (const char *, char **, __locale_t);
> + # define STRTOF __new_strtold_l
> + # define __STRTOF ____new_strtold_l
> + # define ____STRTOF_INTERNAL ____strtold_l_internal
> ++# define STRTOF_NAN __strtold_nan
> + #endif
> + extern __typeof (__STRTOF) STRTOF;
> + libc_hidden_proto (__STRTOF)
> + libc_hidden_proto (STRTOF)
> + #define MPN2FLOAT __mpn_construct_long_double
> + #define FLOAT_HUGE_VAL HUGE_VALL
> +-# define SET_MANTISSA(flt, mant) \
> +- do { union ibm_extended_long_double u; \
> +- u.ld = (flt); \
> +- u.d[0].ieee_nan.mantissa0 = (mant) >> 32; \
> +- u.d[0].ieee_nan.mantissa1 = (mant); \
> +- if ((u.d[0].ieee.mantissa0 | u.d[0].ieee.mantissa1) != 0) \
> +- (flt) = u.ld; \
> +- } while (0)
> +
> + #include <strtod_l.c>
> +
> +Index: git/sysdeps/ieee754/ldbl-64-128/strtold_l.c
> +===================================================================
> +--- git.orig/sysdeps/ieee754/ldbl-64-128/strtold_l.c
> ++++ git/sysdeps/ieee754/ldbl-64-128/strtold_l.c
> +@@ -30,28 +30,19 @@ extern long double ____new_wcstold_l (co
> + # define STRTOF __new_wcstold_l
> + # define __STRTOF ____new_wcstold_l
> + # define ____STRTOF_INTERNAL ____wcstold_l_internal
> ++# define STRTOF_NAN __wcstold_nan
> + #else
> + extern long double ____new_strtold_l (const char *, char **, __locale_t);
> + # define STRTOF __new_strtold_l
> + # define __STRTOF ____new_strtold_l
> + # define ____STRTOF_INTERNAL ____strtold_l_internal
> ++# define STRTOF_NAN __strtold_nan
> + #endif
> + extern __typeof (__STRTOF) STRTOF;
> + libc_hidden_proto (__STRTOF)
> + libc_hidden_proto (STRTOF)
> + #define MPN2FLOAT __mpn_construct_long_double
> + #define FLOAT_HUGE_VAL HUGE_VALL
> +-#define SET_MANTISSA(flt, mant) \
> +- do { union ieee854_long_double u; \
> +- u.d = (flt); \
> +- u.ieee_nan.mantissa0 = 0; \
> +- u.ieee_nan.mantissa1 = 0; \
> +- u.ieee_nan.mantissa2 = (mant) >> 32; \
> +- u.ieee_nan.mantissa3 = (mant); \
> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1 \
> +- | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \
> +- (flt) = u.d; \
> +- } while (0)
> +
> + #include <strtod_l.c>
> +
> +Index: git/sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
> +===================================================================
> +--- /dev/null
> ++++ git/sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
> +@@ -0,0 +1,30 @@
> ++/* Convert string for NaN payload to corresponding NaN. For ldbl-96.
> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> ++ This file is part of the GNU C Library.
> ++
> ++ The GNU C Library is free software; you can redistribute it and/or
> ++ modify it under the terms of the GNU Lesser General Public
> ++ License as published by the Free Software Foundation; either
> ++ version 2.1 of the License, or (at your option) any later version.
> ++
> ++ The GNU C Library is distributed in the hope that it will be useful,
> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> ++ Lesser General Public License for more details.
> ++
> ++ You should have received a copy of the GNU Lesser General Public
> ++ License along with the GNU C Library; if not, see
> ++ <http://www.gnu.org/licenses/>. */
> ++
> ++#define FLOAT long double
> ++#define SET_MANTISSA(flt, mant) \
> ++ do \
> ++ { \
> ++ union ieee854_long_double u; \
> ++ u.d = (flt); \
> ++ u.ieee_nan.mantissa0 = (mant) >> 32; \
> ++ u.ieee_nan.mantissa1 = (mant); \
> ++ if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
> ++ (flt) = u.d; \
> ++ } \
> ++ while (0)
> +Index: git/sysdeps/ieee754/ldbl-96/strtold_l.c
> +===================================================================
> +--- git.orig/sysdeps/ieee754/ldbl-96/strtold_l.c
> ++++ git/sysdeps/ieee754/ldbl-96/strtold_l.c
> +@@ -25,19 +25,13 @@
> + #ifdef USE_WIDE_CHAR
> + # define STRTOF wcstold_l
> + # define __STRTOF __wcstold_l
> ++# define STRTOF_NAN __wcstold_nan
> + #else
> + # define STRTOF strtold_l
> + # define __STRTOF __strtold_l
> ++# define STRTOF_NAN __strtold_nan
> + #endif
> + #define MPN2FLOAT __mpn_construct_long_double
> + #define FLOAT_HUGE_VAL HUGE_VALL
> +-#define SET_MANTISSA(flt, mant) \
> +- do { union ieee854_long_double u; \
> +- u.d = (flt); \
> +- u.ieee_nan.mantissa0 = (mant) >> 32; \
> +- u.ieee_nan.mantissa1 = (mant); \
> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
> +- (flt) = u.d; \
> +- } while (0)
> +
> + #include <stdlib/strtod_l.c>
> +Index: git/wcsmbs/Makefile
> +===================================================================
> +--- git.orig/wcsmbs/Makefile
> ++++ git/wcsmbs/Makefile
> +@@ -39,6 +39,7 @@ routines-$(OPTION_POSIX_C_LANG_WIDE_CHAR
> + wcstol wcstoul wcstoll wcstoull wcstod wcstold wcstof \
> + wcstol_l wcstoul_l wcstoll_l wcstoull_l \
> + wcstod_l wcstold_l wcstof_l \
> ++ wcstod_nan wcstold_nan wcstof_nan \
> + wcscoll wcsxfrm \
> + wcwidth wcswidth \
> + wcscoll_l wcsxfrm_l \
> +Index: git/wcsmbs/wcstod_l.c
> +===================================================================
> +--- git.orig/wcsmbs/wcstod_l.c
> ++++ git/wcsmbs/wcstod_l.c
> +@@ -23,9 +23,6 @@
> +
> + extern double ____wcstod_l_internal (const wchar_t *, wchar_t **, int,
> + __locale_t);
> +-extern unsigned long long int ____wcstoull_l_internal (const wchar_t *,
> +- wchar_t **, int, int,
> +- __locale_t);
> +
> + #define USE_WIDE_CHAR 1
> +
> +Index: git/wcsmbs/wcstod_nan.c
> +===================================================================
> +--- /dev/null
> ++++ git/wcsmbs/wcstod_nan.c
> +@@ -0,0 +1,23 @@
> ++/* Convert string for NaN payload to corresponding NaN. Wide strings, double.
> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> ++ This file is part of the GNU C Library.
> ++
> ++ The GNU C Library is free software; you can redistribute it and/or
> ++ modify it under the terms of the GNU Lesser General Public
> ++ License as published by the Free Software Foundation; either
> ++ version 2.1 of the License, or (at your option) any later version.
> ++
> ++ The GNU C Library is distributed in the hope that it will be useful,
> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> ++ Lesser General Public License for more details.
> ++
> ++ You should have received a copy of the GNU Lesser General Public
> ++ License along with the GNU C Library; if not, see
> ++ <http://www.gnu.org/licenses/>. */
> ++
> ++#include "../stdlib/strtod_nan_wide.h"
> ++#include "../stdlib/strtod_nan_double.h"
> ++
> ++#define STRTOD_NAN __wcstod_nan
> ++#include "../stdlib/strtod_nan_main.c"
> +Index: git/wcsmbs/wcstof_l.c
> +===================================================================
> +--- git.orig/wcsmbs/wcstof_l.c
> ++++ git/wcsmbs/wcstof_l.c
> +@@ -25,8 +25,5 @@
> +
> + extern float ____wcstof_l_internal (const wchar_t *, wchar_t **, int,
> + __locale_t);
> +-extern unsigned long long int ____wcstoull_l_internal (const wchar_t *,
> +- wchar_t **, int, int,
> +- __locale_t);
> +
> + #include <stdlib/strtof_l.c>
> +Index: git/wcsmbs/wcstof_nan.c
> +===================================================================
> +--- /dev/null
> ++++ git/wcsmbs/wcstof_nan.c
> +@@ -0,0 +1,23 @@
> ++/* Convert string for NaN payload to corresponding NaN. Wide strings, float.
> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> ++ This file is part of the GNU C Library.
> ++
> ++ The GNU C Library is free software; you can redistribute it and/or
> ++ modify it under the terms of the GNU Lesser General Public
> ++ License as published by the Free Software Foundation; either
> ++ version 2.1 of the License, or (at your option) any later version.
> ++
> ++ The GNU C Library is distributed in the hope that it will be useful,
> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> ++ Lesser General Public License for more details.
> ++
> ++ You should have received a copy of the GNU Lesser General Public
> ++ License along with the GNU C Library; if not, see
> ++ <http://www.gnu.org/licenses/>. */
> ++
> ++#include "../stdlib/strtod_nan_wide.h"
> ++#include "../stdlib/strtod_nan_float.h"
> ++
> ++#define STRTOD_NAN __wcstof_nan
> ++#include "../stdlib/strtod_nan_main.c"
> +Index: git/wcsmbs/wcstold_l.c
> +===================================================================
> +--- git.orig/wcsmbs/wcstold_l.c
> ++++ git/wcsmbs/wcstold_l.c
> +@@ -24,8 +24,5 @@
> +
> + extern long double ____wcstold_l_internal (const wchar_t *, wchar_t **, int,
> + __locale_t);
> +-extern unsigned long long int ____wcstoull_l_internal (const wchar_t *,
> +- wchar_t **, int, int,
> +- __locale_t);
> +
> + #include <strtold_l.c>
> +Index: git/wcsmbs/wcstold_nan.c
> +===================================================================
> +--- /dev/null
> ++++ git/wcsmbs/wcstold_nan.c
> +@@ -0,0 +1,30 @@
> ++/* Convert string for NaN payload to corresponding NaN. Wide strings,
> ++ long double.
> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> ++ This file is part of the GNU C Library.
> ++
> ++ The GNU C Library is free software; you can redistribute it and/or
> ++ modify it under the terms of the GNU Lesser General Public
> ++ License as published by the Free Software Foundation; either
> ++ version 2.1 of the License, or (at your option) any later version.
> ++
> ++ The GNU C Library is distributed in the hope that it will be useful,
> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> ++ Lesser General Public License for more details.
> ++
> ++ You should have received a copy of the GNU Lesser General Public
> ++ License along with the GNU C Library; if not, see
> ++ <http://www.gnu.org/licenses/>. */
> ++
> ++#include <math.h>
> ++
> ++/* This function is unused if long double and double have the same
> ++ representation. */
> ++#ifndef __NO_LONG_DOUBLE_MATH
> ++# include "../stdlib/strtod_nan_wide.h"
> ++# include <strtod_nan_ldouble.h>
> ++
> ++# define STRTOD_NAN __wcstold_nan
> ++# include "../stdlib/strtod_nan_main.c"
> ++#endif
> +Index: git/ChangeLog
> +===================================================================
> +--- git.orig/ChangeLog
> ++++ git/ChangeLog
> +@@ -1,3 +1,57 @@
> ++2015-11-24 Joseph Myers <joseph@codesourcery.com>
> ++
> ++ * stdlib/strtod_nan.c: New file.
> ++ * stdlib/strtod_nan_double.h: Likewise.
> ++ * stdlib/strtod_nan_float.h: Likewise.
> ++ * stdlib/strtod_nan_main.c: Likewise.
> ++ * stdlib/strtod_nan_narrow.h: Likewise.
> ++ * stdlib/strtod_nan_wide.h: Likewise.
> ++ * stdlib/strtof_nan.c: Likewise.
> ++ * stdlib/strtold_nan.c: Likewise.
> ++ * sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h: Likewise.
> ++ * sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h: Likewise.
> ++ * sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h: Likewise.
> ++ * wcsmbs/wcstod_nan.c: Likewise.
> ++ * wcsmbs/wcstof_nan.c: Likewise.
> ++ * wcsmbs/wcstold_nan.c: Likewise.
> ++ * stdlib/Makefile (routines): Add strtof_nan, strtod_nan and
> ++ strtold_nan.
> ++ * wcsmbs/Makefile (routines): Add wcstod_nan, wcstold_nan and
> ++ wcstof_nan.
> ++ * include/stdlib.h (__strtof_nan): Declare and use
> ++ libc_hidden_proto.
> ++ (__strtod_nan): Likewise.
> ++ (__strtold_nan): Likewise.
> ++ (__wcstof_nan): Likewise.
> ++ (__wcstod_nan): Likewise.
> ++ (__wcstold_nan): Likewise.
> ++ * include/wchar.h (____wcstoull_l_internal): Declare.
> ++ * stdlib/strtod_l.c: Do not include <ieee754.h>.
> ++ (____strtoull_l_internal): Remove declaration.
> ++ (STRTOF_NAN): Define macro.
> ++ (SET_MANTISSA): Remove macro.
> ++ (STRTOULL): Likewise.
> ++ (____STRTOF_INTERNAL): Use STRTOF_NAN to parse NaN payload.
> ++ * stdlib/strtof_l.c (____strtoull_l_internal): Remove declaration.
> ++ (STRTOF_NAN): Define macro.
> ++ (SET_MANTISSA): Remove macro.
> ++ * sysdeps/ieee754/ldbl-128/strtold_l.c (STRTOF_NAN): Define macro.
> ++ (SET_MANTISSA): Remove macro.
> ++ * sysdeps/ieee754/ldbl-128ibm/strtold_l.c (STRTOF_NAN): Define
> ++ macro.
> ++ (SET_MANTISSA): Remove macro.
> ++ * sysdeps/ieee754/ldbl-64-128/strtold_l.c (STRTOF_NAN): Define
> ++ macro.
> ++ (SET_MANTISSA): Remove macro.
> ++ * sysdeps/ieee754/ldbl-96/strtold_l.c (STRTOF_NAN): Define macro.
> ++ (SET_MANTISSA): Remove macro.
> ++ * wcsmbs/wcstod_l.c (____wcstoull_l_internal): Remove declaration.
> ++ * wcsmbs/wcstof_l.c (____wcstoull_l_internal): Likewise.
> ++ * wcsmbs/wcstold_l.c (____wcstoull_l_internal): Likewise.
> ++
> ++ [BZ #19266]
> ++ * stdlib/strtod_l.c (____STRTOF_INTERNAL): Check directly for
> ++ upper case and lower case letters inside NAN(), not using TOLOWER.
> + 2015-08-08 Paul Pluzhnikov <ppluzhnikov@google.com>
> +
> + [BZ #17905]
> diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch b/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
> new file mode 100644
> index 0000000..0df5e50
> --- /dev/null
> +++ b/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
> @@ -0,0 +1,388 @@
> +From 8f5e8b01a1da2a207228f2072c934fa5918554b8 Mon Sep 17 00:00:00 2001
> +From: Joseph Myers <joseph@codesourcery.com>
> +Date: Fri, 4 Dec 2015 20:36:28 +0000
> +Subject: [PATCH] Fix nan functions handling of payload strings (bug 16961, bug
> + 16962).
> +
> +The nan, nanf and nanl functions handle payload strings by doing e.g.:
> +
> + if (tagp[0] != '\0')
> + {
> + char buf[6 + strlen (tagp)];
> + sprintf (buf, "NAN(%s)", tagp);
> + return strtod (buf, NULL);
> + }
> +
> +This is an unbounded stack allocation based on the length of the
> +argument. Furthermore, if the argument starts with an n-char-sequence
> +followed by ')', that n-char-sequence is wrongly treated as
> +significant for determining the payload of the resulting NaN, when ISO
> +C says the call should be equivalent to strtod ("NAN", NULL), without
> +being affected by that initial n-char-sequence. This patch fixes both
> +those problems by using the __strtod_nan etc. functions recently
> +factored out of strtod etc. for that purpose, with those functions
> +being exported from libc at version GLIBC_PRIVATE.
> +
> +Tested for x86_64, x86, mips64 and powerpc.
> +
> + [BZ #16961]
> + [BZ #16962]
> + * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
> + string on the stack for strtod.
> + * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
> + a string on the stack for strtof.
> + * math/s_nanl.c (__nanl): Use __strtold_nan instead of
> + constructing a string on the stack for strtold.
> + * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
> + __strtold_nan to GLIBC_PRIVATE.
> + * math/test-nan-overflow.c: New file.
> + * math/test-nan-payload.c: Likewise.
> + * math/Makefile (tests): Add test-nan-overflow and
> + test-nan-payload.
> +
> +Upstream-Status: Backport
> +CVE: CVE-2015-9761 patch #2
> +[Yocto # 8980]
> +
> +https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f5e8b01a1da2a207228f2072c934fa5918554b8
> +
> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> +
> +---
> + ChangeLog | 17 +++++++
> + NEWS | 6 +++
> + math/Makefile | 3 +-
> + math/s_nan.c | 9 +---
> + math/s_nanf.c | 9 +---
> + math/s_nanl.c | 9 +---
> + math/test-nan-overflow.c | 66 +++++++++++++++++++++++++
> + math/test-nan-payload.c | 122 +++++++++++++++++++++++++++++++++++++++++++++++
> + stdlib/Versions | 1 +
> + 9 files changed, 217 insertions(+), 25 deletions(-)
> + create mode 100644 math/test-nan-overflow.c
> + create mode 100644 math/test-nan-payload.c
> +
> +Index: git/ChangeLog
> +===================================================================
> +--- git.orig/ChangeLog
> ++++ git/ChangeLog
> +@@ -1,3 +1,20 @@
> ++2015-12-04 Joseph Myers <joseph@codesourcery.com>
> ++
> ++ [BZ #16961]
> ++ [BZ #16962]
> ++ * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
> ++ string on the stack for strtod.
> ++ * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
> ++ a string on the stack for strtof.
> ++ * math/s_nanl.c (__nanl): Use __strtold_nan instead of
> ++ constructing a string on the stack for strtold.
> ++ * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
> ++ __strtold_nan to GLIBC_PRIVATE.
> ++ * math/test-nan-overflow.c: New file.
> ++ * math/test-nan-payload.c: Likewise.
> ++ * math/Makefile (tests): Add test-nan-overflow and
> ++ test-nan-payload.
> ++
> + 2015-11-24 Joseph Myers <joseph@codesourcery.com>
> +
> + * stdlib/strtod_nan.c: New file.
> +Index: git/NEWS
> +===================================================================
> +--- git.orig/NEWS
> ++++ git/NEWS
> +@@ -7,6 +7,12 @@ using `glibc' in the "product" field.
> + \f
> + Version 2.21
> +
> ++Security related changes:
> ++
> ++* The nan, nanf and nanl functions no longer have unbounded stack usage
> ++ depending on the length of the string passed as an argument to the
> ++ functions. Reported by Joseph Myers.
> ++
> + * The following bugs are resolved with this release:
> +
> + 6652, 10672, 12674, 12847, 12926, 13862, 14132, 14138, 14171, 14498,
> +Index: git/math/s_nan.c
> +===================================================================
> +--- git.orig/math/s_nan.c
> ++++ git/math/s_nan.c
> +@@ -28,14 +28,7 @@
> + double
> + __nan (const char *tagp)
> + {
> +- if (tagp[0] != '\0')
> +- {
> +- char buf[6 + strlen (tagp)];
> +- sprintf (buf, "NAN(%s)", tagp);
> +- return strtod (buf, NULL);
> +- }
> +-
> +- return NAN;
> ++ return __strtod_nan (tagp, NULL, 0);
> + }
> + weak_alias (__nan, nan)
> + #ifdef NO_LONG_DOUBLE
> +Index: git/math/s_nanf.c
> +===================================================================
> +--- git.orig/math/s_nanf.c
> ++++ git/math/s_nanf.c
> +@@ -28,13 +28,6 @@
> + float
> + __nanf (const char *tagp)
> + {
> +- if (tagp[0] != '\0')
> +- {
> +- char buf[6 + strlen (tagp)];
> +- sprintf (buf, "NAN(%s)", tagp);
> +- return strtof (buf, NULL);
> +- }
> +-
> +- return NAN;
> ++ return __strtof_nan (tagp, NULL, 0);
> + }
> + weak_alias (__nanf, nanf)
> +Index: git/math/s_nanl.c
> +===================================================================
> +--- git.orig/math/s_nanl.c
> ++++ git/math/s_nanl.c
> +@@ -28,13 +28,6 @@
> + long double
> + __nanl (const char *tagp)
> + {
> +- if (tagp[0] != '\0')
> +- {
> +- char buf[6 + strlen (tagp)];
> +- sprintf (buf, "NAN(%s)", tagp);
> +- return strtold (buf, NULL);
> +- }
> +-
> +- return NAN;
> ++ return __strtold_nan (tagp, NULL, 0);
> + }
> + weak_alias (__nanl, nanl)
> +Index: git/math/test-nan-overflow.c
> +===================================================================
> +--- /dev/null
> ++++ git/math/test-nan-overflow.c
> +@@ -0,0 +1,66 @@
> ++/* Test nan functions stack overflow (bug 16962).
> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> ++ This file is part of the GNU C Library.
> ++
> ++ The GNU C Library is free software; you can redistribute it and/or
> ++ modify it under the terms of the GNU Lesser General Public
> ++ License as published by the Free Software Foundation; either
> ++ version 2.1 of the License, or (at your option) any later version.
> ++
> ++ The GNU C Library is distributed in the hope that it will be useful,
> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> ++ Lesser General Public License for more details.
> ++
> ++ You should have received a copy of the GNU Lesser General Public
> ++ License along with the GNU C Library; if not, see
> ++ <http://www.gnu.org/licenses/>. */
> ++
> ++#include <math.h>
> ++#include <stdio.h>
> ++#include <string.h>
> ++#include <sys/resource.h>
> ++
> ++#define STACK_LIM 1048576
> ++#define STRING_SIZE (2 * STACK_LIM)
> ++
> ++static int
> ++do_test (void)
> ++{
> ++ int result = 0;
> ++ struct rlimit lim;
> ++ getrlimit (RLIMIT_STACK, &lim);
> ++ lim.rlim_cur = STACK_LIM;
> ++ setrlimit (RLIMIT_STACK, &lim);
> ++ char *nanstr = malloc (STRING_SIZE);
> ++ if (nanstr == NULL)
> ++ {
> ++ puts ("malloc failed, cannot test");
> ++ return 77;
> ++ }
> ++ memset (nanstr, '0', STRING_SIZE - 1);
> ++ nanstr[STRING_SIZE - 1] = 0;
> ++#define NAN_TEST(TYPE, FUNC) \
> ++ do \
> ++ { \
> ++ char *volatile p = nanstr; \
> ++ volatile TYPE v = FUNC (p); \
> ++ if (isnan (v)) \
> ++ puts ("PASS: " #FUNC); \
> ++ else \
> ++ { \
> ++ puts ("FAIL: " #FUNC); \
> ++ result = 1; \
> ++ } \
> ++ } \
> ++ while (0)
> ++ NAN_TEST (float, nanf);
> ++ NAN_TEST (double, nan);
> ++#ifndef NO_LONG_DOUBLE
> ++ NAN_TEST (long double, nanl);
> ++#endif
> ++ return result;
> ++}
> ++
> ++#define TEST_FUNCTION do_test ()
> ++#include "../test-skeleton.c"
> +Index: git/math/test-nan-payload.c
> +===================================================================
> +--- /dev/null
> ++++ git/math/test-nan-payload.c
> +@@ -0,0 +1,122 @@
> ++/* Test nan functions payload handling (bug 16961).
> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> ++ This file is part of the GNU C Library.
> ++
> ++ The GNU C Library is free software; you can redistribute it and/or
> ++ modify it under the terms of the GNU Lesser General Public
> ++ License as published by the Free Software Foundation; either
> ++ version 2.1 of the License, or (at your option) any later version.
> ++
> ++ The GNU C Library is distributed in the hope that it will be useful,
> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> ++ Lesser General Public License for more details.
> ++
> ++ You should have received a copy of the GNU Lesser General Public
> ++ License along with the GNU C Library; if not, see
> ++ <http://www.gnu.org/licenses/>. */
> ++
> ++#include <float.h>
> ++#include <math.h>
> ++#include <stdio.h>
> ++#include <stdlib.h>
> ++#include <string.h>
> ++
> ++/* Avoid built-in functions. */
> ++#define WRAP_NAN(FUNC, STR) \
> ++ ({ const char *volatile wns = (STR); FUNC (wns); })
> ++#define WRAP_STRTO(FUNC, STR) \
> ++ ({ const char *volatile wss = (STR); FUNC (wss, NULL); })
> ++
> ++#define CHECK_IS_NAN(TYPE, A) \
> ++ do \
> ++ { \
> ++ if (isnan (A)) \
> ++ puts ("PASS: " #TYPE " " #A); \
> ++ else \
> ++ { \
> ++ puts ("FAIL: " #TYPE " " #A); \
> ++ result = 1; \
> ++ } \
> ++ } \
> ++ while (0)
> ++
> ++#define CHECK_SAME_NAN(TYPE, A, B) \
> ++ do \
> ++ { \
> ++ if (memcmp (&(A), &(B), sizeof (A)) == 0) \
> ++ puts ("PASS: " #TYPE " " #A " = " #B); \
> ++ else \
> ++ { \
> ++ puts ("FAIL: " #TYPE " " #A " = " #B); \
> ++ result = 1; \
> ++ } \
> ++ } \
> ++ while (0)
> ++
> ++#define CHECK_DIFF_NAN(TYPE, A, B) \
> ++ do \
> ++ { \
> ++ if (memcmp (&(A), &(B), sizeof (A)) != 0) \
> ++ puts ("PASS: " #TYPE " " #A " != " #B); \
> ++ else \
> ++ { \
> ++ puts ("FAIL: " #TYPE " " #A " != " #B); \
> ++ result = 1; \
> ++ } \
> ++ } \
> ++ while (0)
> ++
> ++/* Cannot test payloads by memcmp for formats where NaNs have padding
> ++ bits. */
> ++#define CAN_TEST_EQ(MANT_DIG) ((MANT_DIG) != 64 && (MANT_DIG) != 106)
> ++
> ++#define RUN_TESTS(TYPE, SFUNC, FUNC, MANT_DIG) \
> ++ do \
> ++ { \
> ++ TYPE n123 = WRAP_NAN (FUNC, "123"); \
> ++ CHECK_IS_NAN (TYPE, n123); \
> ++ TYPE s123 = WRAP_STRTO (SFUNC, "NAN(123)"); \
> ++ CHECK_IS_NAN (TYPE, s123); \
> ++ TYPE n456 = WRAP_NAN (FUNC, "456"); \
> ++ CHECK_IS_NAN (TYPE, n456); \
> ++ TYPE s456 = WRAP_STRTO (SFUNC, "NAN(456)"); \
> ++ CHECK_IS_NAN (TYPE, s456); \
> ++ TYPE n123x = WRAP_NAN (FUNC, "123)"); \
> ++ CHECK_IS_NAN (TYPE, n123x); \
> ++ TYPE nemp = WRAP_NAN (FUNC, ""); \
> ++ CHECK_IS_NAN (TYPE, nemp); \
> ++ TYPE semp = WRAP_STRTO (SFUNC, "NAN()"); \
> ++ CHECK_IS_NAN (TYPE, semp); \
> ++ TYPE sx = WRAP_STRTO (SFUNC, "NAN"); \
> ++ CHECK_IS_NAN (TYPE, sx); \
> ++ if (CAN_TEST_EQ (MANT_DIG)) \
> ++ CHECK_SAME_NAN (TYPE, n123, s123); \
> ++ if (CAN_TEST_EQ (MANT_DIG)) \
> ++ CHECK_SAME_NAN (TYPE, n456, s456); \
> ++ if (CAN_TEST_EQ (MANT_DIG)) \
> ++ CHECK_SAME_NAN (TYPE, nemp, semp); \
> ++ if (CAN_TEST_EQ (MANT_DIG)) \
> ++ CHECK_SAME_NAN (TYPE, n123x, sx); \
> ++ CHECK_DIFF_NAN (TYPE, n123, n456); \
> ++ CHECK_DIFF_NAN (TYPE, n123, nemp); \
> ++ CHECK_DIFF_NAN (TYPE, n123, n123x); \
> ++ CHECK_DIFF_NAN (TYPE, n456, nemp); \
> ++ CHECK_DIFF_NAN (TYPE, n456, n123x); \
> ++ } \
> ++ while (0)
> ++
> ++static int
> ++do_test (void)
> ++{
> ++ int result = 0;
> ++ RUN_TESTS (float, strtof, nanf, FLT_MANT_DIG);
> ++ RUN_TESTS (double, strtod, nan, DBL_MANT_DIG);
> ++#ifndef NO_LONG_DOUBLE
> ++ RUN_TESTS (long double, strtold, nanl, LDBL_MANT_DIG);
> ++#endif
> ++ return result;
> ++}
> ++
> ++#define TEST_FUNCTION do_test ()
> ++#include "../test-skeleton.c"
> +Index: git/stdlib/Versions
> +===================================================================
> +--- git.orig/stdlib/Versions
> ++++ git/stdlib/Versions
> +@@ -118,5 +118,6 @@ libc {
> + # Used from other libraries
> + __libc_secure_getenv;
> + __call_tls_dtors;
> ++ __strtof_nan; __strtod_nan; __strtold_nan;
> + }
> + }
> +Index: git/math/Makefile
> +===================================================================
> +--- git.orig/math/Makefile
> ++++ git/math/Makefile
> +@@ -92,7 +92,9 @@ tests = test-matherr test-fenv atest-exp
> + test-misc test-fpucw test-fpucw-ieee tst-definitions test-tgmath \
> + test-tgmath-ret bug-nextafter bug-nexttoward bug-tgmath1 \
> + test-tgmath-int test-tgmath2 test-powl tst-CMPLX tst-CMPLX2 test-snan \
> +- test-fenv-tls test-fenv-preserve test-fenv-return $(tests-static)
> ++ test-fenv-tls test-fenv-preserve test-fenv-return \
> ++ test-nan-overflow test-nan-payload \
> ++ $(tests-static)
> + tests-static = test-fpucw-static test-fpucw-ieee-static
> + # We do the `long double' tests only if this data type is available and
> + # distinct from `double'.
> diff --git a/meta/recipes-core/glibc/glibc_2.20.bb b/meta/recipes-core/glibc/glibc_2.20.bb
> index af568d9..d099d5d 100644
> --- a/meta/recipes-core/glibc/glibc_2.20.bb
> +++ b/meta/recipes-core/glibc/glibc_2.20.bb
> @@ -50,6 +50,8 @@ CVEPATCHES = "\
> file://CVE-2015-7547.patch \
> file://CVE-2015-8777.patch \
> file://CVE-2015-8779.patch \
> + file://CVE-2015-9761_1.patch \
> + file://CVE-2015-9761_2.patch \
> "
>
> LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
> --
> 2.3.5
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
--
Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 188 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [dizzy][PATCH 3/4] glibc: CVE-2015-9761
[not found] ` <56D89FF7.2050201@mvista.com>
@ 2016-03-03 20:47 ` Martin Jansa
2016-03-11 13:58 ` Martin Jansa
0 siblings, 1 reply; 9+ messages in thread
From: Martin Jansa @ 2016-03-03 20:47 UTC (permalink / raw)
To: akuster@mvista; +Cc: Patches and discussions about the oe-core layer
[-- Attachment #1: Type: text/plain, Size: 71344 bytes --]
I was asking you about the CVE number (but I realize it was already merged
in other branches with wrong number so maybe it will be less confusing use
the same in Dizzy)
And "please merge" was informal
Acked-by: Martin Jansa <Martin.Jansa@gmail.com>
after testing this series in our Dizzy based builds.
On Thu, Mar 3, 2016 at 9:35 PM, akuster@mvista <akuster@mvista.com> wrote:
> On 3/3/16 12:16 AM, Martin Jansa wrote:
> > On Sun, Feb 28, 2016 at 10:53:34AM -0800, Armin Kuster wrote:
> >> From: Armin Kuster <akuster@mvista.com>
> >
> > I think this is 2014-9761 not 2015-9761
> >
> > But other than that please merge this series.
>
> Are you asking me? I don't have write perms.
>
> - armin
> >
> >> A stack overflow vulnerability was found in nan* functions that could
> cause
> >> applications which process long strings with the nan function to crash
> or,
> >> potentially, execute arbitrary code.
> >>
> >> (From OE-Core rev: fd3da8178c8c06b549dbc19ecec40e98ab934d49)
> >>
> >> Signed-off-by: Armin Kuster <akuster@mvista.com>
> >> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
> >> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> >> Signed-off-by: Armin Kuster <akuster@mvista.com>
> >> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> >> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> >> ---
> >> .../recipes-core/glibc/glibc/CVE-2015-9761_1.patch | 1039
> ++++++++++++++++++++
> >> .../recipes-core/glibc/glibc/CVE-2015-9761_2.patch | 388 ++++++++
> >> meta/recipes-core/glibc/glibc_2.20.bb | 2 +
> >> 3 files changed, 1429 insertions(+)
> >> create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
> >> create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
> >>
> >> diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
> b/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
> >> new file mode 100644
> >> index 0000000..3aca913
> >> --- /dev/null
> >> +++ b/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
> >> @@ -0,0 +1,1039 @@
> >> +From e02cabecf0d025ec4f4ddee290bdf7aadb873bb3 Mon Sep 17 00:00:00 2001
> >> +From: Joseph Myers <joseph@codesourcery.com>
> >> +Date: Tue, 24 Nov 2015 22:24:52 +0000
> >> +Subject: [PATCH] Refactor strtod parsing of NaN payloads.
> >> +
> >> +The nan* functions handle their string argument by constructing a
> >> +NAN(...) string on the stack as a VLA and passing it to strtod
> >> +functions.
> >> +
> >> +This approach has problems discussed in bug 16961 and bug 16962: the
> >> +stack usage is unbounded, and it gives incorrect results in certain
> >> +cases where the argument is not a valid n-char-sequence.
> >> +
> >> +The natural fix for both issues is to refactor the NaN payload parsing
> >> +out of strtod into a separate function that the nan* functions can
> >> +call directly, so that no temporary string needs constructing on the
> >> +stack at all. This patch does that refactoring in preparation for
> >> +fixing those bugs (but without actually using the new functions from
> >> +nan* - which will also require exporting them from libc at version
> >> +GLIBC_PRIVATE). This patch is not intended to change any user-visible
> >> +behavior, so no tests are added (fixes for the above bugs will of
> >> +course add tests for them).
> >> +
> >> +This patch builds on my recent fixes for strtol and strtod issues in
> >> +Turkish locales. Given those fixes, the parsing of NaN payloads is
> >> +locale-independent; thus, the new functions do not need to take a
> >> +locale_t argument.
> >> +
> >> +Tested for x86_64, x86, mips64 and powerpc.
> >> +
> >> + * stdlib/strtod_nan.c: New file.
> >> + * stdlib/strtod_nan_double.h: Likewise.
> >> + * stdlib/strtod_nan_float.h: Likewise.
> >> + * stdlib/strtod_nan_main.c: Likewise.
> >> + * stdlib/strtod_nan_narrow.h: Likewise.
> >> + * stdlib/strtod_nan_wide.h: Likewise.
> >> + * stdlib/strtof_nan.c: Likewise.
> >> + * stdlib/strtold_nan.c: Likewise.
> >> + * sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h: Likewise.
> >> + * sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h: Likewise.
> >> + * sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h: Likewise.
> >> + * wcsmbs/wcstod_nan.c: Likewise.
> >> + * wcsmbs/wcstof_nan.c: Likewise.
> >> + * wcsmbs/wcstold_nan.c: Likewise.
> >> + * stdlib/Makefile (routines): Add strtof_nan, strtod_nan and
> >> + strtold_nan.
> >> + * wcsmbs/Makefile (routines): Add wcstod_nan, wcstold_nan and
> >> + wcstof_nan.
> >> + * include/stdlib.h (__strtof_nan): Declare and use
> >> + libc_hidden_proto.
> >> + (__strtod_nan): Likewise.
> >> + (__strtold_nan): Likewise.
> >> + (__wcstof_nan): Likewise.
> >> + (__wcstod_nan): Likewise.
> >> + (__wcstold_nan): Likewise.
> >> + * include/wchar.h (____wcstoull_l_internal): Declare.
> >> + * stdlib/strtod_l.c: Do not include <ieee754.h>.
> >> + (____strtoull_l_internal): Remove declaration.
> >> + (STRTOF_NAN): Define macro.
> >> + (SET_MANTISSA): Remove macro.
> >> + (STRTOULL): Likewise.
> >> + (____STRTOF_INTERNAL): Use STRTOF_NAN to parse NaN payload.
> >> + * stdlib/strtof_l.c (____strtoull_l_internal): Remove declaration.
> >> + (STRTOF_NAN): Define macro.
> >> + (SET_MANTISSA): Remove macro.
> >> + * sysdeps/ieee754/ldbl-128/strtold_l.c (STRTOF_NAN): Define macro.
> >> + (SET_MANTISSA): Remove macro.
> >> + * sysdeps/ieee754/ldbl-128ibm/strtold_l.c (STRTOF_NAN): Define
> >> + macro.
> >> + (SET_MANTISSA): Remove macro.
> >> + * sysdeps/ieee754/ldbl-64-128/strtold_l.c (STRTOF_NAN): Define
> >> + macro.
> >> + (SET_MANTISSA): Remove macro.
> >> + * sysdeps/ieee754/ldbl-96/strtold_l.c (STRTOF_NAN): Define macro.
> >> + (SET_MANTISSA): Remove macro.
> >> + * wcsmbs/wcstod_l.c (____wcstoull_l_internal): Remove declaration.
> >> + * wcsmbs/wcstof_l.c (____wcstoull_l_internal): Likewise.
> >> + * wcsmbs/wcstold_l.c (____wcstoull_l_internal): Likewise.
> >> +
> >> +Upstream-Status: Backport
> >> +CVE: CVE-2015-9761 patch #1
> >> +[Yocto # 8980]
> >> +
> >> +
> https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02cabecf0d025ec4f4ddee290bdf7aadb873bb3
> >> +
> >> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> >> +
> >> +---
> >> + ChangeLog | 49
> ++++++++++++++++++
> >> + include/stdlib.h | 18 +++++++
> >> + include/wchar.h | 3 ++
> >> + stdlib/Makefile | 1 +
> >> + stdlib/strtod_l.c | 48
> ++++--------------
> >> + stdlib/strtod_nan.c | 24 +++++++++
> >> + stdlib/strtod_nan_double.h | 30 +++++++++++
> >> + stdlib/strtod_nan_float.h | 29 +++++++++++
> >> + stdlib/strtod_nan_main.c | 63
> ++++++++++++++++++++++++
> >> + stdlib/strtod_nan_narrow.h | 22 +++++++++
> >> + stdlib/strtod_nan_wide.h | 22 +++++++++
> >> + stdlib/strtof_l.c | 11 +----
> >> + stdlib/strtof_nan.c | 24 +++++++++
> >> + stdlib/strtold_nan.c | 30 +++++++++++
> >> + sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h | 33 +++++++++++++
> >> + sysdeps/ieee754/ldbl-128/strtold_l.c | 13 +----
> >> + sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h | 30 +++++++++++
> >> + sysdeps/ieee754/ldbl-128ibm/strtold_l.c | 10 +---
> >> + sysdeps/ieee754/ldbl-64-128/strtold_l.c | 13 +----
> >> + sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h | 30 +++++++++++
> >> + sysdeps/ieee754/ldbl-96/strtold_l.c | 10 +---
> >> + wcsmbs/Makefile | 1 +
> >> + wcsmbs/wcstod_l.c | 3 --
> >> + wcsmbs/wcstod_nan.c | 23 +++++++++
> >> + wcsmbs/wcstof_l.c | 3 --
> >> + wcsmbs/wcstof_nan.c | 23 +++++++++
> >> + wcsmbs/wcstold_l.c | 3 --
> >> + wcsmbs/wcstold_nan.c | 30 +++++++++++
> >> + 28 files changed, 504 insertions(+), 95 deletions(-)
> >> + create mode 100644 stdlib/strtod_nan.c
> >> + create mode 100644 stdlib/strtod_nan_double.h
> >> + create mode 100644 stdlib/strtod_nan_float.h
> >> + create mode 100644 stdlib/strtod_nan_main.c
> >> + create mode 100644 stdlib/strtod_nan_narrow.h
> >> + create mode 100644 stdlib/strtod_nan_wide.h
> >> + create mode 100644 stdlib/strtof_nan.c
> >> + create mode 100644 stdlib/strtold_nan.c
> >> + create mode 100644 sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
> >> + create mode 100644 sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
> >> + create mode 100644 sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
> >> + create mode 100644 wcsmbs/wcstod_nan.c
> >> + create mode 100644 wcsmbs/wcstof_nan.c
> >> + create mode 100644 wcsmbs/wcstold_nan.c
> >> +
> >> +Index: git/include/stdlib.h
> >> +===================================================================
> >> +--- git.orig/include/stdlib.h
> >> ++++ git/include/stdlib.h
> >> +@@ -203,6 +203,24 @@ libc_hidden_proto (strtoll)
> >> + libc_hidden_proto (strtoul)
> >> + libc_hidden_proto (strtoull)
> >> +
> >> ++extern float __strtof_nan (const char *, char **, char)
> internal_function;
> >> ++extern double __strtod_nan (const char *, char **, char)
> internal_function;
> >> ++extern long double __strtold_nan (const char *, char **, char)
> >> ++ internal_function;
> >> ++extern float __wcstof_nan (const wchar_t *, wchar_t **, wchar_t)
> >> ++ internal_function;
> >> ++extern double __wcstod_nan (const wchar_t *, wchar_t **, wchar_t)
> >> ++ internal_function;
> >> ++extern long double __wcstold_nan (const wchar_t *, wchar_t **,
> wchar_t)
> >> ++ internal_function;
> >> ++
> >> ++libc_hidden_proto (__strtof_nan)
> >> ++libc_hidden_proto (__strtod_nan)
> >> ++libc_hidden_proto (__strtold_nan)
> >> ++libc_hidden_proto (__wcstof_nan)
> >> ++libc_hidden_proto (__wcstod_nan)
> >> ++libc_hidden_proto (__wcstold_nan)
> >> ++
> >> + extern char *__ecvt (double __value, int __ndigit, int *__restrict
> __decpt,
> >> + int *__restrict __sign);
> >> + extern char *__fcvt (double __value, int __ndigit, int *__restrict
> __decpt,
> >> +Index: git/include/wchar.h
> >> +===================================================================
> >> +--- git.orig/include/wchar.h
> >> ++++ git/include/wchar.h
> >> +@@ -52,6 +52,9 @@ extern unsigned long long int __wcstoull
> >> + __restrict __endptr,
> >> + int __base,
> >> + int __group) __THROW;
> >> ++extern unsigned long long int ____wcstoull_l_internal (const wchar_t
> *,
> >> ++ wchar_t **, int,
> int,
> >> ++ __locale_t);
> >> + libc_hidden_proto (__wcstof_internal)
> >> + libc_hidden_proto (__wcstod_internal)
> >> + libc_hidden_proto (__wcstold_internal)
> >> +Index: git/stdlib/Makefile
> >> +===================================================================
> >> +--- git.orig/stdlib/Makefile
> >> ++++ git/stdlib/Makefile
> >> +@@ -51,6 +51,7 @@ routines-y :=
> \
> >> + strtol_l strtoul_l strtoll_l strtoull_l
> \
> >> + strtof strtod strtold
> \
> >> + strtof_l strtod_l strtold_l
> \
> >> ++ strtof_nan strtod_nan strtold_nan
> \
> >> + system canonicalize
> \
> >> + a64l l64a
> \
> >> + getsubopt xpg_basename
> \
> >> +Index: git/stdlib/strtod_l.c
> >> +===================================================================
> >> +--- git.orig/stdlib/strtod_l.c
> >> ++++ git/stdlib/strtod_l.c
> >> +@@ -21,8 +21,6 @@
> >> + #include <xlocale.h>
> >> +
> >> + extern double ____strtod_l_internal (const char *, char **, int,
> __locale_t);
> >> +-extern unsigned long long int ____strtoull_l_internal (const char *,
> char **,
> >> +- int, int,
> __locale_t);
> >> +
> >> + /* Configuration part. These macros are defined by `strtold.c',
> >> + `strtof.c', `wcstod.c', `wcstold.c', and `wcstof.c' to produce the
> >> +@@ -34,27 +32,20 @@ extern unsigned long long int ____strtou
> >> + # ifdef USE_WIDE_CHAR
> >> + # define STRTOF wcstod_l
> >> + # define __STRTOF __wcstod_l
> >> ++# define STRTOF_NAN __wcstod_nan
> >> + # else
> >> + # define STRTOF strtod_l
> >> + # define __STRTOF __strtod_l
> >> ++# define STRTOF_NAN __strtod_nan
> >> + # endif
> >> + # define MPN2FLOAT __mpn_construct_double
> >> + # define FLOAT_HUGE_VAL HUGE_VAL
> >> +-# define SET_MANTISSA(flt, mant) \
> >> +- do { union ieee754_double u;
> \
> >> +- u.d = (flt);
> \
> >> +- u.ieee_nan.mantissa0 = (mant) >> 32;
> \
> >> +- u.ieee_nan.mantissa1 = (mant);
> \
> >> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0)
> \
> >> +- (flt) = u.d;
> \
> >> +- } while (0)
> >> + #endif
> >> + /* End of configuration part. */
> >> +
> >> + #include <ctype.h>
> >> + #include <errno.h>
> >> + #include <float.h>
> >> +-#include <ieee754.h>
> >> + #include "../locale/localeinfo.h"
> >> + #include <locale.h>
> >> + #include <math.h>
> >> +@@ -105,7 +96,6 @@ extern unsigned long long int ____strtou
> >> + # define TOLOWER_C(Ch) __towlower_l ((Ch), _nl_C_locobj_ptr)
> >> + # define STRNCASECMP(S1, S2, N) \
> >> + __wcsncasecmp_l ((S1), (S2), (N), _nl_C_locobj_ptr)
> >> +-# define STRTOULL(S, E, B) ____wcstoull_l_internal ((S), (E), (B), 0,
> loc)
> >> + #else
> >> + # define STRING_TYPE char
> >> + # define CHAR_TYPE char
> >> +@@ -117,7 +107,6 @@ extern unsigned long long int ____strtou
> >> + # define TOLOWER_C(Ch) __tolower_l ((Ch), _nl_C_locobj_ptr)
> >> + # define STRNCASECMP(S1, S2, N) \
> >> + __strncasecmp_l ((S1), (S2), (N), _nl_C_locobj_ptr)
> >> +-# define STRTOULL(S, E, B) ____strtoull_l_internal ((S), (E), (B), 0,
> loc)
> >> + #endif
> >> +
> >> +
> >> +@@ -668,33 +657,14 @@ ____STRTOF_INTERNAL (nptr, endptr, group
> >> + if (*cp == L_('('))
> >> + {
> >> + const STRING_TYPE *startp = cp;
> >> +- do
> >> +- ++cp;
> >> +- while ((*cp >= L_('0') && *cp <= L_('9'))
> >> +- || ({ CHAR_TYPE lo = TOLOWER (*cp);
> >> +- lo >= L_('a') && lo <= L_('z'); })
> >> +- || *cp == L_('_'));
> >> +-
> >> +- if (*cp != L_(')'))
> >> +- /* The closing brace is missing. Only match the NAN
> >> +- part. */
> >> +- cp = startp;
> >> ++ STRING_TYPE *endp;
> >> ++ retval = STRTOF_NAN (cp + 1, &endp, L_(')'));
> >> ++ if (*endp == L_(')'))
> >> ++ /* Consume the closing parenthesis. */
> >> ++ cp = endp + 1;
> >> + else
> >> +- {
> >> +- /* This is a system-dependent way to specify the
> >> +- bitmask used for the NaN. We expect it to be
> >> +- a number which is put in the mantissa of the
> >> +- number. */
> >> +- STRING_TYPE *endp;
> >> +- unsigned long long int mant;
> >> +-
> >> +- mant = STRTOULL (startp + 1, &endp, 0);
> >> +- if (endp == cp)
> >> +- SET_MANTISSA (retval, mant);
> >> +-
> >> +- /* Consume the closing brace. */
> >> +- ++cp;
> >> +- }
> >> ++ /* Only match the NAN part. */
> >> ++ cp = startp;
> >> + }
> >> +
> >> + if (endptr != NULL)
> >> +Index: git/stdlib/strtod_nan.c
> >> +===================================================================
> >> +--- /dev/null
> >> ++++ git/stdlib/strtod_nan.c
> >> +@@ -0,0 +1,24 @@
> >> ++/* Convert string for NaN payload to corresponding NaN. Narrow
> >> ++ strings, double.
> >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> >> ++ This file is part of the GNU C Library.
> >> ++
> >> ++ The GNU C Library is free software; you can redistribute it and/or
> >> ++ modify it under the terms of the GNU Lesser General Public
> >> ++ License as published by the Free Software Foundation; either
> >> ++ version 2.1 of the License, or (at your option) any later version.
> >> ++
> >> ++ The GNU C Library is distributed in the hope that it will be
> useful,
> >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> >> ++ Lesser General Public License for more details.
> >> ++
> >> ++ You should have received a copy of the GNU Lesser General Public
> >> ++ License along with the GNU C Library; if not, see
> >> ++ <http://www.gnu.org/licenses/>. */
> >> ++
> >> ++#include <strtod_nan_narrow.h>
> >> ++#include <strtod_nan_double.h>
> >> ++
> >> ++#define STRTOD_NAN __strtod_nan
> >> ++#include <strtod_nan_main.c>
> >> +Index: git/stdlib/strtod_nan_double.h
> >> +===================================================================
> >> +--- /dev/null
> >> ++++ git/stdlib/strtod_nan_double.h
> >> +@@ -0,0 +1,30 @@
> >> ++/* Convert string for NaN payload to corresponding NaN. For double.
> >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> >> ++ This file is part of the GNU C Library.
> >> ++
> >> ++ The GNU C Library is free software; you can redistribute it and/or
> >> ++ modify it under the terms of the GNU Lesser General Public
> >> ++ License as published by the Free Software Foundation; either
> >> ++ version 2.1 of the License, or (at your option) any later version.
> >> ++
> >> ++ The GNU C Library is distributed in the hope that it will be
> useful,
> >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> >> ++ Lesser General Public License for more details.
> >> ++
> >> ++ You should have received a copy of the GNU Lesser General Public
> >> ++ License along with the GNU C Library; if not, see
> >> ++ <http://www.gnu.org/licenses/>. */
> >> ++
> >> ++#define FLOAT double
> >> ++#define SET_MANTISSA(flt, mant) \
> >> ++ do \
> >> ++ { \
> >> ++ union ieee754_double u; \
> >> ++ u.d = (flt); \
> >> ++ u.ieee_nan.mantissa0 = (mant) >> 32; \
> >> ++ u.ieee_nan.mantissa1 = (mant); \
> >> ++ if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
> >> ++ (flt) = u.d; \
> >> ++ } \
> >> ++ while (0)
> >> +Index: git/stdlib/strtod_nan_float.h
> >> +===================================================================
> >> +--- /dev/null
> >> ++++ git/stdlib/strtod_nan_float.h
> >> +@@ -0,0 +1,29 @@
> >> ++/* Convert string for NaN payload to corresponding NaN. For float.
> >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> >> ++ This file is part of the GNU C Library.
> >> ++
> >> ++ The GNU C Library is free software; you can redistribute it and/or
> >> ++ modify it under the terms of the GNU Lesser General Public
> >> ++ License as published by the Free Software Foundation; either
> >> ++ version 2.1 of the License, or (at your option) any later version.
> >> ++
> >> ++ The GNU C Library is distributed in the hope that it will be
> useful,
> >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> >> ++ Lesser General Public License for more details.
> >> ++
> >> ++ You should have received a copy of the GNU Lesser General Public
> >> ++ License along with the GNU C Library; if not, see
> >> ++ <http://www.gnu.org/licenses/>. */
> >> ++
> >> ++#define FLOAT float
> >> ++#define SET_MANTISSA(flt, mant) \
> >> ++ do \
> >> ++ { \
> >> ++ union ieee754_float u; \
> >> ++ u.f = (flt); \
> >> ++ u.ieee_nan.mantissa = (mant); \
> >> ++ if (u.ieee.mantissa != 0) \
> >> ++ (flt) = u.f; \
> >> ++ } \
> >> ++ while (0)
> >> +Index: git/stdlib/strtod_nan_main.c
> >> +===================================================================
> >> +--- /dev/null
> >> ++++ git/stdlib/strtod_nan_main.c
> >> +@@ -0,0 +1,63 @@
> >> ++/* Convert string for NaN payload to corresponding NaN.
> >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> >> ++ This file is part of the GNU C Library.
> >> ++
> >> ++ The GNU C Library is free software; you can redistribute it and/or
> >> ++ modify it under the terms of the GNU Lesser General Public
> >> ++ License as published by the Free Software Foundation; either
> >> ++ version 2.1 of the License, or (at your option) any later version.
> >> ++
> >> ++ The GNU C Library is distributed in the hope that it will be
> useful,
> >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> >> ++ Lesser General Public License for more details.
> >> ++
> >> ++ You should have received a copy of the GNU Lesser General Public
> >> ++ License along with the GNU C Library; if not, see
> >> ++ <http://www.gnu.org/licenses/>. */
> >> ++
> >> ++#include <ieee754.h>
> >> ++#include <locale.h>
> >> ++#include <math.h>
> >> ++#include <stdlib.h>
> >> ++#include <wchar.h>
> >> ++
> >> ++
> >> ++/* If STR starts with an optional n-char-sequence as defined by ISO C
> >> ++ (a sequence of ASCII letters, digits and underscores), followed by
> >> ++ ENDC, return a NaN whose payload is set based on STR. Otherwise,
> >> ++ return a default NAN. If ENDPTR is not NULL, set *ENDPTR to point
> >> ++ to the character after the initial n-char-sequence. */
> >> ++
> >> ++internal_function
> >> ++FLOAT
> >> ++STRTOD_NAN (const STRING_TYPE *str, STRING_TYPE **endptr, STRING_TYPE
> endc)
> >> ++{
> >> ++ const STRING_TYPE *cp = str;
> >> ++
> >> ++ while ((*cp >= L_('0') && *cp <= L_('9'))
> >> ++ || (*cp >= L_('A') && *cp <= L_('Z'))
> >> ++ || (*cp >= L_('a') && *cp <= L_('z'))
> >> ++ || *cp == L_('_'))
> >> ++ ++cp;
> >> ++
> >> ++ FLOAT retval = NAN;
> >> ++ if (*cp != endc)
> >> ++ goto out;
> >> ++
> >> ++ /* This is a system-dependent way to specify the bitmask used for
> >> ++ the NaN. We expect it to be a number which is put in the
> >> ++ mantissa of the number. */
> >> ++ STRING_TYPE *endp;
> >> ++ unsigned long long int mant;
> >> ++
> >> ++ mant = STRTOULL (str, &endp, 0);
> >> ++ if (endp == cp)
> >> ++ SET_MANTISSA (retval, mant);
> >> ++
> >> ++ out:
> >> ++ if (endptr != NULL)
> >> ++ *endptr = (STRING_TYPE *) cp;
> >> ++ return retval;
> >> ++}
> >> ++libc_hidden_def (STRTOD_NAN)
> >> +Index: git/stdlib/strtod_nan_narrow.h
> >> +===================================================================
> >> +--- /dev/null
> >> ++++ git/stdlib/strtod_nan_narrow.h
> >> +@@ -0,0 +1,22 @@
> >> ++/* Convert string for NaN payload to corresponding NaN. Narrow
> strings.
> >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> >> ++ This file is part of the GNU C Library.
> >> ++
> >> ++ The GNU C Library is free software; you can redistribute it and/or
> >> ++ modify it under the terms of the GNU Lesser General Public
> >> ++ License as published by the Free Software Foundation; either
> >> ++ version 2.1 of the License, or (at your option) any later version.
> >> ++
> >> ++ The GNU C Library is distributed in the hope that it will be
> useful,
> >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> >> ++ Lesser General Public License for more details.
> >> ++
> >> ++ You should have received a copy of the GNU Lesser General Public
> >> ++ License along with the GNU C Library; if not, see
> >> ++ <http://www.gnu.org/licenses/>. */
> >> ++
> >> ++#define STRING_TYPE char
> >> ++#define L_(Ch) Ch
> >> ++#define STRTOULL(S, E, B) ____strtoull_l_internal ((S), (E), (B), 0,
> \
> >> ++ _nl_C_locobj_ptr)
> >> +Index: git/stdlib/strtod_nan_wide.h
> >> +===================================================================
> >> +--- /dev/null
> >> ++++ git/stdlib/strtod_nan_wide.h
> >> +@@ -0,0 +1,22 @@
> >> ++/* Convert string for NaN payload to corresponding NaN. Wide strings.
> >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> >> ++ This file is part of the GNU C Library.
> >> ++
> >> ++ The GNU C Library is free software; you can redistribute it and/or
> >> ++ modify it under the terms of the GNU Lesser General Public
> >> ++ License as published by the Free Software Foundation; either
> >> ++ version 2.1 of the License, or (at your option) any later version.
> >> ++
> >> ++ The GNU C Library is distributed in the hope that it will be
> useful,
> >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> >> ++ Lesser General Public License for more details.
> >> ++
> >> ++ You should have received a copy of the GNU Lesser General Public
> >> ++ License along with the GNU C Library; if not, see
> >> ++ <http://www.gnu.org/licenses/>. */
> >> ++
> >> ++#define STRING_TYPE wchar_t
> >> ++#define L_(Ch) L##Ch
> >> ++#define STRTOULL(S, E, B) ____wcstoull_l_internal ((S), (E), (B), 0,
> \
> >> ++ _nl_C_locobj_ptr)
> >> +Index: git/stdlib/strtof_l.c
> >> +===================================================================
> >> +--- git.orig/stdlib/strtof_l.c
> >> ++++ git/stdlib/strtof_l.c
> >> +@@ -20,26 +20,19 @@
> >> + #include <xlocale.h>
> >> +
> >> + extern float ____strtof_l_internal (const char *, char **, int,
> __locale_t);
> >> +-extern unsigned long long int ____strtoull_l_internal (const char *,
> char **,
> >> +- int, int,
> __locale_t);
> >> +
> >> + #define FLOAT float
> >> + #define FLT FLT
> >> + #ifdef USE_WIDE_CHAR
> >> + # define STRTOF wcstof_l
> >> + # define __STRTOF __wcstof_l
> >> ++# define STRTOF_NAN __wcstof_nan
> >> + #else
> >> + # define STRTOF strtof_l
> >> + # define __STRTOF __strtof_l
> >> ++# define STRTOF_NAN __strtof_nan
> >> + #endif
> >> + #define MPN2FLOAT __mpn_construct_float
> >> + #define FLOAT_HUGE_VAL HUGE_VALF
> >> +-#define SET_MANTISSA(flt, mant) \
> >> +- do { union ieee754_float u;
> \
> >> +- u.f = (flt);
> \
> >> +- u.ieee_nan.mantissa = (mant);
> \
> >> +- if (u.ieee.mantissa != 0)
> \
> >> +- (flt) = u.f;
> \
> >> +- } while (0)
> >> +
> >> + #include "strtod_l.c"
> >> +Index: git/stdlib/strtof_nan.c
> >> +===================================================================
> >> +--- /dev/null
> >> ++++ git/stdlib/strtof_nan.c
> >> +@@ -0,0 +1,24 @@
> >> ++/* Convert string for NaN payload to corresponding NaN. Narrow
> >> ++ strings, float.
> >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> >> ++ This file is part of the GNU C Library.
> >> ++
> >> ++ The GNU C Library is free software; you can redistribute it and/or
> >> ++ modify it under the terms of the GNU Lesser General Public
> >> ++ License as published by the Free Software Foundation; either
> >> ++ version 2.1 of the License, or (at your option) any later version.
> >> ++
> >> ++ The GNU C Library is distributed in the hope that it will be
> useful,
> >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> >> ++ Lesser General Public License for more details.
> >> ++
> >> ++ You should have received a copy of the GNU Lesser General Public
> >> ++ License along with the GNU C Library; if not, see
> >> ++ <http://www.gnu.org/licenses/>. */
> >> ++
> >> ++#include <strtod_nan_narrow.h>
> >> ++#include <strtod_nan_float.h>
> >> ++
> >> ++#define STRTOD_NAN __strtof_nan
> >> ++#include <strtod_nan_main.c>
> >> +Index: git/stdlib/strtold_nan.c
> >> +===================================================================
> >> +--- /dev/null
> >> ++++ git/stdlib/strtold_nan.c
> >> +@@ -0,0 +1,30 @@
> >> ++/* Convert string for NaN payload to corresponding NaN. Narrow
> >> ++ strings, long double.
> >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> >> ++ This file is part of the GNU C Library.
> >> ++
> >> ++ The GNU C Library is free software; you can redistribute it and/or
> >> ++ modify it under the terms of the GNU Lesser General Public
> >> ++ License as published by the Free Software Foundation; either
> >> ++ version 2.1 of the License, or (at your option) any later version.
> >> ++
> >> ++ The GNU C Library is distributed in the hope that it will be
> useful,
> >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> >> ++ Lesser General Public License for more details.
> >> ++
> >> ++ You should have received a copy of the GNU Lesser General Public
> >> ++ License along with the GNU C Library; if not, see
> >> ++ <http://www.gnu.org/licenses/>. */
> >> ++
> >> ++#include <math.h>
> >> ++
> >> ++/* This function is unused if long double and double have the same
> >> ++ representation. */
> >> ++#ifndef __NO_LONG_DOUBLE_MATH
> >> ++# include <strtod_nan_narrow.h>
> >> ++# include <strtod_nan_ldouble.h>
> >> ++
> >> ++# define STRTOD_NAN __strtold_nan
> >> ++# include <strtod_nan_main.c>
> >> ++#endif
> >> +Index: git/sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
> >> +===================================================================
> >> +--- /dev/null
> >> ++++ git/sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
> >> +@@ -0,0 +1,33 @@
> >> ++/* Convert string for NaN payload to corresponding NaN. For ldbl-128.
> >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> >> ++ This file is part of the GNU C Library.
> >> ++
> >> ++ The GNU C Library is free software; you can redistribute it and/or
> >> ++ modify it under the terms of the GNU Lesser General Public
> >> ++ License as published by the Free Software Foundation; either
> >> ++ version 2.1 of the License, or (at your option) any later version.
> >> ++
> >> ++ The GNU C Library is distributed in the hope that it will be
> useful,
> >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> >> ++ Lesser General Public License for more details.
> >> ++
> >> ++ You should have received a copy of the GNU Lesser General Public
> >> ++ License along with the GNU C Library; if not, see
> >> ++ <http://www.gnu.org/licenses/>. */
> >> ++
> >> ++#define FLOAT long double
> >> ++#define SET_MANTISSA(flt, mant) \
> >> ++ do \
> >> ++ { \
> >> ++ union ieee854_long_double u; \
> >> ++ u.d = (flt); \
> >> ++ u.ieee_nan.mantissa0 = 0; \
> >> ++ u.ieee_nan.mantissa1 = 0; \
> >> ++ u.ieee_nan.mantissa2 = (mant) >> 32; \
> >> ++ u.ieee_nan.mantissa3 = (mant); \
> >> ++ if ((u.ieee.mantissa0 | u.ieee.mantissa1 \
> >> ++ | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \
> >> ++ (flt) = u.d; \
> >> ++ } \
> >> ++ while (0)
> >> +Index: git/sysdeps/ieee754/ldbl-128/strtold_l.c
> >> +===================================================================
> >> +--- git.orig/sysdeps/ieee754/ldbl-128/strtold_l.c
> >> ++++ git/sysdeps/ieee754/ldbl-128/strtold_l.c
> >> +@@ -25,22 +25,13 @@
> >> + #ifdef USE_WIDE_CHAR
> >> + # define STRTOF wcstold_l
> >> + # define __STRTOF __wcstold_l
> >> ++# define STRTOF_NAN __wcstold_nan
> >> + #else
> >> + # define STRTOF strtold_l
> >> + # define __STRTOF __strtold_l
> >> ++# define STRTOF_NAN __strtold_nan
> >> + #endif
> >> + #define MPN2FLOAT __mpn_construct_long_double
> >> + #define FLOAT_HUGE_VAL HUGE_VALL
> >> +-#define SET_MANTISSA(flt, mant) \
> >> +- do { union ieee854_long_double u;
> \
> >> +- u.d = (flt);
> \
> >> +- u.ieee_nan.mantissa0 = 0;
> \
> >> +- u.ieee_nan.mantissa1 = 0;
> \
> >> +- u.ieee_nan.mantissa2 = (mant) >> 32;
> \
> >> +- u.ieee_nan.mantissa3 = (mant);
> \
> >> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1
> \
> >> +- | u.ieee.mantissa2 | u.ieee.mantissa3) != 0)
> \
> >> +- (flt) = u.d;
> \
> >> +- } while (0)
> >> +
> >> + #include <strtod_l.c>
> >> +Index: git/sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
> >> +===================================================================
> >> +--- /dev/null
> >> ++++ git/sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
> >> +@@ -0,0 +1,30 @@
> >> ++/* Convert string for NaN payload to corresponding NaN. For
> ldbl-128ibm.
> >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> >> ++ This file is part of the GNU C Library.
> >> ++
> >> ++ The GNU C Library is free software; you can redistribute it and/or
> >> ++ modify it under the terms of the GNU Lesser General Public
> >> ++ License as published by the Free Software Foundation; either
> >> ++ version 2.1 of the License, or (at your option) any later version.
> >> ++
> >> ++ The GNU C Library is distributed in the hope that it will be
> useful,
> >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> >> ++ Lesser General Public License for more details.
> >> ++
> >> ++ You should have received a copy of the GNU Lesser General Public
> >> ++ License along with the GNU C Library; if not, see
> >> ++ <http://www.gnu.org/licenses/>. */
> >> ++
> >> ++#define FLOAT long double
> >> ++#define SET_MANTISSA(flt, mant) \
> >> ++ do \
> >> ++ { \
> >> ++ union ibm_extended_long_double u; \
> >> ++ u.ld = (flt); \
> >> ++ u.d[0].ieee_nan.mantissa0 = (mant) >> 32; \
> >> ++ u.d[0].ieee_nan.mantissa1 = (mant); \
> >> ++ if ((u.d[0].ieee.mantissa0 | u.d[0].ieee.mantissa1) != 0) \
> >> ++ (flt) = u.ld; \
> >> ++ } \
> >> ++ while (0)
> >> +Index: git/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
> >> +===================================================================
> >> +--- git.orig/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
> >> ++++ git/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
> >> +@@ -30,25 +30,19 @@ extern long double ____new_wcstold_l (co
> >> + # define STRTOF __new_wcstold_l
> >> + # define __STRTOF ____new_wcstold_l
> >> + # define ____STRTOF_INTERNAL ____wcstold_l_internal
> >> ++# define STRTOF_NAN __wcstold_nan
> >> + #else
> >> + extern long double ____new_strtold_l (const char *, char **,
> __locale_t);
> >> + # define STRTOF __new_strtold_l
> >> + # define __STRTOF ____new_strtold_l
> >> + # define ____STRTOF_INTERNAL ____strtold_l_internal
> >> ++# define STRTOF_NAN __strtold_nan
> >> + #endif
> >> + extern __typeof (__STRTOF) STRTOF;
> >> + libc_hidden_proto (__STRTOF)
> >> + libc_hidden_proto (STRTOF)
> >> + #define MPN2FLOAT __mpn_construct_long_double
> >> + #define FLOAT_HUGE_VAL HUGE_VALL
> >> +-# define SET_MANTISSA(flt, mant) \
> >> +- do { union ibm_extended_long_double u;
> \
> >> +- u.ld = (flt);
> \
> >> +- u.d[0].ieee_nan.mantissa0 = (mant) >> 32;
> \
> >> +- u.d[0].ieee_nan.mantissa1 = (mant);
> \
> >> +- if ((u.d[0].ieee.mantissa0 | u.d[0].ieee.mantissa1) != 0)
> \
> >> +- (flt) = u.ld;
> \
> >> +- } while (0)
> >> +
> >> + #include <strtod_l.c>
> >> +
> >> +Index: git/sysdeps/ieee754/ldbl-64-128/strtold_l.c
> >> +===================================================================
> >> +--- git.orig/sysdeps/ieee754/ldbl-64-128/strtold_l.c
> >> ++++ git/sysdeps/ieee754/ldbl-64-128/strtold_l.c
> >> +@@ -30,28 +30,19 @@ extern long double ____new_wcstold_l (co
> >> + # define STRTOF __new_wcstold_l
> >> + # define __STRTOF ____new_wcstold_l
> >> + # define ____STRTOF_INTERNAL ____wcstold_l_internal
> >> ++# define STRTOF_NAN __wcstold_nan
> >> + #else
> >> + extern long double ____new_strtold_l (const char *, char **,
> __locale_t);
> >> + # define STRTOF __new_strtold_l
> >> + # define __STRTOF ____new_strtold_l
> >> + # define ____STRTOF_INTERNAL ____strtold_l_internal
> >> ++# define STRTOF_NAN __strtold_nan
> >> + #endif
> >> + extern __typeof (__STRTOF) STRTOF;
> >> + libc_hidden_proto (__STRTOF)
> >> + libc_hidden_proto (STRTOF)
> >> + #define MPN2FLOAT __mpn_construct_long_double
> >> + #define FLOAT_HUGE_VAL HUGE_VALL
> >> +-#define SET_MANTISSA(flt, mant) \
> >> +- do { union ieee854_long_double u;
> \
> >> +- u.d = (flt);
> \
> >> +- u.ieee_nan.mantissa0 = 0;
> \
> >> +- u.ieee_nan.mantissa1 = 0;
> \
> >> +- u.ieee_nan.mantissa2 = (mant) >> 32;
> \
> >> +- u.ieee_nan.mantissa3 = (mant);
> \
> >> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1
> \
> >> +- | u.ieee.mantissa2 | u.ieee.mantissa3) != 0)
> \
> >> +- (flt) = u.d;
> \
> >> +- } while (0)
> >> +
> >> + #include <strtod_l.c>
> >> +
> >> +Index: git/sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
> >> +===================================================================
> >> +--- /dev/null
> >> ++++ git/sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
> >> +@@ -0,0 +1,30 @@
> >> ++/* Convert string for NaN payload to corresponding NaN. For ldbl-96.
> >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> >> ++ This file is part of the GNU C Library.
> >> ++
> >> ++ The GNU C Library is free software; you can redistribute it and/or
> >> ++ modify it under the terms of the GNU Lesser General Public
> >> ++ License as published by the Free Software Foundation; either
> >> ++ version 2.1 of the License, or (at your option) any later version.
> >> ++
> >> ++ The GNU C Library is distributed in the hope that it will be
> useful,
> >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> >> ++ Lesser General Public License for more details.
> >> ++
> >> ++ You should have received a copy of the GNU Lesser General Public
> >> ++ License along with the GNU C Library; if not, see
> >> ++ <http://www.gnu.org/licenses/>. */
> >> ++
> >> ++#define FLOAT long double
> >> ++#define SET_MANTISSA(flt, mant) \
> >> ++ do \
> >> ++ { \
> >> ++ union ieee854_long_double u; \
> >> ++ u.d = (flt); \
> >> ++ u.ieee_nan.mantissa0 = (mant) >> 32; \
> >> ++ u.ieee_nan.mantissa1 = (mant); \
> >> ++ if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
> >> ++ (flt) = u.d; \
> >> ++ } \
> >> ++ while (0)
> >> +Index: git/sysdeps/ieee754/ldbl-96/strtold_l.c
> >> +===================================================================
> >> +--- git.orig/sysdeps/ieee754/ldbl-96/strtold_l.c
> >> ++++ git/sysdeps/ieee754/ldbl-96/strtold_l.c
> >> +@@ -25,19 +25,13 @@
> >> + #ifdef USE_WIDE_CHAR
> >> + # define STRTOF wcstold_l
> >> + # define __STRTOF __wcstold_l
> >> ++# define STRTOF_NAN __wcstold_nan
> >> + #else
> >> + # define STRTOF strtold_l
> >> + # define __STRTOF __strtold_l
> >> ++# define STRTOF_NAN __strtold_nan
> >> + #endif
> >> + #define MPN2FLOAT __mpn_construct_long_double
> >> + #define FLOAT_HUGE_VAL HUGE_VALL
> >> +-#define SET_MANTISSA(flt, mant) \
> >> +- do { union ieee854_long_double u;
> \
> >> +- u.d = (flt);
> \
> >> +- u.ieee_nan.mantissa0 = (mant) >> 32;
> \
> >> +- u.ieee_nan.mantissa1 = (mant);
> \
> >> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0)
> \
> >> +- (flt) = u.d;
> \
> >> +- } while (0)
> >> +
> >> + #include <stdlib/strtod_l.c>
> >> +Index: git/wcsmbs/Makefile
> >> +===================================================================
> >> +--- git.orig/wcsmbs/Makefile
> >> ++++ git/wcsmbs/Makefile
> >> +@@ -39,6 +39,7 @@ routines-$(OPTION_POSIX_C_LANG_WIDE_CHAR
> >> + wcstol wcstoul wcstoll wcstoull wcstod wcstold wcstof \
> >> + wcstol_l wcstoul_l wcstoll_l wcstoull_l \
> >> + wcstod_l wcstold_l wcstof_l \
> >> ++ wcstod_nan wcstold_nan wcstof_nan \
> >> + wcscoll wcsxfrm \
> >> + wcwidth wcswidth \
> >> + wcscoll_l wcsxfrm_l \
> >> +Index: git/wcsmbs/wcstod_l.c
> >> +===================================================================
> >> +--- git.orig/wcsmbs/wcstod_l.c
> >> ++++ git/wcsmbs/wcstod_l.c
> >> +@@ -23,9 +23,6 @@
> >> +
> >> + extern double ____wcstod_l_internal (const wchar_t *, wchar_t **, int,
> >> + __locale_t);
> >> +-extern unsigned long long int ____wcstoull_l_internal (const wchar_t
> *,
> >> +- wchar_t **, int,
> int,
> >> +- __locale_t);
> >> +
> >> + #define USE_WIDE_CHAR 1
> >> +
> >> +Index: git/wcsmbs/wcstod_nan.c
> >> +===================================================================
> >> +--- /dev/null
> >> ++++ git/wcsmbs/wcstod_nan.c
> >> +@@ -0,0 +1,23 @@
> >> ++/* Convert string for NaN payload to corresponding NaN. Wide
> strings, double.
> >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> >> ++ This file is part of the GNU C Library.
> >> ++
> >> ++ The GNU C Library is free software; you can redistribute it and/or
> >> ++ modify it under the terms of the GNU Lesser General Public
> >> ++ License as published by the Free Software Foundation; either
> >> ++ version 2.1 of the License, or (at your option) any later version.
> >> ++
> >> ++ The GNU C Library is distributed in the hope that it will be
> useful,
> >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> >> ++ Lesser General Public License for more details.
> >> ++
> >> ++ You should have received a copy of the GNU Lesser General Public
> >> ++ License along with the GNU C Library; if not, see
> >> ++ <http://www.gnu.org/licenses/>. */
> >> ++
> >> ++#include "../stdlib/strtod_nan_wide.h"
> >> ++#include "../stdlib/strtod_nan_double.h"
> >> ++
> >> ++#define STRTOD_NAN __wcstod_nan
> >> ++#include "../stdlib/strtod_nan_main.c"
> >> +Index: git/wcsmbs/wcstof_l.c
> >> +===================================================================
> >> +--- git.orig/wcsmbs/wcstof_l.c
> >> ++++ git/wcsmbs/wcstof_l.c
> >> +@@ -25,8 +25,5 @@
> >> +
> >> + extern float ____wcstof_l_internal (const wchar_t *, wchar_t **, int,
> >> + __locale_t);
> >> +-extern unsigned long long int ____wcstoull_l_internal (const wchar_t
> *,
> >> +- wchar_t **, int,
> int,
> >> +- __locale_t);
> >> +
> >> + #include <stdlib/strtof_l.c>
> >> +Index: git/wcsmbs/wcstof_nan.c
> >> +===================================================================
> >> +--- /dev/null
> >> ++++ git/wcsmbs/wcstof_nan.c
> >> +@@ -0,0 +1,23 @@
> >> ++/* Convert string for NaN payload to corresponding NaN. Wide
> strings, float.
> >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> >> ++ This file is part of the GNU C Library.
> >> ++
> >> ++ The GNU C Library is free software; you can redistribute it and/or
> >> ++ modify it under the terms of the GNU Lesser General Public
> >> ++ License as published by the Free Software Foundation; either
> >> ++ version 2.1 of the License, or (at your option) any later version.
> >> ++
> >> ++ The GNU C Library is distributed in the hope that it will be
> useful,
> >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> >> ++ Lesser General Public License for more details.
> >> ++
> >> ++ You should have received a copy of the GNU Lesser General Public
> >> ++ License along with the GNU C Library; if not, see
> >> ++ <http://www.gnu.org/licenses/>. */
> >> ++
> >> ++#include "../stdlib/strtod_nan_wide.h"
> >> ++#include "../stdlib/strtod_nan_float.h"
> >> ++
> >> ++#define STRTOD_NAN __wcstof_nan
> >> ++#include "../stdlib/strtod_nan_main.c"
> >> +Index: git/wcsmbs/wcstold_l.c
> >> +===================================================================
> >> +--- git.orig/wcsmbs/wcstold_l.c
> >> ++++ git/wcsmbs/wcstold_l.c
> >> +@@ -24,8 +24,5 @@
> >> +
> >> + extern long double ____wcstold_l_internal (const wchar_t *, wchar_t
> **, int,
> >> + __locale_t);
> >> +-extern unsigned long long int ____wcstoull_l_internal (const wchar_t
> *,
> >> +- wchar_t **, int,
> int,
> >> +- __locale_t);
> >> +
> >> + #include <strtold_l.c>
> >> +Index: git/wcsmbs/wcstold_nan.c
> >> +===================================================================
> >> +--- /dev/null
> >> ++++ git/wcsmbs/wcstold_nan.c
> >> +@@ -0,0 +1,30 @@
> >> ++/* Convert string for NaN payload to corresponding NaN. Wide strings,
> >> ++ long double.
> >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> >> ++ This file is part of the GNU C Library.
> >> ++
> >> ++ The GNU C Library is free software; you can redistribute it and/or
> >> ++ modify it under the terms of the GNU Lesser General Public
> >> ++ License as published by the Free Software Foundation; either
> >> ++ version 2.1 of the License, or (at your option) any later version.
> >> ++
> >> ++ The GNU C Library is distributed in the hope that it will be
> useful,
> >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> >> ++ Lesser General Public License for more details.
> >> ++
> >> ++ You should have received a copy of the GNU Lesser General Public
> >> ++ License along with the GNU C Library; if not, see
> >> ++ <http://www.gnu.org/licenses/>. */
> >> ++
> >> ++#include <math.h>
> >> ++
> >> ++/* This function is unused if long double and double have the same
> >> ++ representation. */
> >> ++#ifndef __NO_LONG_DOUBLE_MATH
> >> ++# include "../stdlib/strtod_nan_wide.h"
> >> ++# include <strtod_nan_ldouble.h>
> >> ++
> >> ++# define STRTOD_NAN __wcstold_nan
> >> ++# include "../stdlib/strtod_nan_main.c"
> >> ++#endif
> >> +Index: git/ChangeLog
> >> +===================================================================
> >> +--- git.orig/ChangeLog
> >> ++++ git/ChangeLog
> >> +@@ -1,3 +1,57 @@
> >> ++2015-11-24 Joseph Myers <joseph@codesourcery.com>
> >> ++
> >> ++ * stdlib/strtod_nan.c: New file.
> >> ++ * stdlib/strtod_nan_double.h: Likewise.
> >> ++ * stdlib/strtod_nan_float.h: Likewise.
> >> ++ * stdlib/strtod_nan_main.c: Likewise.
> >> ++ * stdlib/strtod_nan_narrow.h: Likewise.
> >> ++ * stdlib/strtod_nan_wide.h: Likewise.
> >> ++ * stdlib/strtof_nan.c: Likewise.
> >> ++ * stdlib/strtold_nan.c: Likewise.
> >> ++ * sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h: Likewise.
> >> ++ * sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h: Likewise.
> >> ++ * sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h: Likewise.
> >> ++ * wcsmbs/wcstod_nan.c: Likewise.
> >> ++ * wcsmbs/wcstof_nan.c: Likewise.
> >> ++ * wcsmbs/wcstold_nan.c: Likewise.
> >> ++ * stdlib/Makefile (routines): Add strtof_nan, strtod_nan and
> >> ++ strtold_nan.
> >> ++ * wcsmbs/Makefile (routines): Add wcstod_nan, wcstold_nan and
> >> ++ wcstof_nan.
> >> ++ * include/stdlib.h (__strtof_nan): Declare and use
> >> ++ libc_hidden_proto.
> >> ++ (__strtod_nan): Likewise.
> >> ++ (__strtold_nan): Likewise.
> >> ++ (__wcstof_nan): Likewise.
> >> ++ (__wcstod_nan): Likewise.
> >> ++ (__wcstold_nan): Likewise.
> >> ++ * include/wchar.h (____wcstoull_l_internal): Declare.
> >> ++ * stdlib/strtod_l.c: Do not include <ieee754.h>.
> >> ++ (____strtoull_l_internal): Remove declaration.
> >> ++ (STRTOF_NAN): Define macro.
> >> ++ (SET_MANTISSA): Remove macro.
> >> ++ (STRTOULL): Likewise.
> >> ++ (____STRTOF_INTERNAL): Use STRTOF_NAN to parse NaN payload.
> >> ++ * stdlib/strtof_l.c (____strtoull_l_internal): Remove declaration.
> >> ++ (STRTOF_NAN): Define macro.
> >> ++ (SET_MANTISSA): Remove macro.
> >> ++ * sysdeps/ieee754/ldbl-128/strtold_l.c (STRTOF_NAN): Define macro.
> >> ++ (SET_MANTISSA): Remove macro.
> >> ++ * sysdeps/ieee754/ldbl-128ibm/strtold_l.c (STRTOF_NAN): Define
> >> ++ macro.
> >> ++ (SET_MANTISSA): Remove macro.
> >> ++ * sysdeps/ieee754/ldbl-64-128/strtold_l.c (STRTOF_NAN): Define
> >> ++ macro.
> >> ++ (SET_MANTISSA): Remove macro.
> >> ++ * sysdeps/ieee754/ldbl-96/strtold_l.c (STRTOF_NAN): Define macro.
> >> ++ (SET_MANTISSA): Remove macro.
> >> ++ * wcsmbs/wcstod_l.c (____wcstoull_l_internal): Remove declaration.
> >> ++ * wcsmbs/wcstof_l.c (____wcstoull_l_internal): Likewise.
> >> ++ * wcsmbs/wcstold_l.c (____wcstoull_l_internal): Likewise.
> >> ++
> >> ++ [BZ #19266]
> >> ++ * stdlib/strtod_l.c (____STRTOF_INTERNAL): Check directly for
> >> ++ upper case and lower case letters inside NAN(), not using TOLOWER.
> >> + 2015-08-08 Paul Pluzhnikov <ppluzhnikov@google.com>
> >> +
> >> + [BZ #17905]
> >> diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
> b/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
> >> new file mode 100644
> >> index 0000000..0df5e50
> >> --- /dev/null
> >> +++ b/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
> >> @@ -0,0 +1,388 @@
> >> +From 8f5e8b01a1da2a207228f2072c934fa5918554b8 Mon Sep 17 00:00:00 2001
> >> +From: Joseph Myers <joseph@codesourcery.com>
> >> +Date: Fri, 4 Dec 2015 20:36:28 +0000
> >> +Subject: [PATCH] Fix nan functions handling of payload strings (bug
> 16961, bug
> >> + 16962).
> >> +
> >> +The nan, nanf and nanl functions handle payload strings by doing e.g.:
> >> +
> >> + if (tagp[0] != '\0')
> >> + {
> >> + char buf[6 + strlen (tagp)];
> >> + sprintf (buf, "NAN(%s)", tagp);
> >> + return strtod (buf, NULL);
> >> + }
> >> +
> >> +This is an unbounded stack allocation based on the length of the
> >> +argument. Furthermore, if the argument starts with an n-char-sequence
> >> +followed by ')', that n-char-sequence is wrongly treated as
> >> +significant for determining the payload of the resulting NaN, when ISO
> >> +C says the call should be equivalent to strtod ("NAN", NULL), without
> >> +being affected by that initial n-char-sequence. This patch fixes both
> >> +those problems by using the __strtod_nan etc. functions recently
> >> +factored out of strtod etc. for that purpose, with those functions
> >> +being exported from libc at version GLIBC_PRIVATE.
> >> +
> >> +Tested for x86_64, x86, mips64 and powerpc.
> >> +
> >> + [BZ #16961]
> >> + [BZ #16962]
> >> + * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
> >> + string on the stack for strtod.
> >> + * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
> >> + a string on the stack for strtof.
> >> + * math/s_nanl.c (__nanl): Use __strtold_nan instead of
> >> + constructing a string on the stack for strtold.
> >> + * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
> >> + __strtold_nan to GLIBC_PRIVATE.
> >> + * math/test-nan-overflow.c: New file.
> >> + * math/test-nan-payload.c: Likewise.
> >> + * math/Makefile (tests): Add test-nan-overflow and
> >> + test-nan-payload.
> >> +
> >> +Upstream-Status: Backport
> >> +CVE: CVE-2015-9761 patch #2
> >> +[Yocto # 8980]
> >> +
> >> +
> https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f5e8b01a1da2a207228f2072c934fa5918554b8
> >> +
> >> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> >> +
> >> +---
> >> + ChangeLog | 17 +++++++
> >> + NEWS | 6 +++
> >> + math/Makefile | 3 +-
> >> + math/s_nan.c | 9 +---
> >> + math/s_nanf.c | 9 +---
> >> + math/s_nanl.c | 9 +---
> >> + math/test-nan-overflow.c | 66 +++++++++++++++++++++++++
> >> + math/test-nan-payload.c | 122
> +++++++++++++++++++++++++++++++++++++++++++++++
> >> + stdlib/Versions | 1 +
> >> + 9 files changed, 217 insertions(+), 25 deletions(-)
> >> + create mode 100644 math/test-nan-overflow.c
> >> + create mode 100644 math/test-nan-payload.c
> >> +
> >> +Index: git/ChangeLog
> >> +===================================================================
> >> +--- git.orig/ChangeLog
> >> ++++ git/ChangeLog
> >> +@@ -1,3 +1,20 @@
> >> ++2015-12-04 Joseph Myers <joseph@codesourcery.com>
> >> ++
> >> ++ [BZ #16961]
> >> ++ [BZ #16962]
> >> ++ * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
> >> ++ string on the stack for strtod.
> >> ++ * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
> >> ++ a string on the stack for strtof.
> >> ++ * math/s_nanl.c (__nanl): Use __strtold_nan instead of
> >> ++ constructing a string on the stack for strtold.
> >> ++ * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
> >> ++ __strtold_nan to GLIBC_PRIVATE.
> >> ++ * math/test-nan-overflow.c: New file.
> >> ++ * math/test-nan-payload.c: Likewise.
> >> ++ * math/Makefile (tests): Add test-nan-overflow and
> >> ++ test-nan-payload.
> >> ++
> >> + 2015-11-24 Joseph Myers <joseph@codesourcery.com>
> >> +
> >> + * stdlib/strtod_nan.c: New file.
> >> +Index: git/NEWS
> >> +===================================================================
> >> +--- git.orig/NEWS
> >> ++++ git/NEWS
> >> +@@ -7,6 +7,12 @@ using `glibc' in the "product" field.
> >> +
> >> + Version 2.21
> >> +
> >> ++Security related changes:
> >> ++
> >> ++* The nan, nanf and nanl functions no longer have unbounded stack
> usage
> >> ++ depending on the length of the string passed as an argument to the
> >> ++ functions. Reported by Joseph Myers.
> >> ++
> >> + * The following bugs are resolved with this release:
> >> +
> >> + 6652, 10672, 12674, 12847, 12926, 13862, 14132, 14138, 14171, 14498,
> >> +Index: git/math/s_nan.c
> >> +===================================================================
> >> +--- git.orig/math/s_nan.c
> >> ++++ git/math/s_nan.c
> >> +@@ -28,14 +28,7 @@
> >> + double
> >> + __nan (const char *tagp)
> >> + {
> >> +- if (tagp[0] != '\0')
> >> +- {
> >> +- char buf[6 + strlen (tagp)];
> >> +- sprintf (buf, "NAN(%s)", tagp);
> >> +- return strtod (buf, NULL);
> >> +- }
> >> +-
> >> +- return NAN;
> >> ++ return __strtod_nan (tagp, NULL, 0);
> >> + }
> >> + weak_alias (__nan, nan)
> >> + #ifdef NO_LONG_DOUBLE
> >> +Index: git/math/s_nanf.c
> >> +===================================================================
> >> +--- git.orig/math/s_nanf.c
> >> ++++ git/math/s_nanf.c
> >> +@@ -28,13 +28,6 @@
> >> + float
> >> + __nanf (const char *tagp)
> >> + {
> >> +- if (tagp[0] != '\0')
> >> +- {
> >> +- char buf[6 + strlen (tagp)];
> >> +- sprintf (buf, "NAN(%s)", tagp);
> >> +- return strtof (buf, NULL);
> >> +- }
> >> +-
> >> +- return NAN;
> >> ++ return __strtof_nan (tagp, NULL, 0);
> >> + }
> >> + weak_alias (__nanf, nanf)
> >> +Index: git/math/s_nanl.c
> >> +===================================================================
> >> +--- git.orig/math/s_nanl.c
> >> ++++ git/math/s_nanl.c
> >> +@@ -28,13 +28,6 @@
> >> + long double
> >> + __nanl (const char *tagp)
> >> + {
> >> +- if (tagp[0] != '\0')
> >> +- {
> >> +- char buf[6 + strlen (tagp)];
> >> +- sprintf (buf, "NAN(%s)", tagp);
> >> +- return strtold (buf, NULL);
> >> +- }
> >> +-
> >> +- return NAN;
> >> ++ return __strtold_nan (tagp, NULL, 0);
> >> + }
> >> + weak_alias (__nanl, nanl)
> >> +Index: git/math/test-nan-overflow.c
> >> +===================================================================
> >> +--- /dev/null
> >> ++++ git/math/test-nan-overflow.c
> >> +@@ -0,0 +1,66 @@
> >> ++/* Test nan functions stack overflow (bug 16962).
> >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> >> ++ This file is part of the GNU C Library.
> >> ++
> >> ++ The GNU C Library is free software; you can redistribute it and/or
> >> ++ modify it under the terms of the GNU Lesser General Public
> >> ++ License as published by the Free Software Foundation; either
> >> ++ version 2.1 of the License, or (at your option) any later version.
> >> ++
> >> ++ The GNU C Library is distributed in the hope that it will be
> useful,
> >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> >> ++ Lesser General Public License for more details.
> >> ++
> >> ++ You should have received a copy of the GNU Lesser General Public
> >> ++ License along with the GNU C Library; if not, see
> >> ++ <http://www.gnu.org/licenses/>. */
> >> ++
> >> ++#include <math.h>
> >> ++#include <stdio.h>
> >> ++#include <string.h>
> >> ++#include <sys/resource.h>
> >> ++
> >> ++#define STACK_LIM 1048576
> >> ++#define STRING_SIZE (2 * STACK_LIM)
> >> ++
> >> ++static int
> >> ++do_test (void)
> >> ++{
> >> ++ int result = 0;
> >> ++ struct rlimit lim;
> >> ++ getrlimit (RLIMIT_STACK, &lim);
> >> ++ lim.rlim_cur = STACK_LIM;
> >> ++ setrlimit (RLIMIT_STACK, &lim);
> >> ++ char *nanstr = malloc (STRING_SIZE);
> >> ++ if (nanstr == NULL)
> >> ++ {
> >> ++ puts ("malloc failed, cannot test");
> >> ++ return 77;
> >> ++ }
> >> ++ memset (nanstr, '0', STRING_SIZE - 1);
> >> ++ nanstr[STRING_SIZE - 1] = 0;
> >> ++#define NAN_TEST(TYPE, FUNC) \
> >> ++ do \
> >> ++ { \
> >> ++ char *volatile p = nanstr; \
> >> ++ volatile TYPE v = FUNC (p); \
> >> ++ if (isnan (v)) \
> >> ++ puts ("PASS: " #FUNC); \
> >> ++ else \
> >> ++ { \
> >> ++ puts ("FAIL: " #FUNC); \
> >> ++ result = 1; \
> >> ++ } \
> >> ++ } \
> >> ++ while (0)
> >> ++ NAN_TEST (float, nanf);
> >> ++ NAN_TEST (double, nan);
> >> ++#ifndef NO_LONG_DOUBLE
> >> ++ NAN_TEST (long double, nanl);
> >> ++#endif
> >> ++ return result;
> >> ++}
> >> ++
> >> ++#define TEST_FUNCTION do_test ()
> >> ++#include "../test-skeleton.c"
> >> +Index: git/math/test-nan-payload.c
> >> +===================================================================
> >> +--- /dev/null
> >> ++++ git/math/test-nan-payload.c
> >> +@@ -0,0 +1,122 @@
> >> ++/* Test nan functions payload handling (bug 16961).
> >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> >> ++ This file is part of the GNU C Library.
> >> ++
> >> ++ The GNU C Library is free software; you can redistribute it and/or
> >> ++ modify it under the terms of the GNU Lesser General Public
> >> ++ License as published by the Free Software Foundation; either
> >> ++ version 2.1 of the License, or (at your option) any later version.
> >> ++
> >> ++ The GNU C Library is distributed in the hope that it will be
> useful,
> >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> >> ++ Lesser General Public License for more details.
> >> ++
> >> ++ You should have received a copy of the GNU Lesser General Public
> >> ++ License along with the GNU C Library; if not, see
> >> ++ <http://www.gnu.org/licenses/>. */
> >> ++
> >> ++#include <float.h>
> >> ++#include <math.h>
> >> ++#include <stdio.h>
> >> ++#include <stdlib.h>
> >> ++#include <string.h>
> >> ++
> >> ++/* Avoid built-in functions. */
> >> ++#define WRAP_NAN(FUNC, STR) \
> >> ++ ({ const char *volatile wns = (STR); FUNC (wns); })
> >> ++#define WRAP_STRTO(FUNC, STR) \
> >> ++ ({ const char *volatile wss = (STR); FUNC (wss, NULL); })
> >> ++
> >> ++#define CHECK_IS_NAN(TYPE, A) \
> >> ++ do \
> >> ++ { \
> >> ++ if (isnan (A)) \
> >> ++ puts ("PASS: " #TYPE " " #A); \
> >> ++ else \
> >> ++ { \
> >> ++ puts ("FAIL: " #TYPE " " #A); \
> >> ++ result = 1; \
> >> ++ } \
> >> ++ } \
> >> ++ while (0)
> >> ++
> >> ++#define CHECK_SAME_NAN(TYPE, A, B) \
> >> ++ do \
> >> ++ { \
> >> ++ if (memcmp (&(A), &(B), sizeof (A)) == 0) \
> >> ++ puts ("PASS: " #TYPE " " #A " = " #B); \
> >> ++ else \
> >> ++ { \
> >> ++ puts ("FAIL: " #TYPE " " #A " = " #B); \
> >> ++ result = 1; \
> >> ++ } \
> >> ++ } \
> >> ++ while (0)
> >> ++
> >> ++#define CHECK_DIFF_NAN(TYPE, A, B) \
> >> ++ do \
> >> ++ { \
> >> ++ if (memcmp (&(A), &(B), sizeof (A)) != 0) \
> >> ++ puts ("PASS: " #TYPE " " #A " != " #B); \
> >> ++ else \
> >> ++ { \
> >> ++ puts ("FAIL: " #TYPE " " #A " != " #B); \
> >> ++ result = 1; \
> >> ++ } \
> >> ++ } \
> >> ++ while (0)
> >> ++
> >> ++/* Cannot test payloads by memcmp for formats where NaNs have padding
> >> ++ bits. */
> >> ++#define CAN_TEST_EQ(MANT_DIG) ((MANT_DIG) != 64 && (MANT_DIG) != 106)
> >> ++
> >> ++#define RUN_TESTS(TYPE, SFUNC, FUNC, MANT_DIG) \
> >> ++ do \
> >> ++ { \
> >> ++ TYPE n123 = WRAP_NAN (FUNC, "123"); \
> >> ++ CHECK_IS_NAN (TYPE, n123); \
> >> ++ TYPE s123 = WRAP_STRTO (SFUNC, "NAN(123)"); \
> >> ++ CHECK_IS_NAN (TYPE, s123); \
> >> ++ TYPE n456 = WRAP_NAN (FUNC, "456"); \
> >> ++ CHECK_IS_NAN (TYPE, n456); \
> >> ++ TYPE s456 = WRAP_STRTO (SFUNC, "NAN(456)"); \
> >> ++ CHECK_IS_NAN (TYPE, s456); \
> >> ++ TYPE n123x = WRAP_NAN (FUNC, "123)"); \
> >> ++ CHECK_IS_NAN (TYPE, n123x); \
> >> ++ TYPE nemp = WRAP_NAN (FUNC, ""); \
> >> ++ CHECK_IS_NAN (TYPE, nemp); \
> >> ++ TYPE semp = WRAP_STRTO (SFUNC, "NAN()"); \
> >> ++ CHECK_IS_NAN (TYPE, semp); \
> >> ++ TYPE sx = WRAP_STRTO (SFUNC, "NAN"); \
> >> ++ CHECK_IS_NAN (TYPE, sx); \
> >> ++ if (CAN_TEST_EQ (MANT_DIG)) \
> >> ++ CHECK_SAME_NAN (TYPE, n123, s123); \
> >> ++ if (CAN_TEST_EQ (MANT_DIG)) \
> >> ++ CHECK_SAME_NAN (TYPE, n456, s456); \
> >> ++ if (CAN_TEST_EQ (MANT_DIG)) \
> >> ++ CHECK_SAME_NAN (TYPE, nemp, semp); \
> >> ++ if (CAN_TEST_EQ (MANT_DIG)) \
> >> ++ CHECK_SAME_NAN (TYPE, n123x, sx); \
> >> ++ CHECK_DIFF_NAN (TYPE, n123, n456); \
> >> ++ CHECK_DIFF_NAN (TYPE, n123, nemp); \
> >> ++ CHECK_DIFF_NAN (TYPE, n123, n123x); \
> >> ++ CHECK_DIFF_NAN (TYPE, n456, nemp); \
> >> ++ CHECK_DIFF_NAN (TYPE, n456, n123x); \
> >> ++ } \
> >> ++ while (0)
> >> ++
> >> ++static int
> >> ++do_test (void)
> >> ++{
> >> ++ int result = 0;
> >> ++ RUN_TESTS (float, strtof, nanf, FLT_MANT_DIG);
> >> ++ RUN_TESTS (double, strtod, nan, DBL_MANT_DIG);
> >> ++#ifndef NO_LONG_DOUBLE
> >> ++ RUN_TESTS (long double, strtold, nanl, LDBL_MANT_DIG);
> >> ++#endif
> >> ++ return result;
> >> ++}
> >> ++
> >> ++#define TEST_FUNCTION do_test ()
> >> ++#include "../test-skeleton.c"
> >> +Index: git/stdlib/Versions
> >> +===================================================================
> >> +--- git.orig/stdlib/Versions
> >> ++++ git/stdlib/Versions
> >> +@@ -118,5 +118,6 @@ libc {
> >> + # Used from other libraries
> >> + __libc_secure_getenv;
> >> + __call_tls_dtors;
> >> ++ __strtof_nan; __strtod_nan; __strtold_nan;
> >> + }
> >> + }
> >> +Index: git/math/Makefile
> >> +===================================================================
> >> +--- git.orig/math/Makefile
> >> ++++ git/math/Makefile
> >> +@@ -92,7 +92,9 @@ tests = test-matherr test-fenv atest-exp
> >> + test-misc test-fpucw test-fpucw-ieee tst-definitions test-tgmath \
> >> + test-tgmath-ret bug-nextafter bug-nexttoward bug-tgmath1 \
> >> + test-tgmath-int test-tgmath2 test-powl tst-CMPLX tst-CMPLX2
> test-snan \
> >> +- test-fenv-tls test-fenv-preserve test-fenv-return $(tests-static)
> >> ++ test-fenv-tls test-fenv-preserve test-fenv-return \
> >> ++ test-nan-overflow test-nan-payload \
> >> ++ $(tests-static)
> >> + tests-static = test-fpucw-static test-fpucw-ieee-static
> >> + # We do the `long double' tests only if this data type is available
> and
> >> + # distinct from `double'.
> >> diff --git a/meta/recipes-core/glibc/glibc_2.20.bb
> b/meta/recipes-core/glibc/glibc_2.20.bb
> >> index af568d9..d099d5d 100644
> >> --- a/meta/recipes-core/glibc/glibc_2.20.bb
> >> +++ b/meta/recipes-core/glibc/glibc_2.20.bb
> >> @@ -50,6 +50,8 @@ CVEPATCHES = "\
> >> file://CVE-2015-7547.patch \
> >> file://CVE-2015-8777.patch \
> >> file://CVE-2015-8779.patch \
> >> + file://CVE-2015-9761_1.patch \
> >> + file://CVE-2015-9761_2.patch \
> >> "
> >>
> >> LIC_FILES_CHKSUM =
> "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
> >> --
> >> 2.3.5
> >>
> >> --
> >> _______________________________________________
> >> Openembedded-core mailing list
> >> Openembedded-core@lists.openembedded.org
> >> http://lists.openembedded.org/mailman/listinfo/openembedded-core
> >
>
[-- Attachment #2: Type: text/html, Size: 94912 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [dizzy][PATCH 3/4] glibc: CVE-2015-9761
2016-03-03 20:47 ` Martin Jansa
@ 2016-03-11 13:58 ` Martin Jansa
2016-03-17 15:48 ` Martin Jansa
2016-03-22 0:42 ` akuster808
0 siblings, 2 replies; 9+ messages in thread
From: Martin Jansa @ 2016-03-11 13:58 UTC (permalink / raw)
To: akuster@mvista; +Cc: Patches and discussions about the oe-core layer
[-- Attachment #1: Type: text/plain, Size: 75332 bytes --]
On Thu, Mar 03, 2016 at 09:47:11PM +0100, Martin Jansa wrote:
> I was asking you about the CVE number (but I realize it was already merged
> in other branches with wrong number so maybe it will be less confusing use
> the same in Dizzy)
>
> And "please merge" was informal
> Acked-by: Martin Jansa <Martin.Jansa@gmail.com>
>
> after testing this series in our Dizzy based builds.
Any ETA on getting these in dizzy branch?
I know that everybody is busy with Mx release, I just need the ETA to
decide if
1) we'll upgrade oe-core now with only the first security fix
and upgrade again later when these are merged
2) we'll upgrade oe-core now with only the first security fix
and backport other 4 fixes in our internal layer - and remove these
backports in next oe-core upgrade when these are merged
3) we'll wait a bit more to get all 5 fixes in one oe-core upgrade
I've already tested all 5 in our builds, only issue I've noticed
is incorrect CVE number used in patches as reported.
> On Thu, Mar 3, 2016 at 9:35 PM, akuster@mvista <akuster@mvista.com> wrote:
>
> > On 3/3/16 12:16 AM, Martin Jansa wrote:
> > > On Sun, Feb 28, 2016 at 10:53:34AM -0800, Armin Kuster wrote:
> > >> From: Armin Kuster <akuster@mvista.com>
> > >
> > > I think this is 2014-9761 not 2015-9761
> > >
> > > But other than that please merge this series.
> >
> > Are you asking me? I don't have write perms.
> >
> > - armin
> > >
> > >> A stack overflow vulnerability was found in nan* functions that could
> > cause
> > >> applications which process long strings with the nan function to crash
> > or,
> > >> potentially, execute arbitrary code.
> > >>
> > >> (From OE-Core rev: fd3da8178c8c06b549dbc19ecec40e98ab934d49)
> > >>
> > >> Signed-off-by: Armin Kuster <akuster@mvista.com>
> > >> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
> > >> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > >> Signed-off-by: Armin Kuster <akuster@mvista.com>
> > >> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > >> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> > >> ---
> > >> .../recipes-core/glibc/glibc/CVE-2015-9761_1.patch | 1039
> > ++++++++++++++++++++
> > >> .../recipes-core/glibc/glibc/CVE-2015-9761_2.patch | 388 ++++++++
> > >> meta/recipes-core/glibc/glibc_2.20.bb | 2 +
> > >> 3 files changed, 1429 insertions(+)
> > >> create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
> > >> create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
> > >>
> > >> diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
> > b/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
> > >> new file mode 100644
> > >> index 0000000..3aca913
> > >> --- /dev/null
> > >> +++ b/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
> > >> @@ -0,0 +1,1039 @@
> > >> +From e02cabecf0d025ec4f4ddee290bdf7aadb873bb3 Mon Sep 17 00:00:00 2001
> > >> +From: Joseph Myers <joseph@codesourcery.com>
> > >> +Date: Tue, 24 Nov 2015 22:24:52 +0000
> > >> +Subject: [PATCH] Refactor strtod parsing of NaN payloads.
> > >> +
> > >> +The nan* functions handle their string argument by constructing a
> > >> +NAN(...) string on the stack as a VLA and passing it to strtod
> > >> +functions.
> > >> +
> > >> +This approach has problems discussed in bug 16961 and bug 16962: the
> > >> +stack usage is unbounded, and it gives incorrect results in certain
> > >> +cases where the argument is not a valid n-char-sequence.
> > >> +
> > >> +The natural fix for both issues is to refactor the NaN payload parsing
> > >> +out of strtod into a separate function that the nan* functions can
> > >> +call directly, so that no temporary string needs constructing on the
> > >> +stack at all. This patch does that refactoring in preparation for
> > >> +fixing those bugs (but without actually using the new functions from
> > >> +nan* - which will also require exporting them from libc at version
> > >> +GLIBC_PRIVATE). This patch is not intended to change any user-visible
> > >> +behavior, so no tests are added (fixes for the above bugs will of
> > >> +course add tests for them).
> > >> +
> > >> +This patch builds on my recent fixes for strtol and strtod issues in
> > >> +Turkish locales. Given those fixes, the parsing of NaN payloads is
> > >> +locale-independent; thus, the new functions do not need to take a
> > >> +locale_t argument.
> > >> +
> > >> +Tested for x86_64, x86, mips64 and powerpc.
> > >> +
> > >> + * stdlib/strtod_nan.c: New file.
> > >> + * stdlib/strtod_nan_double.h: Likewise.
> > >> + * stdlib/strtod_nan_float.h: Likewise.
> > >> + * stdlib/strtod_nan_main.c: Likewise.
> > >> + * stdlib/strtod_nan_narrow.h: Likewise.
> > >> + * stdlib/strtod_nan_wide.h: Likewise.
> > >> + * stdlib/strtof_nan.c: Likewise.
> > >> + * stdlib/strtold_nan.c: Likewise.
> > >> + * sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h: Likewise.
> > >> + * sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h: Likewise.
> > >> + * sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h: Likewise.
> > >> + * wcsmbs/wcstod_nan.c: Likewise.
> > >> + * wcsmbs/wcstof_nan.c: Likewise.
> > >> + * wcsmbs/wcstold_nan.c: Likewise.
> > >> + * stdlib/Makefile (routines): Add strtof_nan, strtod_nan and
> > >> + strtold_nan.
> > >> + * wcsmbs/Makefile (routines): Add wcstod_nan, wcstold_nan and
> > >> + wcstof_nan.
> > >> + * include/stdlib.h (__strtof_nan): Declare and use
> > >> + libc_hidden_proto.
> > >> + (__strtod_nan): Likewise.
> > >> + (__strtold_nan): Likewise.
> > >> + (__wcstof_nan): Likewise.
> > >> + (__wcstod_nan): Likewise.
> > >> + (__wcstold_nan): Likewise.
> > >> + * include/wchar.h (____wcstoull_l_internal): Declare.
> > >> + * stdlib/strtod_l.c: Do not include <ieee754.h>.
> > >> + (____strtoull_l_internal): Remove declaration.
> > >> + (STRTOF_NAN): Define macro.
> > >> + (SET_MANTISSA): Remove macro.
> > >> + (STRTOULL): Likewise.
> > >> + (____STRTOF_INTERNAL): Use STRTOF_NAN to parse NaN payload.
> > >> + * stdlib/strtof_l.c (____strtoull_l_internal): Remove declaration.
> > >> + (STRTOF_NAN): Define macro.
> > >> + (SET_MANTISSA): Remove macro.
> > >> + * sysdeps/ieee754/ldbl-128/strtold_l.c (STRTOF_NAN): Define macro.
> > >> + (SET_MANTISSA): Remove macro.
> > >> + * sysdeps/ieee754/ldbl-128ibm/strtold_l.c (STRTOF_NAN): Define
> > >> + macro.
> > >> + (SET_MANTISSA): Remove macro.
> > >> + * sysdeps/ieee754/ldbl-64-128/strtold_l.c (STRTOF_NAN): Define
> > >> + macro.
> > >> + (SET_MANTISSA): Remove macro.
> > >> + * sysdeps/ieee754/ldbl-96/strtold_l.c (STRTOF_NAN): Define macro.
> > >> + (SET_MANTISSA): Remove macro.
> > >> + * wcsmbs/wcstod_l.c (____wcstoull_l_internal): Remove declaration.
> > >> + * wcsmbs/wcstof_l.c (____wcstoull_l_internal): Likewise.
> > >> + * wcsmbs/wcstold_l.c (____wcstoull_l_internal): Likewise.
> > >> +
> > >> +Upstream-Status: Backport
> > >> +CVE: CVE-2015-9761 patch #1
> > >> +[Yocto # 8980]
> > >> +
> > >> +
> > https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02cabecf0d025ec4f4ddee290bdf7aadb873bb3
> > >> +
> > >> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> > >> +
> > >> +---
> > >> + ChangeLog | 49
> > ++++++++++++++++++
> > >> + include/stdlib.h | 18 +++++++
> > >> + include/wchar.h | 3 ++
> > >> + stdlib/Makefile | 1 +
> > >> + stdlib/strtod_l.c | 48
> > ++++--------------
> > >> + stdlib/strtod_nan.c | 24 +++++++++
> > >> + stdlib/strtod_nan_double.h | 30 +++++++++++
> > >> + stdlib/strtod_nan_float.h | 29 +++++++++++
> > >> + stdlib/strtod_nan_main.c | 63
> > ++++++++++++++++++++++++
> > >> + stdlib/strtod_nan_narrow.h | 22 +++++++++
> > >> + stdlib/strtod_nan_wide.h | 22 +++++++++
> > >> + stdlib/strtof_l.c | 11 +----
> > >> + stdlib/strtof_nan.c | 24 +++++++++
> > >> + stdlib/strtold_nan.c | 30 +++++++++++
> > >> + sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h | 33 +++++++++++++
> > >> + sysdeps/ieee754/ldbl-128/strtold_l.c | 13 +----
> > >> + sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h | 30 +++++++++++
> > >> + sysdeps/ieee754/ldbl-128ibm/strtold_l.c | 10 +---
> > >> + sysdeps/ieee754/ldbl-64-128/strtold_l.c | 13 +----
> > >> + sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h | 30 +++++++++++
> > >> + sysdeps/ieee754/ldbl-96/strtold_l.c | 10 +---
> > >> + wcsmbs/Makefile | 1 +
> > >> + wcsmbs/wcstod_l.c | 3 --
> > >> + wcsmbs/wcstod_nan.c | 23 +++++++++
> > >> + wcsmbs/wcstof_l.c | 3 --
> > >> + wcsmbs/wcstof_nan.c | 23 +++++++++
> > >> + wcsmbs/wcstold_l.c | 3 --
> > >> + wcsmbs/wcstold_nan.c | 30 +++++++++++
> > >> + 28 files changed, 504 insertions(+), 95 deletions(-)
> > >> + create mode 100644 stdlib/strtod_nan.c
> > >> + create mode 100644 stdlib/strtod_nan_double.h
> > >> + create mode 100644 stdlib/strtod_nan_float.h
> > >> + create mode 100644 stdlib/strtod_nan_main.c
> > >> + create mode 100644 stdlib/strtod_nan_narrow.h
> > >> + create mode 100644 stdlib/strtod_nan_wide.h
> > >> + create mode 100644 stdlib/strtof_nan.c
> > >> + create mode 100644 stdlib/strtold_nan.c
> > >> + create mode 100644 sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
> > >> + create mode 100644 sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
> > >> + create mode 100644 sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
> > >> + create mode 100644 wcsmbs/wcstod_nan.c
> > >> + create mode 100644 wcsmbs/wcstof_nan.c
> > >> + create mode 100644 wcsmbs/wcstold_nan.c
> > >> +
> > >> +Index: git/include/stdlib.h
> > >> +===================================================================
> > >> +--- git.orig/include/stdlib.h
> > >> ++++ git/include/stdlib.h
> > >> +@@ -203,6 +203,24 @@ libc_hidden_proto (strtoll)
> > >> + libc_hidden_proto (strtoul)
> > >> + libc_hidden_proto (strtoull)
> > >> +
> > >> ++extern float __strtof_nan (const char *, char **, char)
> > internal_function;
> > >> ++extern double __strtod_nan (const char *, char **, char)
> > internal_function;
> > >> ++extern long double __strtold_nan (const char *, char **, char)
> > >> ++ internal_function;
> > >> ++extern float __wcstof_nan (const wchar_t *, wchar_t **, wchar_t)
> > >> ++ internal_function;
> > >> ++extern double __wcstod_nan (const wchar_t *, wchar_t **, wchar_t)
> > >> ++ internal_function;
> > >> ++extern long double __wcstold_nan (const wchar_t *, wchar_t **,
> > wchar_t)
> > >> ++ internal_function;
> > >> ++
> > >> ++libc_hidden_proto (__strtof_nan)
> > >> ++libc_hidden_proto (__strtod_nan)
> > >> ++libc_hidden_proto (__strtold_nan)
> > >> ++libc_hidden_proto (__wcstof_nan)
> > >> ++libc_hidden_proto (__wcstod_nan)
> > >> ++libc_hidden_proto (__wcstold_nan)
> > >> ++
> > >> + extern char *__ecvt (double __value, int __ndigit, int *__restrict
> > __decpt,
> > >> + int *__restrict __sign);
> > >> + extern char *__fcvt (double __value, int __ndigit, int *__restrict
> > __decpt,
> > >> +Index: git/include/wchar.h
> > >> +===================================================================
> > >> +--- git.orig/include/wchar.h
> > >> ++++ git/include/wchar.h
> > >> +@@ -52,6 +52,9 @@ extern unsigned long long int __wcstoull
> > >> + __restrict __endptr,
> > >> + int __base,
> > >> + int __group) __THROW;
> > >> ++extern unsigned long long int ____wcstoull_l_internal (const wchar_t
> > *,
> > >> ++ wchar_t **, int,
> > int,
> > >> ++ __locale_t);
> > >> + libc_hidden_proto (__wcstof_internal)
> > >> + libc_hidden_proto (__wcstod_internal)
> > >> + libc_hidden_proto (__wcstold_internal)
> > >> +Index: git/stdlib/Makefile
> > >> +===================================================================
> > >> +--- git.orig/stdlib/Makefile
> > >> ++++ git/stdlib/Makefile
> > >> +@@ -51,6 +51,7 @@ routines-y :=
> > \
> > >> + strtol_l strtoul_l strtoll_l strtoull_l
> > \
> > >> + strtof strtod strtold
> > \
> > >> + strtof_l strtod_l strtold_l
> > \
> > >> ++ strtof_nan strtod_nan strtold_nan
> > \
> > >> + system canonicalize
> > \
> > >> + a64l l64a
> > \
> > >> + getsubopt xpg_basename
> > \
> > >> +Index: git/stdlib/strtod_l.c
> > >> +===================================================================
> > >> +--- git.orig/stdlib/strtod_l.c
> > >> ++++ git/stdlib/strtod_l.c
> > >> +@@ -21,8 +21,6 @@
> > >> + #include <xlocale.h>
> > >> +
> > >> + extern double ____strtod_l_internal (const char *, char **, int,
> > __locale_t);
> > >> +-extern unsigned long long int ____strtoull_l_internal (const char *,
> > char **,
> > >> +- int, int,
> > __locale_t);
> > >> +
> > >> + /* Configuration part. These macros are defined by `strtold.c',
> > >> + `strtof.c', `wcstod.c', `wcstold.c', and `wcstof.c' to produce the
> > >> +@@ -34,27 +32,20 @@ extern unsigned long long int ____strtou
> > >> + # ifdef USE_WIDE_CHAR
> > >> + # define STRTOF wcstod_l
> > >> + # define __STRTOF __wcstod_l
> > >> ++# define STRTOF_NAN __wcstod_nan
> > >> + # else
> > >> + # define STRTOF strtod_l
> > >> + # define __STRTOF __strtod_l
> > >> ++# define STRTOF_NAN __strtod_nan
> > >> + # endif
> > >> + # define MPN2FLOAT __mpn_construct_double
> > >> + # define FLOAT_HUGE_VAL HUGE_VAL
> > >> +-# define SET_MANTISSA(flt, mant) \
> > >> +- do { union ieee754_double u;
> > \
> > >> +- u.d = (flt);
> > \
> > >> +- u.ieee_nan.mantissa0 = (mant) >> 32;
> > \
> > >> +- u.ieee_nan.mantissa1 = (mant);
> > \
> > >> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0)
> > \
> > >> +- (flt) = u.d;
> > \
> > >> +- } while (0)
> > >> + #endif
> > >> + /* End of configuration part. */
> > >> +
> > >> + #include <ctype.h>
> > >> + #include <errno.h>
> > >> + #include <float.h>
> > >> +-#include <ieee754.h>
> > >> + #include "../locale/localeinfo.h"
> > >> + #include <locale.h>
> > >> + #include <math.h>
> > >> +@@ -105,7 +96,6 @@ extern unsigned long long int ____strtou
> > >> + # define TOLOWER_C(Ch) __towlower_l ((Ch), _nl_C_locobj_ptr)
> > >> + # define STRNCASECMP(S1, S2, N) \
> > >> + __wcsncasecmp_l ((S1), (S2), (N), _nl_C_locobj_ptr)
> > >> +-# define STRTOULL(S, E, B) ____wcstoull_l_internal ((S), (E), (B), 0,
> > loc)
> > >> + #else
> > >> + # define STRING_TYPE char
> > >> + # define CHAR_TYPE char
> > >> +@@ -117,7 +107,6 @@ extern unsigned long long int ____strtou
> > >> + # define TOLOWER_C(Ch) __tolower_l ((Ch), _nl_C_locobj_ptr)
> > >> + # define STRNCASECMP(S1, S2, N) \
> > >> + __strncasecmp_l ((S1), (S2), (N), _nl_C_locobj_ptr)
> > >> +-# define STRTOULL(S, E, B) ____strtoull_l_internal ((S), (E), (B), 0,
> > loc)
> > >> + #endif
> > >> +
> > >> +
> > >> +@@ -668,33 +657,14 @@ ____STRTOF_INTERNAL (nptr, endptr, group
> > >> + if (*cp == L_('('))
> > >> + {
> > >> + const STRING_TYPE *startp = cp;
> > >> +- do
> > >> +- ++cp;
> > >> +- while ((*cp >= L_('0') && *cp <= L_('9'))
> > >> +- || ({ CHAR_TYPE lo = TOLOWER (*cp);
> > >> +- lo >= L_('a') && lo <= L_('z'); })
> > >> +- || *cp == L_('_'));
> > >> +-
> > >> +- if (*cp != L_(')'))
> > >> +- /* The closing brace is missing. Only match the NAN
> > >> +- part. */
> > >> +- cp = startp;
> > >> ++ STRING_TYPE *endp;
> > >> ++ retval = STRTOF_NAN (cp + 1, &endp, L_(')'));
> > >> ++ if (*endp == L_(')'))
> > >> ++ /* Consume the closing parenthesis. */
> > >> ++ cp = endp + 1;
> > >> + else
> > >> +- {
> > >> +- /* This is a system-dependent way to specify the
> > >> +- bitmask used for the NaN. We expect it to be
> > >> +- a number which is put in the mantissa of the
> > >> +- number. */
> > >> +- STRING_TYPE *endp;
> > >> +- unsigned long long int mant;
> > >> +-
> > >> +- mant = STRTOULL (startp + 1, &endp, 0);
> > >> +- if (endp == cp)
> > >> +- SET_MANTISSA (retval, mant);
> > >> +-
> > >> +- /* Consume the closing brace. */
> > >> +- ++cp;
> > >> +- }
> > >> ++ /* Only match the NAN part. */
> > >> ++ cp = startp;
> > >> + }
> > >> +
> > >> + if (endptr != NULL)
> > >> +Index: git/stdlib/strtod_nan.c
> > >> +===================================================================
> > >> +--- /dev/null
> > >> ++++ git/stdlib/strtod_nan.c
> > >> +@@ -0,0 +1,24 @@
> > >> ++/* Convert string for NaN payload to corresponding NaN. Narrow
> > >> ++ strings, double.
> > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > >> ++ This file is part of the GNU C Library.
> > >> ++
> > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > >> ++ modify it under the terms of the GNU Lesser General Public
> > >> ++ License as published by the Free Software Foundation; either
> > >> ++ version 2.1 of the License, or (at your option) any later version.
> > >> ++
> > >> ++ The GNU C Library is distributed in the hope that it will be
> > useful,
> > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > >> ++ Lesser General Public License for more details.
> > >> ++
> > >> ++ You should have received a copy of the GNU Lesser General Public
> > >> ++ License along with the GNU C Library; if not, see
> > >> ++ <http://www.gnu.org/licenses/>. */
> > >> ++
> > >> ++#include <strtod_nan_narrow.h>
> > >> ++#include <strtod_nan_double.h>
> > >> ++
> > >> ++#define STRTOD_NAN __strtod_nan
> > >> ++#include <strtod_nan_main.c>
> > >> +Index: git/stdlib/strtod_nan_double.h
> > >> +===================================================================
> > >> +--- /dev/null
> > >> ++++ git/stdlib/strtod_nan_double.h
> > >> +@@ -0,0 +1,30 @@
> > >> ++/* Convert string for NaN payload to corresponding NaN. For double.
> > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > >> ++ This file is part of the GNU C Library.
> > >> ++
> > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > >> ++ modify it under the terms of the GNU Lesser General Public
> > >> ++ License as published by the Free Software Foundation; either
> > >> ++ version 2.1 of the License, or (at your option) any later version.
> > >> ++
> > >> ++ The GNU C Library is distributed in the hope that it will be
> > useful,
> > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > >> ++ Lesser General Public License for more details.
> > >> ++
> > >> ++ You should have received a copy of the GNU Lesser General Public
> > >> ++ License along with the GNU C Library; if not, see
> > >> ++ <http://www.gnu.org/licenses/>. */
> > >> ++
> > >> ++#define FLOAT double
> > >> ++#define SET_MANTISSA(flt, mant) \
> > >> ++ do \
> > >> ++ { \
> > >> ++ union ieee754_double u; \
> > >> ++ u.d = (flt); \
> > >> ++ u.ieee_nan.mantissa0 = (mant) >> 32; \
> > >> ++ u.ieee_nan.mantissa1 = (mant); \
> > >> ++ if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
> > >> ++ (flt) = u.d; \
> > >> ++ } \
> > >> ++ while (0)
> > >> +Index: git/stdlib/strtod_nan_float.h
> > >> +===================================================================
> > >> +--- /dev/null
> > >> ++++ git/stdlib/strtod_nan_float.h
> > >> +@@ -0,0 +1,29 @@
> > >> ++/* Convert string for NaN payload to corresponding NaN. For float.
> > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > >> ++ This file is part of the GNU C Library.
> > >> ++
> > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > >> ++ modify it under the terms of the GNU Lesser General Public
> > >> ++ License as published by the Free Software Foundation; either
> > >> ++ version 2.1 of the License, or (at your option) any later version.
> > >> ++
> > >> ++ The GNU C Library is distributed in the hope that it will be
> > useful,
> > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > >> ++ Lesser General Public License for more details.
> > >> ++
> > >> ++ You should have received a copy of the GNU Lesser General Public
> > >> ++ License along with the GNU C Library; if not, see
> > >> ++ <http://www.gnu.org/licenses/>. */
> > >> ++
> > >> ++#define FLOAT float
> > >> ++#define SET_MANTISSA(flt, mant) \
> > >> ++ do \
> > >> ++ { \
> > >> ++ union ieee754_float u; \
> > >> ++ u.f = (flt); \
> > >> ++ u.ieee_nan.mantissa = (mant); \
> > >> ++ if (u.ieee.mantissa != 0) \
> > >> ++ (flt) = u.f; \
> > >> ++ } \
> > >> ++ while (0)
> > >> +Index: git/stdlib/strtod_nan_main.c
> > >> +===================================================================
> > >> +--- /dev/null
> > >> ++++ git/stdlib/strtod_nan_main.c
> > >> +@@ -0,0 +1,63 @@
> > >> ++/* Convert string for NaN payload to corresponding NaN.
> > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > >> ++ This file is part of the GNU C Library.
> > >> ++
> > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > >> ++ modify it under the terms of the GNU Lesser General Public
> > >> ++ License as published by the Free Software Foundation; either
> > >> ++ version 2.1 of the License, or (at your option) any later version.
> > >> ++
> > >> ++ The GNU C Library is distributed in the hope that it will be
> > useful,
> > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > >> ++ Lesser General Public License for more details.
> > >> ++
> > >> ++ You should have received a copy of the GNU Lesser General Public
> > >> ++ License along with the GNU C Library; if not, see
> > >> ++ <http://www.gnu.org/licenses/>. */
> > >> ++
> > >> ++#include <ieee754.h>
> > >> ++#include <locale.h>
> > >> ++#include <math.h>
> > >> ++#include <stdlib.h>
> > >> ++#include <wchar.h>
> > >> ++
> > >> ++
> > >> ++/* If STR starts with an optional n-char-sequence as defined by ISO C
> > >> ++ (a sequence of ASCII letters, digits and underscores), followed by
> > >> ++ ENDC, return a NaN whose payload is set based on STR. Otherwise,
> > >> ++ return a default NAN. If ENDPTR is not NULL, set *ENDPTR to point
> > >> ++ to the character after the initial n-char-sequence. */
> > >> ++
> > >> ++internal_function
> > >> ++FLOAT
> > >> ++STRTOD_NAN (const STRING_TYPE *str, STRING_TYPE **endptr, STRING_TYPE
> > endc)
> > >> ++{
> > >> ++ const STRING_TYPE *cp = str;
> > >> ++
> > >> ++ while ((*cp >= L_('0') && *cp <= L_('9'))
> > >> ++ || (*cp >= L_('A') && *cp <= L_('Z'))
> > >> ++ || (*cp >= L_('a') && *cp <= L_('z'))
> > >> ++ || *cp == L_('_'))
> > >> ++ ++cp;
> > >> ++
> > >> ++ FLOAT retval = NAN;
> > >> ++ if (*cp != endc)
> > >> ++ goto out;
> > >> ++
> > >> ++ /* This is a system-dependent way to specify the bitmask used for
> > >> ++ the NaN. We expect it to be a number which is put in the
> > >> ++ mantissa of the number. */
> > >> ++ STRING_TYPE *endp;
> > >> ++ unsigned long long int mant;
> > >> ++
> > >> ++ mant = STRTOULL (str, &endp, 0);
> > >> ++ if (endp == cp)
> > >> ++ SET_MANTISSA (retval, mant);
> > >> ++
> > >> ++ out:
> > >> ++ if (endptr != NULL)
> > >> ++ *endptr = (STRING_TYPE *) cp;
> > >> ++ return retval;
> > >> ++}
> > >> ++libc_hidden_def (STRTOD_NAN)
> > >> +Index: git/stdlib/strtod_nan_narrow.h
> > >> +===================================================================
> > >> +--- /dev/null
> > >> ++++ git/stdlib/strtod_nan_narrow.h
> > >> +@@ -0,0 +1,22 @@
> > >> ++/* Convert string for NaN payload to corresponding NaN. Narrow
> > strings.
> > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > >> ++ This file is part of the GNU C Library.
> > >> ++
> > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > >> ++ modify it under the terms of the GNU Lesser General Public
> > >> ++ License as published by the Free Software Foundation; either
> > >> ++ version 2.1 of the License, or (at your option) any later version.
> > >> ++
> > >> ++ The GNU C Library is distributed in the hope that it will be
> > useful,
> > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > >> ++ Lesser General Public License for more details.
> > >> ++
> > >> ++ You should have received a copy of the GNU Lesser General Public
> > >> ++ License along with the GNU C Library; if not, see
> > >> ++ <http://www.gnu.org/licenses/>. */
> > >> ++
> > >> ++#define STRING_TYPE char
> > >> ++#define L_(Ch) Ch
> > >> ++#define STRTOULL(S, E, B) ____strtoull_l_internal ((S), (E), (B), 0,
> > \
> > >> ++ _nl_C_locobj_ptr)
> > >> +Index: git/stdlib/strtod_nan_wide.h
> > >> +===================================================================
> > >> +--- /dev/null
> > >> ++++ git/stdlib/strtod_nan_wide.h
> > >> +@@ -0,0 +1,22 @@
> > >> ++/* Convert string for NaN payload to corresponding NaN. Wide strings.
> > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > >> ++ This file is part of the GNU C Library.
> > >> ++
> > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > >> ++ modify it under the terms of the GNU Lesser General Public
> > >> ++ License as published by the Free Software Foundation; either
> > >> ++ version 2.1 of the License, or (at your option) any later version.
> > >> ++
> > >> ++ The GNU C Library is distributed in the hope that it will be
> > useful,
> > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > >> ++ Lesser General Public License for more details.
> > >> ++
> > >> ++ You should have received a copy of the GNU Lesser General Public
> > >> ++ License along with the GNU C Library; if not, see
> > >> ++ <http://www.gnu.org/licenses/>. */
> > >> ++
> > >> ++#define STRING_TYPE wchar_t
> > >> ++#define L_(Ch) L##Ch
> > >> ++#define STRTOULL(S, E, B) ____wcstoull_l_internal ((S), (E), (B), 0,
> > \
> > >> ++ _nl_C_locobj_ptr)
> > >> +Index: git/stdlib/strtof_l.c
> > >> +===================================================================
> > >> +--- git.orig/stdlib/strtof_l.c
> > >> ++++ git/stdlib/strtof_l.c
> > >> +@@ -20,26 +20,19 @@
> > >> + #include <xlocale.h>
> > >> +
> > >> + extern float ____strtof_l_internal (const char *, char **, int,
> > __locale_t);
> > >> +-extern unsigned long long int ____strtoull_l_internal (const char *,
> > char **,
> > >> +- int, int,
> > __locale_t);
> > >> +
> > >> + #define FLOAT float
> > >> + #define FLT FLT
> > >> + #ifdef USE_WIDE_CHAR
> > >> + # define STRTOF wcstof_l
> > >> + # define __STRTOF __wcstof_l
> > >> ++# define STRTOF_NAN __wcstof_nan
> > >> + #else
> > >> + # define STRTOF strtof_l
> > >> + # define __STRTOF __strtof_l
> > >> ++# define STRTOF_NAN __strtof_nan
> > >> + #endif
> > >> + #define MPN2FLOAT __mpn_construct_float
> > >> + #define FLOAT_HUGE_VAL HUGE_VALF
> > >> +-#define SET_MANTISSA(flt, mant) \
> > >> +- do { union ieee754_float u;
> > \
> > >> +- u.f = (flt);
> > \
> > >> +- u.ieee_nan.mantissa = (mant);
> > \
> > >> +- if (u.ieee.mantissa != 0)
> > \
> > >> +- (flt) = u.f;
> > \
> > >> +- } while (0)
> > >> +
> > >> + #include "strtod_l.c"
> > >> +Index: git/stdlib/strtof_nan.c
> > >> +===================================================================
> > >> +--- /dev/null
> > >> ++++ git/stdlib/strtof_nan.c
> > >> +@@ -0,0 +1,24 @@
> > >> ++/* Convert string for NaN payload to corresponding NaN. Narrow
> > >> ++ strings, float.
> > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > >> ++ This file is part of the GNU C Library.
> > >> ++
> > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > >> ++ modify it under the terms of the GNU Lesser General Public
> > >> ++ License as published by the Free Software Foundation; either
> > >> ++ version 2.1 of the License, or (at your option) any later version.
> > >> ++
> > >> ++ The GNU C Library is distributed in the hope that it will be
> > useful,
> > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > >> ++ Lesser General Public License for more details.
> > >> ++
> > >> ++ You should have received a copy of the GNU Lesser General Public
> > >> ++ License along with the GNU C Library; if not, see
> > >> ++ <http://www.gnu.org/licenses/>. */
> > >> ++
> > >> ++#include <strtod_nan_narrow.h>
> > >> ++#include <strtod_nan_float.h>
> > >> ++
> > >> ++#define STRTOD_NAN __strtof_nan
> > >> ++#include <strtod_nan_main.c>
> > >> +Index: git/stdlib/strtold_nan.c
> > >> +===================================================================
> > >> +--- /dev/null
> > >> ++++ git/stdlib/strtold_nan.c
> > >> +@@ -0,0 +1,30 @@
> > >> ++/* Convert string for NaN payload to corresponding NaN. Narrow
> > >> ++ strings, long double.
> > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > >> ++ This file is part of the GNU C Library.
> > >> ++
> > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > >> ++ modify it under the terms of the GNU Lesser General Public
> > >> ++ License as published by the Free Software Foundation; either
> > >> ++ version 2.1 of the License, or (at your option) any later version.
> > >> ++
> > >> ++ The GNU C Library is distributed in the hope that it will be
> > useful,
> > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > >> ++ Lesser General Public License for more details.
> > >> ++
> > >> ++ You should have received a copy of the GNU Lesser General Public
> > >> ++ License along with the GNU C Library; if not, see
> > >> ++ <http://www.gnu.org/licenses/>. */
> > >> ++
> > >> ++#include <math.h>
> > >> ++
> > >> ++/* This function is unused if long double and double have the same
> > >> ++ representation. */
> > >> ++#ifndef __NO_LONG_DOUBLE_MATH
> > >> ++# include <strtod_nan_narrow.h>
> > >> ++# include <strtod_nan_ldouble.h>
> > >> ++
> > >> ++# define STRTOD_NAN __strtold_nan
> > >> ++# include <strtod_nan_main.c>
> > >> ++#endif
> > >> +Index: git/sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
> > >> +===================================================================
> > >> +--- /dev/null
> > >> ++++ git/sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
> > >> +@@ -0,0 +1,33 @@
> > >> ++/* Convert string for NaN payload to corresponding NaN. For ldbl-128.
> > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > >> ++ This file is part of the GNU C Library.
> > >> ++
> > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > >> ++ modify it under the terms of the GNU Lesser General Public
> > >> ++ License as published by the Free Software Foundation; either
> > >> ++ version 2.1 of the License, or (at your option) any later version.
> > >> ++
> > >> ++ The GNU C Library is distributed in the hope that it will be
> > useful,
> > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > >> ++ Lesser General Public License for more details.
> > >> ++
> > >> ++ You should have received a copy of the GNU Lesser General Public
> > >> ++ License along with the GNU C Library; if not, see
> > >> ++ <http://www.gnu.org/licenses/>. */
> > >> ++
> > >> ++#define FLOAT long double
> > >> ++#define SET_MANTISSA(flt, mant) \
> > >> ++ do \
> > >> ++ { \
> > >> ++ union ieee854_long_double u; \
> > >> ++ u.d = (flt); \
> > >> ++ u.ieee_nan.mantissa0 = 0; \
> > >> ++ u.ieee_nan.mantissa1 = 0; \
> > >> ++ u.ieee_nan.mantissa2 = (mant) >> 32; \
> > >> ++ u.ieee_nan.mantissa3 = (mant); \
> > >> ++ if ((u.ieee.mantissa0 | u.ieee.mantissa1 \
> > >> ++ | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \
> > >> ++ (flt) = u.d; \
> > >> ++ } \
> > >> ++ while (0)
> > >> +Index: git/sysdeps/ieee754/ldbl-128/strtold_l.c
> > >> +===================================================================
> > >> +--- git.orig/sysdeps/ieee754/ldbl-128/strtold_l.c
> > >> ++++ git/sysdeps/ieee754/ldbl-128/strtold_l.c
> > >> +@@ -25,22 +25,13 @@
> > >> + #ifdef USE_WIDE_CHAR
> > >> + # define STRTOF wcstold_l
> > >> + # define __STRTOF __wcstold_l
> > >> ++# define STRTOF_NAN __wcstold_nan
> > >> + #else
> > >> + # define STRTOF strtold_l
> > >> + # define __STRTOF __strtold_l
> > >> ++# define STRTOF_NAN __strtold_nan
> > >> + #endif
> > >> + #define MPN2FLOAT __mpn_construct_long_double
> > >> + #define FLOAT_HUGE_VAL HUGE_VALL
> > >> +-#define SET_MANTISSA(flt, mant) \
> > >> +- do { union ieee854_long_double u;
> > \
> > >> +- u.d = (flt);
> > \
> > >> +- u.ieee_nan.mantissa0 = 0;
> > \
> > >> +- u.ieee_nan.mantissa1 = 0;
> > \
> > >> +- u.ieee_nan.mantissa2 = (mant) >> 32;
> > \
> > >> +- u.ieee_nan.mantissa3 = (mant);
> > \
> > >> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1
> > \
> > >> +- | u.ieee.mantissa2 | u.ieee.mantissa3) != 0)
> > \
> > >> +- (flt) = u.d;
> > \
> > >> +- } while (0)
> > >> +
> > >> + #include <strtod_l.c>
> > >> +Index: git/sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
> > >> +===================================================================
> > >> +--- /dev/null
> > >> ++++ git/sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
> > >> +@@ -0,0 +1,30 @@
> > >> ++/* Convert string for NaN payload to corresponding NaN. For
> > ldbl-128ibm.
> > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > >> ++ This file is part of the GNU C Library.
> > >> ++
> > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > >> ++ modify it under the terms of the GNU Lesser General Public
> > >> ++ License as published by the Free Software Foundation; either
> > >> ++ version 2.1 of the License, or (at your option) any later version.
> > >> ++
> > >> ++ The GNU C Library is distributed in the hope that it will be
> > useful,
> > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > >> ++ Lesser General Public License for more details.
> > >> ++
> > >> ++ You should have received a copy of the GNU Lesser General Public
> > >> ++ License along with the GNU C Library; if not, see
> > >> ++ <http://www.gnu.org/licenses/>. */
> > >> ++
> > >> ++#define FLOAT long double
> > >> ++#define SET_MANTISSA(flt, mant) \
> > >> ++ do \
> > >> ++ { \
> > >> ++ union ibm_extended_long_double u; \
> > >> ++ u.ld = (flt); \
> > >> ++ u.d[0].ieee_nan.mantissa0 = (mant) >> 32; \
> > >> ++ u.d[0].ieee_nan.mantissa1 = (mant); \
> > >> ++ if ((u.d[0].ieee.mantissa0 | u.d[0].ieee.mantissa1) != 0) \
> > >> ++ (flt) = u.ld; \
> > >> ++ } \
> > >> ++ while (0)
> > >> +Index: git/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
> > >> +===================================================================
> > >> +--- git.orig/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
> > >> ++++ git/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
> > >> +@@ -30,25 +30,19 @@ extern long double ____new_wcstold_l (co
> > >> + # define STRTOF __new_wcstold_l
> > >> + # define __STRTOF ____new_wcstold_l
> > >> + # define ____STRTOF_INTERNAL ____wcstold_l_internal
> > >> ++# define STRTOF_NAN __wcstold_nan
> > >> + #else
> > >> + extern long double ____new_strtold_l (const char *, char **,
> > __locale_t);
> > >> + # define STRTOF __new_strtold_l
> > >> + # define __STRTOF ____new_strtold_l
> > >> + # define ____STRTOF_INTERNAL ____strtold_l_internal
> > >> ++# define STRTOF_NAN __strtold_nan
> > >> + #endif
> > >> + extern __typeof (__STRTOF) STRTOF;
> > >> + libc_hidden_proto (__STRTOF)
> > >> + libc_hidden_proto (STRTOF)
> > >> + #define MPN2FLOAT __mpn_construct_long_double
> > >> + #define FLOAT_HUGE_VAL HUGE_VALL
> > >> +-# define SET_MANTISSA(flt, mant) \
> > >> +- do { union ibm_extended_long_double u;
> > \
> > >> +- u.ld = (flt);
> > \
> > >> +- u.d[0].ieee_nan.mantissa0 = (mant) >> 32;
> > \
> > >> +- u.d[0].ieee_nan.mantissa1 = (mant);
> > \
> > >> +- if ((u.d[0].ieee.mantissa0 | u.d[0].ieee.mantissa1) != 0)
> > \
> > >> +- (flt) = u.ld;
> > \
> > >> +- } while (0)
> > >> +
> > >> + #include <strtod_l.c>
> > >> +
> > >> +Index: git/sysdeps/ieee754/ldbl-64-128/strtold_l.c
> > >> +===================================================================
> > >> +--- git.orig/sysdeps/ieee754/ldbl-64-128/strtold_l.c
> > >> ++++ git/sysdeps/ieee754/ldbl-64-128/strtold_l.c
> > >> +@@ -30,28 +30,19 @@ extern long double ____new_wcstold_l (co
> > >> + # define STRTOF __new_wcstold_l
> > >> + # define __STRTOF ____new_wcstold_l
> > >> + # define ____STRTOF_INTERNAL ____wcstold_l_internal
> > >> ++# define STRTOF_NAN __wcstold_nan
> > >> + #else
> > >> + extern long double ____new_strtold_l (const char *, char **,
> > __locale_t);
> > >> + # define STRTOF __new_strtold_l
> > >> + # define __STRTOF ____new_strtold_l
> > >> + # define ____STRTOF_INTERNAL ____strtold_l_internal
> > >> ++# define STRTOF_NAN __strtold_nan
> > >> + #endif
> > >> + extern __typeof (__STRTOF) STRTOF;
> > >> + libc_hidden_proto (__STRTOF)
> > >> + libc_hidden_proto (STRTOF)
> > >> + #define MPN2FLOAT __mpn_construct_long_double
> > >> + #define FLOAT_HUGE_VAL HUGE_VALL
> > >> +-#define SET_MANTISSA(flt, mant) \
> > >> +- do { union ieee854_long_double u;
> > \
> > >> +- u.d = (flt);
> > \
> > >> +- u.ieee_nan.mantissa0 = 0;
> > \
> > >> +- u.ieee_nan.mantissa1 = 0;
> > \
> > >> +- u.ieee_nan.mantissa2 = (mant) >> 32;
> > \
> > >> +- u.ieee_nan.mantissa3 = (mant);
> > \
> > >> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1
> > \
> > >> +- | u.ieee.mantissa2 | u.ieee.mantissa3) != 0)
> > \
> > >> +- (flt) = u.d;
> > \
> > >> +- } while (0)
> > >> +
> > >> + #include <strtod_l.c>
> > >> +
> > >> +Index: git/sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
> > >> +===================================================================
> > >> +--- /dev/null
> > >> ++++ git/sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
> > >> +@@ -0,0 +1,30 @@
> > >> ++/* Convert string for NaN payload to corresponding NaN. For ldbl-96.
> > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > >> ++ This file is part of the GNU C Library.
> > >> ++
> > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > >> ++ modify it under the terms of the GNU Lesser General Public
> > >> ++ License as published by the Free Software Foundation; either
> > >> ++ version 2.1 of the License, or (at your option) any later version.
> > >> ++
> > >> ++ The GNU C Library is distributed in the hope that it will be
> > useful,
> > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > >> ++ Lesser General Public License for more details.
> > >> ++
> > >> ++ You should have received a copy of the GNU Lesser General Public
> > >> ++ License along with the GNU C Library; if not, see
> > >> ++ <http://www.gnu.org/licenses/>. */
> > >> ++
> > >> ++#define FLOAT long double
> > >> ++#define SET_MANTISSA(flt, mant) \
> > >> ++ do \
> > >> ++ { \
> > >> ++ union ieee854_long_double u; \
> > >> ++ u.d = (flt); \
> > >> ++ u.ieee_nan.mantissa0 = (mant) >> 32; \
> > >> ++ u.ieee_nan.mantissa1 = (mant); \
> > >> ++ if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
> > >> ++ (flt) = u.d; \
> > >> ++ } \
> > >> ++ while (0)
> > >> +Index: git/sysdeps/ieee754/ldbl-96/strtold_l.c
> > >> +===================================================================
> > >> +--- git.orig/sysdeps/ieee754/ldbl-96/strtold_l.c
> > >> ++++ git/sysdeps/ieee754/ldbl-96/strtold_l.c
> > >> +@@ -25,19 +25,13 @@
> > >> + #ifdef USE_WIDE_CHAR
> > >> + # define STRTOF wcstold_l
> > >> + # define __STRTOF __wcstold_l
> > >> ++# define STRTOF_NAN __wcstold_nan
> > >> + #else
> > >> + # define STRTOF strtold_l
> > >> + # define __STRTOF __strtold_l
> > >> ++# define STRTOF_NAN __strtold_nan
> > >> + #endif
> > >> + #define MPN2FLOAT __mpn_construct_long_double
> > >> + #define FLOAT_HUGE_VAL HUGE_VALL
> > >> +-#define SET_MANTISSA(flt, mant) \
> > >> +- do { union ieee854_long_double u;
> > \
> > >> +- u.d = (flt);
> > \
> > >> +- u.ieee_nan.mantissa0 = (mant) >> 32;
> > \
> > >> +- u.ieee_nan.mantissa1 = (mant);
> > \
> > >> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0)
> > \
> > >> +- (flt) = u.d;
> > \
> > >> +- } while (0)
> > >> +
> > >> + #include <stdlib/strtod_l.c>
> > >> +Index: git/wcsmbs/Makefile
> > >> +===================================================================
> > >> +--- git.orig/wcsmbs/Makefile
> > >> ++++ git/wcsmbs/Makefile
> > >> +@@ -39,6 +39,7 @@ routines-$(OPTION_POSIX_C_LANG_WIDE_CHAR
> > >> + wcstol wcstoul wcstoll wcstoull wcstod wcstold wcstof \
> > >> + wcstol_l wcstoul_l wcstoll_l wcstoull_l \
> > >> + wcstod_l wcstold_l wcstof_l \
> > >> ++ wcstod_nan wcstold_nan wcstof_nan \
> > >> + wcscoll wcsxfrm \
> > >> + wcwidth wcswidth \
> > >> + wcscoll_l wcsxfrm_l \
> > >> +Index: git/wcsmbs/wcstod_l.c
> > >> +===================================================================
> > >> +--- git.orig/wcsmbs/wcstod_l.c
> > >> ++++ git/wcsmbs/wcstod_l.c
> > >> +@@ -23,9 +23,6 @@
> > >> +
> > >> + extern double ____wcstod_l_internal (const wchar_t *, wchar_t **, int,
> > >> + __locale_t);
> > >> +-extern unsigned long long int ____wcstoull_l_internal (const wchar_t
> > *,
> > >> +- wchar_t **, int,
> > int,
> > >> +- __locale_t);
> > >> +
> > >> + #define USE_WIDE_CHAR 1
> > >> +
> > >> +Index: git/wcsmbs/wcstod_nan.c
> > >> +===================================================================
> > >> +--- /dev/null
> > >> ++++ git/wcsmbs/wcstod_nan.c
> > >> +@@ -0,0 +1,23 @@
> > >> ++/* Convert string for NaN payload to corresponding NaN. Wide
> > strings, double.
> > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > >> ++ This file is part of the GNU C Library.
> > >> ++
> > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > >> ++ modify it under the terms of the GNU Lesser General Public
> > >> ++ License as published by the Free Software Foundation; either
> > >> ++ version 2.1 of the License, or (at your option) any later version.
> > >> ++
> > >> ++ The GNU C Library is distributed in the hope that it will be
> > useful,
> > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > >> ++ Lesser General Public License for more details.
> > >> ++
> > >> ++ You should have received a copy of the GNU Lesser General Public
> > >> ++ License along with the GNU C Library; if not, see
> > >> ++ <http://www.gnu.org/licenses/>. */
> > >> ++
> > >> ++#include "../stdlib/strtod_nan_wide.h"
> > >> ++#include "../stdlib/strtod_nan_double.h"
> > >> ++
> > >> ++#define STRTOD_NAN __wcstod_nan
> > >> ++#include "../stdlib/strtod_nan_main.c"
> > >> +Index: git/wcsmbs/wcstof_l.c
> > >> +===================================================================
> > >> +--- git.orig/wcsmbs/wcstof_l.c
> > >> ++++ git/wcsmbs/wcstof_l.c
> > >> +@@ -25,8 +25,5 @@
> > >> +
> > >> + extern float ____wcstof_l_internal (const wchar_t *, wchar_t **, int,
> > >> + __locale_t);
> > >> +-extern unsigned long long int ____wcstoull_l_internal (const wchar_t
> > *,
> > >> +- wchar_t **, int,
> > int,
> > >> +- __locale_t);
> > >> +
> > >> + #include <stdlib/strtof_l.c>
> > >> +Index: git/wcsmbs/wcstof_nan.c
> > >> +===================================================================
> > >> +--- /dev/null
> > >> ++++ git/wcsmbs/wcstof_nan.c
> > >> +@@ -0,0 +1,23 @@
> > >> ++/* Convert string for NaN payload to corresponding NaN. Wide
> > strings, float.
> > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > >> ++ This file is part of the GNU C Library.
> > >> ++
> > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > >> ++ modify it under the terms of the GNU Lesser General Public
> > >> ++ License as published by the Free Software Foundation; either
> > >> ++ version 2.1 of the License, or (at your option) any later version.
> > >> ++
> > >> ++ The GNU C Library is distributed in the hope that it will be
> > useful,
> > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > >> ++ Lesser General Public License for more details.
> > >> ++
> > >> ++ You should have received a copy of the GNU Lesser General Public
> > >> ++ License along with the GNU C Library; if not, see
> > >> ++ <http://www.gnu.org/licenses/>. */
> > >> ++
> > >> ++#include "../stdlib/strtod_nan_wide.h"
> > >> ++#include "../stdlib/strtod_nan_float.h"
> > >> ++
> > >> ++#define STRTOD_NAN __wcstof_nan
> > >> ++#include "../stdlib/strtod_nan_main.c"
> > >> +Index: git/wcsmbs/wcstold_l.c
> > >> +===================================================================
> > >> +--- git.orig/wcsmbs/wcstold_l.c
> > >> ++++ git/wcsmbs/wcstold_l.c
> > >> +@@ -24,8 +24,5 @@
> > >> +
> > >> + extern long double ____wcstold_l_internal (const wchar_t *, wchar_t
> > **, int,
> > >> + __locale_t);
> > >> +-extern unsigned long long int ____wcstoull_l_internal (const wchar_t
> > *,
> > >> +- wchar_t **, int,
> > int,
> > >> +- __locale_t);
> > >> +
> > >> + #include <strtold_l.c>
> > >> +Index: git/wcsmbs/wcstold_nan.c
> > >> +===================================================================
> > >> +--- /dev/null
> > >> ++++ git/wcsmbs/wcstold_nan.c
> > >> +@@ -0,0 +1,30 @@
> > >> ++/* Convert string for NaN payload to corresponding NaN. Wide strings,
> > >> ++ long double.
> > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > >> ++ This file is part of the GNU C Library.
> > >> ++
> > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > >> ++ modify it under the terms of the GNU Lesser General Public
> > >> ++ License as published by the Free Software Foundation; either
> > >> ++ version 2.1 of the License, or (at your option) any later version.
> > >> ++
> > >> ++ The GNU C Library is distributed in the hope that it will be
> > useful,
> > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > >> ++ Lesser General Public License for more details.
> > >> ++
> > >> ++ You should have received a copy of the GNU Lesser General Public
> > >> ++ License along with the GNU C Library; if not, see
> > >> ++ <http://www.gnu.org/licenses/>. */
> > >> ++
> > >> ++#include <math.h>
> > >> ++
> > >> ++/* This function is unused if long double and double have the same
> > >> ++ representation. */
> > >> ++#ifndef __NO_LONG_DOUBLE_MATH
> > >> ++# include "../stdlib/strtod_nan_wide.h"
> > >> ++# include <strtod_nan_ldouble.h>
> > >> ++
> > >> ++# define STRTOD_NAN __wcstold_nan
> > >> ++# include "../stdlib/strtod_nan_main.c"
> > >> ++#endif
> > >> +Index: git/ChangeLog
> > >> +===================================================================
> > >> +--- git.orig/ChangeLog
> > >> ++++ git/ChangeLog
> > >> +@@ -1,3 +1,57 @@
> > >> ++2015-11-24 Joseph Myers <joseph@codesourcery.com>
> > >> ++
> > >> ++ * stdlib/strtod_nan.c: New file.
> > >> ++ * stdlib/strtod_nan_double.h: Likewise.
> > >> ++ * stdlib/strtod_nan_float.h: Likewise.
> > >> ++ * stdlib/strtod_nan_main.c: Likewise.
> > >> ++ * stdlib/strtod_nan_narrow.h: Likewise.
> > >> ++ * stdlib/strtod_nan_wide.h: Likewise.
> > >> ++ * stdlib/strtof_nan.c: Likewise.
> > >> ++ * stdlib/strtold_nan.c: Likewise.
> > >> ++ * sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h: Likewise.
> > >> ++ * sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h: Likewise.
> > >> ++ * sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h: Likewise.
> > >> ++ * wcsmbs/wcstod_nan.c: Likewise.
> > >> ++ * wcsmbs/wcstof_nan.c: Likewise.
> > >> ++ * wcsmbs/wcstold_nan.c: Likewise.
> > >> ++ * stdlib/Makefile (routines): Add strtof_nan, strtod_nan and
> > >> ++ strtold_nan.
> > >> ++ * wcsmbs/Makefile (routines): Add wcstod_nan, wcstold_nan and
> > >> ++ wcstof_nan.
> > >> ++ * include/stdlib.h (__strtof_nan): Declare and use
> > >> ++ libc_hidden_proto.
> > >> ++ (__strtod_nan): Likewise.
> > >> ++ (__strtold_nan): Likewise.
> > >> ++ (__wcstof_nan): Likewise.
> > >> ++ (__wcstod_nan): Likewise.
> > >> ++ (__wcstold_nan): Likewise.
> > >> ++ * include/wchar.h (____wcstoull_l_internal): Declare.
> > >> ++ * stdlib/strtod_l.c: Do not include <ieee754.h>.
> > >> ++ (____strtoull_l_internal): Remove declaration.
> > >> ++ (STRTOF_NAN): Define macro.
> > >> ++ (SET_MANTISSA): Remove macro.
> > >> ++ (STRTOULL): Likewise.
> > >> ++ (____STRTOF_INTERNAL): Use STRTOF_NAN to parse NaN payload.
> > >> ++ * stdlib/strtof_l.c (____strtoull_l_internal): Remove declaration.
> > >> ++ (STRTOF_NAN): Define macro.
> > >> ++ (SET_MANTISSA): Remove macro.
> > >> ++ * sysdeps/ieee754/ldbl-128/strtold_l.c (STRTOF_NAN): Define macro.
> > >> ++ (SET_MANTISSA): Remove macro.
> > >> ++ * sysdeps/ieee754/ldbl-128ibm/strtold_l.c (STRTOF_NAN): Define
> > >> ++ macro.
> > >> ++ (SET_MANTISSA): Remove macro.
> > >> ++ * sysdeps/ieee754/ldbl-64-128/strtold_l.c (STRTOF_NAN): Define
> > >> ++ macro.
> > >> ++ (SET_MANTISSA): Remove macro.
> > >> ++ * sysdeps/ieee754/ldbl-96/strtold_l.c (STRTOF_NAN): Define macro.
> > >> ++ (SET_MANTISSA): Remove macro.
> > >> ++ * wcsmbs/wcstod_l.c (____wcstoull_l_internal): Remove declaration.
> > >> ++ * wcsmbs/wcstof_l.c (____wcstoull_l_internal): Likewise.
> > >> ++ * wcsmbs/wcstold_l.c (____wcstoull_l_internal): Likewise.
> > >> ++
> > >> ++ [BZ #19266]
> > >> ++ * stdlib/strtod_l.c (____STRTOF_INTERNAL): Check directly for
> > >> ++ upper case and lower case letters inside NAN(), not using TOLOWER.
> > >> + 2015-08-08 Paul Pluzhnikov <ppluzhnikov@google.com>
> > >> +
> > >> + [BZ #17905]
> > >> diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
> > b/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
> > >> new file mode 100644
> > >> index 0000000..0df5e50
> > >> --- /dev/null
> > >> +++ b/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
> > >> @@ -0,0 +1,388 @@
> > >> +From 8f5e8b01a1da2a207228f2072c934fa5918554b8 Mon Sep 17 00:00:00 2001
> > >> +From: Joseph Myers <joseph@codesourcery.com>
> > >> +Date: Fri, 4 Dec 2015 20:36:28 +0000
> > >> +Subject: [PATCH] Fix nan functions handling of payload strings (bug
> > 16961, bug
> > >> + 16962).
> > >> +
> > >> +The nan, nanf and nanl functions handle payload strings by doing e.g.:
> > >> +
> > >> + if (tagp[0] != '\0')
> > >> + {
> > >> + char buf[6 + strlen (tagp)];
> > >> + sprintf (buf, "NAN(%s)", tagp);
> > >> + return strtod (buf, NULL);
> > >> + }
> > >> +
> > >> +This is an unbounded stack allocation based on the length of the
> > >> +argument. Furthermore, if the argument starts with an n-char-sequence
> > >> +followed by ')', that n-char-sequence is wrongly treated as
> > >> +significant for determining the payload of the resulting NaN, when ISO
> > >> +C says the call should be equivalent to strtod ("NAN", NULL), without
> > >> +being affected by that initial n-char-sequence. This patch fixes both
> > >> +those problems by using the __strtod_nan etc. functions recently
> > >> +factored out of strtod etc. for that purpose, with those functions
> > >> +being exported from libc at version GLIBC_PRIVATE.
> > >> +
> > >> +Tested for x86_64, x86, mips64 and powerpc.
> > >> +
> > >> + [BZ #16961]
> > >> + [BZ #16962]
> > >> + * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
> > >> + string on the stack for strtod.
> > >> + * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
> > >> + a string on the stack for strtof.
> > >> + * math/s_nanl.c (__nanl): Use __strtold_nan instead of
> > >> + constructing a string on the stack for strtold.
> > >> + * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
> > >> + __strtold_nan to GLIBC_PRIVATE.
> > >> + * math/test-nan-overflow.c: New file.
> > >> + * math/test-nan-payload.c: Likewise.
> > >> + * math/Makefile (tests): Add test-nan-overflow and
> > >> + test-nan-payload.
> > >> +
> > >> +Upstream-Status: Backport
> > >> +CVE: CVE-2015-9761 patch #2
> > >> +[Yocto # 8980]
> > >> +
> > >> +
> > https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f5e8b01a1da2a207228f2072c934fa5918554b8
> > >> +
> > >> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> > >> +
> > >> +---
> > >> + ChangeLog | 17 +++++++
> > >> + NEWS | 6 +++
> > >> + math/Makefile | 3 +-
> > >> + math/s_nan.c | 9 +---
> > >> + math/s_nanf.c | 9 +---
> > >> + math/s_nanl.c | 9 +---
> > >> + math/test-nan-overflow.c | 66 +++++++++++++++++++++++++
> > >> + math/test-nan-payload.c | 122
> > +++++++++++++++++++++++++++++++++++++++++++++++
> > >> + stdlib/Versions | 1 +
> > >> + 9 files changed, 217 insertions(+), 25 deletions(-)
> > >> + create mode 100644 math/test-nan-overflow.c
> > >> + create mode 100644 math/test-nan-payload.c
> > >> +
> > >> +Index: git/ChangeLog
> > >> +===================================================================
> > >> +--- git.orig/ChangeLog
> > >> ++++ git/ChangeLog
> > >> +@@ -1,3 +1,20 @@
> > >> ++2015-12-04 Joseph Myers <joseph@codesourcery.com>
> > >> ++
> > >> ++ [BZ #16961]
> > >> ++ [BZ #16962]
> > >> ++ * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
> > >> ++ string on the stack for strtod.
> > >> ++ * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
> > >> ++ a string on the stack for strtof.
> > >> ++ * math/s_nanl.c (__nanl): Use __strtold_nan instead of
> > >> ++ constructing a string on the stack for strtold.
> > >> ++ * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
> > >> ++ __strtold_nan to GLIBC_PRIVATE.
> > >> ++ * math/test-nan-overflow.c: New file.
> > >> ++ * math/test-nan-payload.c: Likewise.
> > >> ++ * math/Makefile (tests): Add test-nan-overflow and
> > >> ++ test-nan-payload.
> > >> ++
> > >> + 2015-11-24 Joseph Myers <joseph@codesourcery.com>
> > >> +
> > >> + * stdlib/strtod_nan.c: New file.
> > >> +Index: git/NEWS
> > >> +===================================================================
> > >> +--- git.orig/NEWS
> > >> ++++ git/NEWS
> > >> +@@ -7,6 +7,12 @@ using `glibc' in the "product" field.
> > >> +
> > >> + Version 2.21
> > >> +
> > >> ++Security related changes:
> > >> ++
> > >> ++* The nan, nanf and nanl functions no longer have unbounded stack
> > usage
> > >> ++ depending on the length of the string passed as an argument to the
> > >> ++ functions. Reported by Joseph Myers.
> > >> ++
> > >> + * The following bugs are resolved with this release:
> > >> +
> > >> + 6652, 10672, 12674, 12847, 12926, 13862, 14132, 14138, 14171, 14498,
> > >> +Index: git/math/s_nan.c
> > >> +===================================================================
> > >> +--- git.orig/math/s_nan.c
> > >> ++++ git/math/s_nan.c
> > >> +@@ -28,14 +28,7 @@
> > >> + double
> > >> + __nan (const char *tagp)
> > >> + {
> > >> +- if (tagp[0] != '\0')
> > >> +- {
> > >> +- char buf[6 + strlen (tagp)];
> > >> +- sprintf (buf, "NAN(%s)", tagp);
> > >> +- return strtod (buf, NULL);
> > >> +- }
> > >> +-
> > >> +- return NAN;
> > >> ++ return __strtod_nan (tagp, NULL, 0);
> > >> + }
> > >> + weak_alias (__nan, nan)
> > >> + #ifdef NO_LONG_DOUBLE
> > >> +Index: git/math/s_nanf.c
> > >> +===================================================================
> > >> +--- git.orig/math/s_nanf.c
> > >> ++++ git/math/s_nanf.c
> > >> +@@ -28,13 +28,6 @@
> > >> + float
> > >> + __nanf (const char *tagp)
> > >> + {
> > >> +- if (tagp[0] != '\0')
> > >> +- {
> > >> +- char buf[6 + strlen (tagp)];
> > >> +- sprintf (buf, "NAN(%s)", tagp);
> > >> +- return strtof (buf, NULL);
> > >> +- }
> > >> +-
> > >> +- return NAN;
> > >> ++ return __strtof_nan (tagp, NULL, 0);
> > >> + }
> > >> + weak_alias (__nanf, nanf)
> > >> +Index: git/math/s_nanl.c
> > >> +===================================================================
> > >> +--- git.orig/math/s_nanl.c
> > >> ++++ git/math/s_nanl.c
> > >> +@@ -28,13 +28,6 @@
> > >> + long double
> > >> + __nanl (const char *tagp)
> > >> + {
> > >> +- if (tagp[0] != '\0')
> > >> +- {
> > >> +- char buf[6 + strlen (tagp)];
> > >> +- sprintf (buf, "NAN(%s)", tagp);
> > >> +- return strtold (buf, NULL);
> > >> +- }
> > >> +-
> > >> +- return NAN;
> > >> ++ return __strtold_nan (tagp, NULL, 0);
> > >> + }
> > >> + weak_alias (__nanl, nanl)
> > >> +Index: git/math/test-nan-overflow.c
> > >> +===================================================================
> > >> +--- /dev/null
> > >> ++++ git/math/test-nan-overflow.c
> > >> +@@ -0,0 +1,66 @@
> > >> ++/* Test nan functions stack overflow (bug 16962).
> > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > >> ++ This file is part of the GNU C Library.
> > >> ++
> > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > >> ++ modify it under the terms of the GNU Lesser General Public
> > >> ++ License as published by the Free Software Foundation; either
> > >> ++ version 2.1 of the License, or (at your option) any later version.
> > >> ++
> > >> ++ The GNU C Library is distributed in the hope that it will be
> > useful,
> > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > >> ++ Lesser General Public License for more details.
> > >> ++
> > >> ++ You should have received a copy of the GNU Lesser General Public
> > >> ++ License along with the GNU C Library; if not, see
> > >> ++ <http://www.gnu.org/licenses/>. */
> > >> ++
> > >> ++#include <math.h>
> > >> ++#include <stdio.h>
> > >> ++#include <string.h>
> > >> ++#include <sys/resource.h>
> > >> ++
> > >> ++#define STACK_LIM 1048576
> > >> ++#define STRING_SIZE (2 * STACK_LIM)
> > >> ++
> > >> ++static int
> > >> ++do_test (void)
> > >> ++{
> > >> ++ int result = 0;
> > >> ++ struct rlimit lim;
> > >> ++ getrlimit (RLIMIT_STACK, &lim);
> > >> ++ lim.rlim_cur = STACK_LIM;
> > >> ++ setrlimit (RLIMIT_STACK, &lim);
> > >> ++ char *nanstr = malloc (STRING_SIZE);
> > >> ++ if (nanstr == NULL)
> > >> ++ {
> > >> ++ puts ("malloc failed, cannot test");
> > >> ++ return 77;
> > >> ++ }
> > >> ++ memset (nanstr, '0', STRING_SIZE - 1);
> > >> ++ nanstr[STRING_SIZE - 1] = 0;
> > >> ++#define NAN_TEST(TYPE, FUNC) \
> > >> ++ do \
> > >> ++ { \
> > >> ++ char *volatile p = nanstr; \
> > >> ++ volatile TYPE v = FUNC (p); \
> > >> ++ if (isnan (v)) \
> > >> ++ puts ("PASS: " #FUNC); \
> > >> ++ else \
> > >> ++ { \
> > >> ++ puts ("FAIL: " #FUNC); \
> > >> ++ result = 1; \
> > >> ++ } \
> > >> ++ } \
> > >> ++ while (0)
> > >> ++ NAN_TEST (float, nanf);
> > >> ++ NAN_TEST (double, nan);
> > >> ++#ifndef NO_LONG_DOUBLE
> > >> ++ NAN_TEST (long double, nanl);
> > >> ++#endif
> > >> ++ return result;
> > >> ++}
> > >> ++
> > >> ++#define TEST_FUNCTION do_test ()
> > >> ++#include "../test-skeleton.c"
> > >> +Index: git/math/test-nan-payload.c
> > >> +===================================================================
> > >> +--- /dev/null
> > >> ++++ git/math/test-nan-payload.c
> > >> +@@ -0,0 +1,122 @@
> > >> ++/* Test nan functions payload handling (bug 16961).
> > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > >> ++ This file is part of the GNU C Library.
> > >> ++
> > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > >> ++ modify it under the terms of the GNU Lesser General Public
> > >> ++ License as published by the Free Software Foundation; either
> > >> ++ version 2.1 of the License, or (at your option) any later version.
> > >> ++
> > >> ++ The GNU C Library is distributed in the hope that it will be
> > useful,
> > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > >> ++ Lesser General Public License for more details.
> > >> ++
> > >> ++ You should have received a copy of the GNU Lesser General Public
> > >> ++ License along with the GNU C Library; if not, see
> > >> ++ <http://www.gnu.org/licenses/>. */
> > >> ++
> > >> ++#include <float.h>
> > >> ++#include <math.h>
> > >> ++#include <stdio.h>
> > >> ++#include <stdlib.h>
> > >> ++#include <string.h>
> > >> ++
> > >> ++/* Avoid built-in functions. */
> > >> ++#define WRAP_NAN(FUNC, STR) \
> > >> ++ ({ const char *volatile wns = (STR); FUNC (wns); })
> > >> ++#define WRAP_STRTO(FUNC, STR) \
> > >> ++ ({ const char *volatile wss = (STR); FUNC (wss, NULL); })
> > >> ++
> > >> ++#define CHECK_IS_NAN(TYPE, A) \
> > >> ++ do \
> > >> ++ { \
> > >> ++ if (isnan (A)) \
> > >> ++ puts ("PASS: " #TYPE " " #A); \
> > >> ++ else \
> > >> ++ { \
> > >> ++ puts ("FAIL: " #TYPE " " #A); \
> > >> ++ result = 1; \
> > >> ++ } \
> > >> ++ } \
> > >> ++ while (0)
> > >> ++
> > >> ++#define CHECK_SAME_NAN(TYPE, A, B) \
> > >> ++ do \
> > >> ++ { \
> > >> ++ if (memcmp (&(A), &(B), sizeof (A)) == 0) \
> > >> ++ puts ("PASS: " #TYPE " " #A " = " #B); \
> > >> ++ else \
> > >> ++ { \
> > >> ++ puts ("FAIL: " #TYPE " " #A " = " #B); \
> > >> ++ result = 1; \
> > >> ++ } \
> > >> ++ } \
> > >> ++ while (0)
> > >> ++
> > >> ++#define CHECK_DIFF_NAN(TYPE, A, B) \
> > >> ++ do \
> > >> ++ { \
> > >> ++ if (memcmp (&(A), &(B), sizeof (A)) != 0) \
> > >> ++ puts ("PASS: " #TYPE " " #A " != " #B); \
> > >> ++ else \
> > >> ++ { \
> > >> ++ puts ("FAIL: " #TYPE " " #A " != " #B); \
> > >> ++ result = 1; \
> > >> ++ } \
> > >> ++ } \
> > >> ++ while (0)
> > >> ++
> > >> ++/* Cannot test payloads by memcmp for formats where NaNs have padding
> > >> ++ bits. */
> > >> ++#define CAN_TEST_EQ(MANT_DIG) ((MANT_DIG) != 64 && (MANT_DIG) != 106)
> > >> ++
> > >> ++#define RUN_TESTS(TYPE, SFUNC, FUNC, MANT_DIG) \
> > >> ++ do \
> > >> ++ { \
> > >> ++ TYPE n123 = WRAP_NAN (FUNC, "123"); \
> > >> ++ CHECK_IS_NAN (TYPE, n123); \
> > >> ++ TYPE s123 = WRAP_STRTO (SFUNC, "NAN(123)"); \
> > >> ++ CHECK_IS_NAN (TYPE, s123); \
> > >> ++ TYPE n456 = WRAP_NAN (FUNC, "456"); \
> > >> ++ CHECK_IS_NAN (TYPE, n456); \
> > >> ++ TYPE s456 = WRAP_STRTO (SFUNC, "NAN(456)"); \
> > >> ++ CHECK_IS_NAN (TYPE, s456); \
> > >> ++ TYPE n123x = WRAP_NAN (FUNC, "123)"); \
> > >> ++ CHECK_IS_NAN (TYPE, n123x); \
> > >> ++ TYPE nemp = WRAP_NAN (FUNC, ""); \
> > >> ++ CHECK_IS_NAN (TYPE, nemp); \
> > >> ++ TYPE semp = WRAP_STRTO (SFUNC, "NAN()"); \
> > >> ++ CHECK_IS_NAN (TYPE, semp); \
> > >> ++ TYPE sx = WRAP_STRTO (SFUNC, "NAN"); \
> > >> ++ CHECK_IS_NAN (TYPE, sx); \
> > >> ++ if (CAN_TEST_EQ (MANT_DIG)) \
> > >> ++ CHECK_SAME_NAN (TYPE, n123, s123); \
> > >> ++ if (CAN_TEST_EQ (MANT_DIG)) \
> > >> ++ CHECK_SAME_NAN (TYPE, n456, s456); \
> > >> ++ if (CAN_TEST_EQ (MANT_DIG)) \
> > >> ++ CHECK_SAME_NAN (TYPE, nemp, semp); \
> > >> ++ if (CAN_TEST_EQ (MANT_DIG)) \
> > >> ++ CHECK_SAME_NAN (TYPE, n123x, sx); \
> > >> ++ CHECK_DIFF_NAN (TYPE, n123, n456); \
> > >> ++ CHECK_DIFF_NAN (TYPE, n123, nemp); \
> > >> ++ CHECK_DIFF_NAN (TYPE, n123, n123x); \
> > >> ++ CHECK_DIFF_NAN (TYPE, n456, nemp); \
> > >> ++ CHECK_DIFF_NAN (TYPE, n456, n123x); \
> > >> ++ } \
> > >> ++ while (0)
> > >> ++
> > >> ++static int
> > >> ++do_test (void)
> > >> ++{
> > >> ++ int result = 0;
> > >> ++ RUN_TESTS (float, strtof, nanf, FLT_MANT_DIG);
> > >> ++ RUN_TESTS (double, strtod, nan, DBL_MANT_DIG);
> > >> ++#ifndef NO_LONG_DOUBLE
> > >> ++ RUN_TESTS (long double, strtold, nanl, LDBL_MANT_DIG);
> > >> ++#endif
> > >> ++ return result;
> > >> ++}
> > >> ++
> > >> ++#define TEST_FUNCTION do_test ()
> > >> ++#include "../test-skeleton.c"
> > >> +Index: git/stdlib/Versions
> > >> +===================================================================
> > >> +--- git.orig/stdlib/Versions
> > >> ++++ git/stdlib/Versions
> > >> +@@ -118,5 +118,6 @@ libc {
> > >> + # Used from other libraries
> > >> + __libc_secure_getenv;
> > >> + __call_tls_dtors;
> > >> ++ __strtof_nan; __strtod_nan; __strtold_nan;
> > >> + }
> > >> + }
> > >> +Index: git/math/Makefile
> > >> +===================================================================
> > >> +--- git.orig/math/Makefile
> > >> ++++ git/math/Makefile
> > >> +@@ -92,7 +92,9 @@ tests = test-matherr test-fenv atest-exp
> > >> + test-misc test-fpucw test-fpucw-ieee tst-definitions test-tgmath \
> > >> + test-tgmath-ret bug-nextafter bug-nexttoward bug-tgmath1 \
> > >> + test-tgmath-int test-tgmath2 test-powl tst-CMPLX tst-CMPLX2
> > test-snan \
> > >> +- test-fenv-tls test-fenv-preserve test-fenv-return $(tests-static)
> > >> ++ test-fenv-tls test-fenv-preserve test-fenv-return \
> > >> ++ test-nan-overflow test-nan-payload \
> > >> ++ $(tests-static)
> > >> + tests-static = test-fpucw-static test-fpucw-ieee-static
> > >> + # We do the `long double' tests only if this data type is available
> > and
> > >> + # distinct from `double'.
> > >> diff --git a/meta/recipes-core/glibc/glibc_2.20.bb
> > b/meta/recipes-core/glibc/glibc_2.20.bb
> > >> index af568d9..d099d5d 100644
> > >> --- a/meta/recipes-core/glibc/glibc_2.20.bb
> > >> +++ b/meta/recipes-core/glibc/glibc_2.20.bb
> > >> @@ -50,6 +50,8 @@ CVEPATCHES = "\
> > >> file://CVE-2015-7547.patch \
> > >> file://CVE-2015-8777.patch \
> > >> file://CVE-2015-8779.patch \
> > >> + file://CVE-2015-9761_1.patch \
> > >> + file://CVE-2015-9761_2.patch \
> > >> "
> > >>
> > >> LIC_FILES_CHKSUM =
> > "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
> > >> --
> > >> 2.3.5
> > >>
> > >> --
> > >> _______________________________________________
> > >> Openembedded-core mailing list
> > >> Openembedded-core@lists.openembedded.org
> > >> http://lists.openembedded.org/mailman/listinfo/openembedded-core
> > >
> >
--
Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 188 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [dizzy][PATCH 3/4] glibc: CVE-2015-9761
2016-03-11 13:58 ` Martin Jansa
@ 2016-03-17 15:48 ` Martin Jansa
2016-03-22 0:42 ` akuster808
1 sibling, 0 replies; 9+ messages in thread
From: Martin Jansa @ 2016-03-17 15:48 UTC (permalink / raw)
To: akuster@mvista; +Cc: Patches and discussions about the oe-core layer
[-- Attachment #1: Type: text/plain, Size: 78744 bytes --]
On Fri, Mar 11, 2016 at 02:58:57PM +0100, Martin Jansa wrote:
> On Thu, Mar 03, 2016 at 09:47:11PM +0100, Martin Jansa wrote:
> > I was asking you about the CVE number (but I realize it was already merged
> > in other branches with wrong number so maybe it will be less confusing use
> > the same in Dizzy)
> >
> > And "please merge" was informal
> > Acked-by: Martin Jansa <Martin.Jansa@gmail.com>
> >
> > after testing this series in our Dizzy based builds.
>
> Any ETA on getting these in dizzy branch?
>
> I know that everybody is busy with Mx release, I just need the ETA to
> decide if
> 1) we'll upgrade oe-core now with only the first security fix
> and upgrade again later when these are merged
> 2) we'll upgrade oe-core now with only the first security fix
> and backport other 4 fixes in our internal layer - and remove these
> backports in next oe-core upgrade when these are merged
> 3) we'll wait a bit more to get all 5 fixes in one oe-core upgrade
>
> I've already tested all 5 in our builds, only issue I've noticed
> is incorrect CVE number used in patches as reported.
ping
>
> > On Thu, Mar 3, 2016 at 9:35 PM, akuster@mvista <akuster@mvista.com> wrote:
> >
> > > On 3/3/16 12:16 AM, Martin Jansa wrote:
> > > > On Sun, Feb 28, 2016 at 10:53:34AM -0800, Armin Kuster wrote:
> > > >> From: Armin Kuster <akuster@mvista.com>
> > > >
> > > > I think this is 2014-9761 not 2015-9761
> > > >
> > > > But other than that please merge this series.
> > >
> > > Are you asking me? I don't have write perms.
> > >
> > > - armin
> > > >
> > > >> A stack overflow vulnerability was found in nan* functions that could
> > > cause
> > > >> applications which process long strings with the nan function to crash
> > > or,
> > > >> potentially, execute arbitrary code.
> > > >>
> > > >> (From OE-Core rev: fd3da8178c8c06b549dbc19ecec40e98ab934d49)
> > > >>
> > > >> Signed-off-by: Armin Kuster <akuster@mvista.com>
> > > >> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
> > > >> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > > >> Signed-off-by: Armin Kuster <akuster@mvista.com>
> > > >> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > > >> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> > > >> ---
> > > >> .../recipes-core/glibc/glibc/CVE-2015-9761_1.patch | 1039
> > > ++++++++++++++++++++
> > > >> .../recipes-core/glibc/glibc/CVE-2015-9761_2.patch | 388 ++++++++
> > > >> meta/recipes-core/glibc/glibc_2.20.bb | 2 +
> > > >> 3 files changed, 1429 insertions(+)
> > > >> create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
> > > >> create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
> > > >>
> > > >> diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
> > > b/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
> > > >> new file mode 100644
> > > >> index 0000000..3aca913
> > > >> --- /dev/null
> > > >> +++ b/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
> > > >> @@ -0,0 +1,1039 @@
> > > >> +From e02cabecf0d025ec4f4ddee290bdf7aadb873bb3 Mon Sep 17 00:00:00 2001
> > > >> +From: Joseph Myers <joseph@codesourcery.com>
> > > >> +Date: Tue, 24 Nov 2015 22:24:52 +0000
> > > >> +Subject: [PATCH] Refactor strtod parsing of NaN payloads.
> > > >> +
> > > >> +The nan* functions handle their string argument by constructing a
> > > >> +NAN(...) string on the stack as a VLA and passing it to strtod
> > > >> +functions.
> > > >> +
> > > >> +This approach has problems discussed in bug 16961 and bug 16962: the
> > > >> +stack usage is unbounded, and it gives incorrect results in certain
> > > >> +cases where the argument is not a valid n-char-sequence.
> > > >> +
> > > >> +The natural fix for both issues is to refactor the NaN payload parsing
> > > >> +out of strtod into a separate function that the nan* functions can
> > > >> +call directly, so that no temporary string needs constructing on the
> > > >> +stack at all. This patch does that refactoring in preparation for
> > > >> +fixing those bugs (but without actually using the new functions from
> > > >> +nan* - which will also require exporting them from libc at version
> > > >> +GLIBC_PRIVATE). This patch is not intended to change any user-visible
> > > >> +behavior, so no tests are added (fixes for the above bugs will of
> > > >> +course add tests for them).
> > > >> +
> > > >> +This patch builds on my recent fixes for strtol and strtod issues in
> > > >> +Turkish locales. Given those fixes, the parsing of NaN payloads is
> > > >> +locale-independent; thus, the new functions do not need to take a
> > > >> +locale_t argument.
> > > >> +
> > > >> +Tested for x86_64, x86, mips64 and powerpc.
> > > >> +
> > > >> + * stdlib/strtod_nan.c: New file.
> > > >> + * stdlib/strtod_nan_double.h: Likewise.
> > > >> + * stdlib/strtod_nan_float.h: Likewise.
> > > >> + * stdlib/strtod_nan_main.c: Likewise.
> > > >> + * stdlib/strtod_nan_narrow.h: Likewise.
> > > >> + * stdlib/strtod_nan_wide.h: Likewise.
> > > >> + * stdlib/strtof_nan.c: Likewise.
> > > >> + * stdlib/strtold_nan.c: Likewise.
> > > >> + * sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h: Likewise.
> > > >> + * sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h: Likewise.
> > > >> + * sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h: Likewise.
> > > >> + * wcsmbs/wcstod_nan.c: Likewise.
> > > >> + * wcsmbs/wcstof_nan.c: Likewise.
> > > >> + * wcsmbs/wcstold_nan.c: Likewise.
> > > >> + * stdlib/Makefile (routines): Add strtof_nan, strtod_nan and
> > > >> + strtold_nan.
> > > >> + * wcsmbs/Makefile (routines): Add wcstod_nan, wcstold_nan and
> > > >> + wcstof_nan.
> > > >> + * include/stdlib.h (__strtof_nan): Declare and use
> > > >> + libc_hidden_proto.
> > > >> + (__strtod_nan): Likewise.
> > > >> + (__strtold_nan): Likewise.
> > > >> + (__wcstof_nan): Likewise.
> > > >> + (__wcstod_nan): Likewise.
> > > >> + (__wcstold_nan): Likewise.
> > > >> + * include/wchar.h (____wcstoull_l_internal): Declare.
> > > >> + * stdlib/strtod_l.c: Do not include <ieee754.h>.
> > > >> + (____strtoull_l_internal): Remove declaration.
> > > >> + (STRTOF_NAN): Define macro.
> > > >> + (SET_MANTISSA): Remove macro.
> > > >> + (STRTOULL): Likewise.
> > > >> + (____STRTOF_INTERNAL): Use STRTOF_NAN to parse NaN payload.
> > > >> + * stdlib/strtof_l.c (____strtoull_l_internal): Remove declaration.
> > > >> + (STRTOF_NAN): Define macro.
> > > >> + (SET_MANTISSA): Remove macro.
> > > >> + * sysdeps/ieee754/ldbl-128/strtold_l.c (STRTOF_NAN): Define macro.
> > > >> + (SET_MANTISSA): Remove macro.
> > > >> + * sysdeps/ieee754/ldbl-128ibm/strtold_l.c (STRTOF_NAN): Define
> > > >> + macro.
> > > >> + (SET_MANTISSA): Remove macro.
> > > >> + * sysdeps/ieee754/ldbl-64-128/strtold_l.c (STRTOF_NAN): Define
> > > >> + macro.
> > > >> + (SET_MANTISSA): Remove macro.
> > > >> + * sysdeps/ieee754/ldbl-96/strtold_l.c (STRTOF_NAN): Define macro.
> > > >> + (SET_MANTISSA): Remove macro.
> > > >> + * wcsmbs/wcstod_l.c (____wcstoull_l_internal): Remove declaration.
> > > >> + * wcsmbs/wcstof_l.c (____wcstoull_l_internal): Likewise.
> > > >> + * wcsmbs/wcstold_l.c (____wcstoull_l_internal): Likewise.
> > > >> +
> > > >> +Upstream-Status: Backport
> > > >> +CVE: CVE-2015-9761 patch #1
> > > >> +[Yocto # 8980]
> > > >> +
> > > >> +
> > > https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02cabecf0d025ec4f4ddee290bdf7aadb873bb3
> > > >> +
> > > >> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> > > >> +
> > > >> +---
> > > >> + ChangeLog | 49
> > > ++++++++++++++++++
> > > >> + include/stdlib.h | 18 +++++++
> > > >> + include/wchar.h | 3 ++
> > > >> + stdlib/Makefile | 1 +
> > > >> + stdlib/strtod_l.c | 48
> > > ++++--------------
> > > >> + stdlib/strtod_nan.c | 24 +++++++++
> > > >> + stdlib/strtod_nan_double.h | 30 +++++++++++
> > > >> + stdlib/strtod_nan_float.h | 29 +++++++++++
> > > >> + stdlib/strtod_nan_main.c | 63
> > > ++++++++++++++++++++++++
> > > >> + stdlib/strtod_nan_narrow.h | 22 +++++++++
> > > >> + stdlib/strtod_nan_wide.h | 22 +++++++++
> > > >> + stdlib/strtof_l.c | 11 +----
> > > >> + stdlib/strtof_nan.c | 24 +++++++++
> > > >> + stdlib/strtold_nan.c | 30 +++++++++++
> > > >> + sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h | 33 +++++++++++++
> > > >> + sysdeps/ieee754/ldbl-128/strtold_l.c | 13 +----
> > > >> + sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h | 30 +++++++++++
> > > >> + sysdeps/ieee754/ldbl-128ibm/strtold_l.c | 10 +---
> > > >> + sysdeps/ieee754/ldbl-64-128/strtold_l.c | 13 +----
> > > >> + sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h | 30 +++++++++++
> > > >> + sysdeps/ieee754/ldbl-96/strtold_l.c | 10 +---
> > > >> + wcsmbs/Makefile | 1 +
> > > >> + wcsmbs/wcstod_l.c | 3 --
> > > >> + wcsmbs/wcstod_nan.c | 23 +++++++++
> > > >> + wcsmbs/wcstof_l.c | 3 --
> > > >> + wcsmbs/wcstof_nan.c | 23 +++++++++
> > > >> + wcsmbs/wcstold_l.c | 3 --
> > > >> + wcsmbs/wcstold_nan.c | 30 +++++++++++
> > > >> + 28 files changed, 504 insertions(+), 95 deletions(-)
> > > >> + create mode 100644 stdlib/strtod_nan.c
> > > >> + create mode 100644 stdlib/strtod_nan_double.h
> > > >> + create mode 100644 stdlib/strtod_nan_float.h
> > > >> + create mode 100644 stdlib/strtod_nan_main.c
> > > >> + create mode 100644 stdlib/strtod_nan_narrow.h
> > > >> + create mode 100644 stdlib/strtod_nan_wide.h
> > > >> + create mode 100644 stdlib/strtof_nan.c
> > > >> + create mode 100644 stdlib/strtold_nan.c
> > > >> + create mode 100644 sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
> > > >> + create mode 100644 sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
> > > >> + create mode 100644 sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
> > > >> + create mode 100644 wcsmbs/wcstod_nan.c
> > > >> + create mode 100644 wcsmbs/wcstof_nan.c
> > > >> + create mode 100644 wcsmbs/wcstold_nan.c
> > > >> +
> > > >> +Index: git/include/stdlib.h
> > > >> +===================================================================
> > > >> +--- git.orig/include/stdlib.h
> > > >> ++++ git/include/stdlib.h
> > > >> +@@ -203,6 +203,24 @@ libc_hidden_proto (strtoll)
> > > >> + libc_hidden_proto (strtoul)
> > > >> + libc_hidden_proto (strtoull)
> > > >> +
> > > >> ++extern float __strtof_nan (const char *, char **, char)
> > > internal_function;
> > > >> ++extern double __strtod_nan (const char *, char **, char)
> > > internal_function;
> > > >> ++extern long double __strtold_nan (const char *, char **, char)
> > > >> ++ internal_function;
> > > >> ++extern float __wcstof_nan (const wchar_t *, wchar_t **, wchar_t)
> > > >> ++ internal_function;
> > > >> ++extern double __wcstod_nan (const wchar_t *, wchar_t **, wchar_t)
> > > >> ++ internal_function;
> > > >> ++extern long double __wcstold_nan (const wchar_t *, wchar_t **,
> > > wchar_t)
> > > >> ++ internal_function;
> > > >> ++
> > > >> ++libc_hidden_proto (__strtof_nan)
> > > >> ++libc_hidden_proto (__strtod_nan)
> > > >> ++libc_hidden_proto (__strtold_nan)
> > > >> ++libc_hidden_proto (__wcstof_nan)
> > > >> ++libc_hidden_proto (__wcstod_nan)
> > > >> ++libc_hidden_proto (__wcstold_nan)
> > > >> ++
> > > >> + extern char *__ecvt (double __value, int __ndigit, int *__restrict
> > > __decpt,
> > > >> + int *__restrict __sign);
> > > >> + extern char *__fcvt (double __value, int __ndigit, int *__restrict
> > > __decpt,
> > > >> +Index: git/include/wchar.h
> > > >> +===================================================================
> > > >> +--- git.orig/include/wchar.h
> > > >> ++++ git/include/wchar.h
> > > >> +@@ -52,6 +52,9 @@ extern unsigned long long int __wcstoull
> > > >> + __restrict __endptr,
> > > >> + int __base,
> > > >> + int __group) __THROW;
> > > >> ++extern unsigned long long int ____wcstoull_l_internal (const wchar_t
> > > *,
> > > >> ++ wchar_t **, int,
> > > int,
> > > >> ++ __locale_t);
> > > >> + libc_hidden_proto (__wcstof_internal)
> > > >> + libc_hidden_proto (__wcstod_internal)
> > > >> + libc_hidden_proto (__wcstold_internal)
> > > >> +Index: git/stdlib/Makefile
> > > >> +===================================================================
> > > >> +--- git.orig/stdlib/Makefile
> > > >> ++++ git/stdlib/Makefile
> > > >> +@@ -51,6 +51,7 @@ routines-y :=
> > > \
> > > >> + strtol_l strtoul_l strtoll_l strtoull_l
> > > \
> > > >> + strtof strtod strtold
> > > \
> > > >> + strtof_l strtod_l strtold_l
> > > \
> > > >> ++ strtof_nan strtod_nan strtold_nan
> > > \
> > > >> + system canonicalize
> > > \
> > > >> + a64l l64a
> > > \
> > > >> + getsubopt xpg_basename
> > > \
> > > >> +Index: git/stdlib/strtod_l.c
> > > >> +===================================================================
> > > >> +--- git.orig/stdlib/strtod_l.c
> > > >> ++++ git/stdlib/strtod_l.c
> > > >> +@@ -21,8 +21,6 @@
> > > >> + #include <xlocale.h>
> > > >> +
> > > >> + extern double ____strtod_l_internal (const char *, char **, int,
> > > __locale_t);
> > > >> +-extern unsigned long long int ____strtoull_l_internal (const char *,
> > > char **,
> > > >> +- int, int,
> > > __locale_t);
> > > >> +
> > > >> + /* Configuration part. These macros are defined by `strtold.c',
> > > >> + `strtof.c', `wcstod.c', `wcstold.c', and `wcstof.c' to produce the
> > > >> +@@ -34,27 +32,20 @@ extern unsigned long long int ____strtou
> > > >> + # ifdef USE_WIDE_CHAR
> > > >> + # define STRTOF wcstod_l
> > > >> + # define __STRTOF __wcstod_l
> > > >> ++# define STRTOF_NAN __wcstod_nan
> > > >> + # else
> > > >> + # define STRTOF strtod_l
> > > >> + # define __STRTOF __strtod_l
> > > >> ++# define STRTOF_NAN __strtod_nan
> > > >> + # endif
> > > >> + # define MPN2FLOAT __mpn_construct_double
> > > >> + # define FLOAT_HUGE_VAL HUGE_VAL
> > > >> +-# define SET_MANTISSA(flt, mant) \
> > > >> +- do { union ieee754_double u;
> > > \
> > > >> +- u.d = (flt);
> > > \
> > > >> +- u.ieee_nan.mantissa0 = (mant) >> 32;
> > > \
> > > >> +- u.ieee_nan.mantissa1 = (mant);
> > > \
> > > >> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0)
> > > \
> > > >> +- (flt) = u.d;
> > > \
> > > >> +- } while (0)
> > > >> + #endif
> > > >> + /* End of configuration part. */
> > > >> +
> > > >> + #include <ctype.h>
> > > >> + #include <errno.h>
> > > >> + #include <float.h>
> > > >> +-#include <ieee754.h>
> > > >> + #include "../locale/localeinfo.h"
> > > >> + #include <locale.h>
> > > >> + #include <math.h>
> > > >> +@@ -105,7 +96,6 @@ extern unsigned long long int ____strtou
> > > >> + # define TOLOWER_C(Ch) __towlower_l ((Ch), _nl_C_locobj_ptr)
> > > >> + # define STRNCASECMP(S1, S2, N) \
> > > >> + __wcsncasecmp_l ((S1), (S2), (N), _nl_C_locobj_ptr)
> > > >> +-# define STRTOULL(S, E, B) ____wcstoull_l_internal ((S), (E), (B), 0,
> > > loc)
> > > >> + #else
> > > >> + # define STRING_TYPE char
> > > >> + # define CHAR_TYPE char
> > > >> +@@ -117,7 +107,6 @@ extern unsigned long long int ____strtou
> > > >> + # define TOLOWER_C(Ch) __tolower_l ((Ch), _nl_C_locobj_ptr)
> > > >> + # define STRNCASECMP(S1, S2, N) \
> > > >> + __strncasecmp_l ((S1), (S2), (N), _nl_C_locobj_ptr)
> > > >> +-# define STRTOULL(S, E, B) ____strtoull_l_internal ((S), (E), (B), 0,
> > > loc)
> > > >> + #endif
> > > >> +
> > > >> +
> > > >> +@@ -668,33 +657,14 @@ ____STRTOF_INTERNAL (nptr, endptr, group
> > > >> + if (*cp == L_('('))
> > > >> + {
> > > >> + const STRING_TYPE *startp = cp;
> > > >> +- do
> > > >> +- ++cp;
> > > >> +- while ((*cp >= L_('0') && *cp <= L_('9'))
> > > >> +- || ({ CHAR_TYPE lo = TOLOWER (*cp);
> > > >> +- lo >= L_('a') && lo <= L_('z'); })
> > > >> +- || *cp == L_('_'));
> > > >> +-
> > > >> +- if (*cp != L_(')'))
> > > >> +- /* The closing brace is missing. Only match the NAN
> > > >> +- part. */
> > > >> +- cp = startp;
> > > >> ++ STRING_TYPE *endp;
> > > >> ++ retval = STRTOF_NAN (cp + 1, &endp, L_(')'));
> > > >> ++ if (*endp == L_(')'))
> > > >> ++ /* Consume the closing parenthesis. */
> > > >> ++ cp = endp + 1;
> > > >> + else
> > > >> +- {
> > > >> +- /* This is a system-dependent way to specify the
> > > >> +- bitmask used for the NaN. We expect it to be
> > > >> +- a number which is put in the mantissa of the
> > > >> +- number. */
> > > >> +- STRING_TYPE *endp;
> > > >> +- unsigned long long int mant;
> > > >> +-
> > > >> +- mant = STRTOULL (startp + 1, &endp, 0);
> > > >> +- if (endp == cp)
> > > >> +- SET_MANTISSA (retval, mant);
> > > >> +-
> > > >> +- /* Consume the closing brace. */
> > > >> +- ++cp;
> > > >> +- }
> > > >> ++ /* Only match the NAN part. */
> > > >> ++ cp = startp;
> > > >> + }
> > > >> +
> > > >> + if (endptr != NULL)
> > > >> +Index: git/stdlib/strtod_nan.c
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/stdlib/strtod_nan.c
> > > >> +@@ -0,0 +1,24 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. Narrow
> > > >> ++ strings, double.
> > > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#include <strtod_nan_narrow.h>
> > > >> ++#include <strtod_nan_double.h>
> > > >> ++
> > > >> ++#define STRTOD_NAN __strtod_nan
> > > >> ++#include <strtod_nan_main.c>
> > > >> +Index: git/stdlib/strtod_nan_double.h
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/stdlib/strtod_nan_double.h
> > > >> +@@ -0,0 +1,30 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. For double.
> > > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#define FLOAT double
> > > >> ++#define SET_MANTISSA(flt, mant) \
> > > >> ++ do \
> > > >> ++ { \
> > > >> ++ union ieee754_double u; \
> > > >> ++ u.d = (flt); \
> > > >> ++ u.ieee_nan.mantissa0 = (mant) >> 32; \
> > > >> ++ u.ieee_nan.mantissa1 = (mant); \
> > > >> ++ if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
> > > >> ++ (flt) = u.d; \
> > > >> ++ } \
> > > >> ++ while (0)
> > > >> +Index: git/stdlib/strtod_nan_float.h
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/stdlib/strtod_nan_float.h
> > > >> +@@ -0,0 +1,29 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. For float.
> > > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#define FLOAT float
> > > >> ++#define SET_MANTISSA(flt, mant) \
> > > >> ++ do \
> > > >> ++ { \
> > > >> ++ union ieee754_float u; \
> > > >> ++ u.f = (flt); \
> > > >> ++ u.ieee_nan.mantissa = (mant); \
> > > >> ++ if (u.ieee.mantissa != 0) \
> > > >> ++ (flt) = u.f; \
> > > >> ++ } \
> > > >> ++ while (0)
> > > >> +Index: git/stdlib/strtod_nan_main.c
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/stdlib/strtod_nan_main.c
> > > >> +@@ -0,0 +1,63 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN.
> > > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#include <ieee754.h>
> > > >> ++#include <locale.h>
> > > >> ++#include <math.h>
> > > >> ++#include <stdlib.h>
> > > >> ++#include <wchar.h>
> > > >> ++
> > > >> ++
> > > >> ++/* If STR starts with an optional n-char-sequence as defined by ISO C
> > > >> ++ (a sequence of ASCII letters, digits and underscores), followed by
> > > >> ++ ENDC, return a NaN whose payload is set based on STR. Otherwise,
> > > >> ++ return a default NAN. If ENDPTR is not NULL, set *ENDPTR to point
> > > >> ++ to the character after the initial n-char-sequence. */
> > > >> ++
> > > >> ++internal_function
> > > >> ++FLOAT
> > > >> ++STRTOD_NAN (const STRING_TYPE *str, STRING_TYPE **endptr, STRING_TYPE
> > > endc)
> > > >> ++{
> > > >> ++ const STRING_TYPE *cp = str;
> > > >> ++
> > > >> ++ while ((*cp >= L_('0') && *cp <= L_('9'))
> > > >> ++ || (*cp >= L_('A') && *cp <= L_('Z'))
> > > >> ++ || (*cp >= L_('a') && *cp <= L_('z'))
> > > >> ++ || *cp == L_('_'))
> > > >> ++ ++cp;
> > > >> ++
> > > >> ++ FLOAT retval = NAN;
> > > >> ++ if (*cp != endc)
> > > >> ++ goto out;
> > > >> ++
> > > >> ++ /* This is a system-dependent way to specify the bitmask used for
> > > >> ++ the NaN. We expect it to be a number which is put in the
> > > >> ++ mantissa of the number. */
> > > >> ++ STRING_TYPE *endp;
> > > >> ++ unsigned long long int mant;
> > > >> ++
> > > >> ++ mant = STRTOULL (str, &endp, 0);
> > > >> ++ if (endp == cp)
> > > >> ++ SET_MANTISSA (retval, mant);
> > > >> ++
> > > >> ++ out:
> > > >> ++ if (endptr != NULL)
> > > >> ++ *endptr = (STRING_TYPE *) cp;
> > > >> ++ return retval;
> > > >> ++}
> > > >> ++libc_hidden_def (STRTOD_NAN)
> > > >> +Index: git/stdlib/strtod_nan_narrow.h
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/stdlib/strtod_nan_narrow.h
> > > >> +@@ -0,0 +1,22 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. Narrow
> > > strings.
> > > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#define STRING_TYPE char
> > > >> ++#define L_(Ch) Ch
> > > >> ++#define STRTOULL(S, E, B) ____strtoull_l_internal ((S), (E), (B), 0,
> > > \
> > > >> ++ _nl_C_locobj_ptr)
> > > >> +Index: git/stdlib/strtod_nan_wide.h
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/stdlib/strtod_nan_wide.h
> > > >> +@@ -0,0 +1,22 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. Wide strings.
> > > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#define STRING_TYPE wchar_t
> > > >> ++#define L_(Ch) L##Ch
> > > >> ++#define STRTOULL(S, E, B) ____wcstoull_l_internal ((S), (E), (B), 0,
> > > \
> > > >> ++ _nl_C_locobj_ptr)
> > > >> +Index: git/stdlib/strtof_l.c
> > > >> +===================================================================
> > > >> +--- git.orig/stdlib/strtof_l.c
> > > >> ++++ git/stdlib/strtof_l.c
> > > >> +@@ -20,26 +20,19 @@
> > > >> + #include <xlocale.h>
> > > >> +
> > > >> + extern float ____strtof_l_internal (const char *, char **, int,
> > > __locale_t);
> > > >> +-extern unsigned long long int ____strtoull_l_internal (const char *,
> > > char **,
> > > >> +- int, int,
> > > __locale_t);
> > > >> +
> > > >> + #define FLOAT float
> > > >> + #define FLT FLT
> > > >> + #ifdef USE_WIDE_CHAR
> > > >> + # define STRTOF wcstof_l
> > > >> + # define __STRTOF __wcstof_l
> > > >> ++# define STRTOF_NAN __wcstof_nan
> > > >> + #else
> > > >> + # define STRTOF strtof_l
> > > >> + # define __STRTOF __strtof_l
> > > >> ++# define STRTOF_NAN __strtof_nan
> > > >> + #endif
> > > >> + #define MPN2FLOAT __mpn_construct_float
> > > >> + #define FLOAT_HUGE_VAL HUGE_VALF
> > > >> +-#define SET_MANTISSA(flt, mant) \
> > > >> +- do { union ieee754_float u;
> > > \
> > > >> +- u.f = (flt);
> > > \
> > > >> +- u.ieee_nan.mantissa = (mant);
> > > \
> > > >> +- if (u.ieee.mantissa != 0)
> > > \
> > > >> +- (flt) = u.f;
> > > \
> > > >> +- } while (0)
> > > >> +
> > > >> + #include "strtod_l.c"
> > > >> +Index: git/stdlib/strtof_nan.c
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/stdlib/strtof_nan.c
> > > >> +@@ -0,0 +1,24 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. Narrow
> > > >> ++ strings, float.
> > > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#include <strtod_nan_narrow.h>
> > > >> ++#include <strtod_nan_float.h>
> > > >> ++
> > > >> ++#define STRTOD_NAN __strtof_nan
> > > >> ++#include <strtod_nan_main.c>
> > > >> +Index: git/stdlib/strtold_nan.c
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/stdlib/strtold_nan.c
> > > >> +@@ -0,0 +1,30 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. Narrow
> > > >> ++ strings, long double.
> > > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#include <math.h>
> > > >> ++
> > > >> ++/* This function is unused if long double and double have the same
> > > >> ++ representation. */
> > > >> ++#ifndef __NO_LONG_DOUBLE_MATH
> > > >> ++# include <strtod_nan_narrow.h>
> > > >> ++# include <strtod_nan_ldouble.h>
> > > >> ++
> > > >> ++# define STRTOD_NAN __strtold_nan
> > > >> ++# include <strtod_nan_main.c>
> > > >> ++#endif
> > > >> +Index: git/sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
> > > >> +@@ -0,0 +1,33 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. For ldbl-128.
> > > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#define FLOAT long double
> > > >> ++#define SET_MANTISSA(flt, mant) \
> > > >> ++ do \
> > > >> ++ { \
> > > >> ++ union ieee854_long_double u; \
> > > >> ++ u.d = (flt); \
> > > >> ++ u.ieee_nan.mantissa0 = 0; \
> > > >> ++ u.ieee_nan.mantissa1 = 0; \
> > > >> ++ u.ieee_nan.mantissa2 = (mant) >> 32; \
> > > >> ++ u.ieee_nan.mantissa3 = (mant); \
> > > >> ++ if ((u.ieee.mantissa0 | u.ieee.mantissa1 \
> > > >> ++ | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \
> > > >> ++ (flt) = u.d; \
> > > >> ++ } \
> > > >> ++ while (0)
> > > >> +Index: git/sysdeps/ieee754/ldbl-128/strtold_l.c
> > > >> +===================================================================
> > > >> +--- git.orig/sysdeps/ieee754/ldbl-128/strtold_l.c
> > > >> ++++ git/sysdeps/ieee754/ldbl-128/strtold_l.c
> > > >> +@@ -25,22 +25,13 @@
> > > >> + #ifdef USE_WIDE_CHAR
> > > >> + # define STRTOF wcstold_l
> > > >> + # define __STRTOF __wcstold_l
> > > >> ++# define STRTOF_NAN __wcstold_nan
> > > >> + #else
> > > >> + # define STRTOF strtold_l
> > > >> + # define __STRTOF __strtold_l
> > > >> ++# define STRTOF_NAN __strtold_nan
> > > >> + #endif
> > > >> + #define MPN2FLOAT __mpn_construct_long_double
> > > >> + #define FLOAT_HUGE_VAL HUGE_VALL
> > > >> +-#define SET_MANTISSA(flt, mant) \
> > > >> +- do { union ieee854_long_double u;
> > > \
> > > >> +- u.d = (flt);
> > > \
> > > >> +- u.ieee_nan.mantissa0 = 0;
> > > \
> > > >> +- u.ieee_nan.mantissa1 = 0;
> > > \
> > > >> +- u.ieee_nan.mantissa2 = (mant) >> 32;
> > > \
> > > >> +- u.ieee_nan.mantissa3 = (mant);
> > > \
> > > >> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1
> > > \
> > > >> +- | u.ieee.mantissa2 | u.ieee.mantissa3) != 0)
> > > \
> > > >> +- (flt) = u.d;
> > > \
> > > >> +- } while (0)
> > > >> +
> > > >> + #include <strtod_l.c>
> > > >> +Index: git/sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
> > > >> +@@ -0,0 +1,30 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. For
> > > ldbl-128ibm.
> > > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#define FLOAT long double
> > > >> ++#define SET_MANTISSA(flt, mant) \
> > > >> ++ do \
> > > >> ++ { \
> > > >> ++ union ibm_extended_long_double u; \
> > > >> ++ u.ld = (flt); \
> > > >> ++ u.d[0].ieee_nan.mantissa0 = (mant) >> 32; \
> > > >> ++ u.d[0].ieee_nan.mantissa1 = (mant); \
> > > >> ++ if ((u.d[0].ieee.mantissa0 | u.d[0].ieee.mantissa1) != 0) \
> > > >> ++ (flt) = u.ld; \
> > > >> ++ } \
> > > >> ++ while (0)
> > > >> +Index: git/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
> > > >> +===================================================================
> > > >> +--- git.orig/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
> > > >> ++++ git/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
> > > >> +@@ -30,25 +30,19 @@ extern long double ____new_wcstold_l (co
> > > >> + # define STRTOF __new_wcstold_l
> > > >> + # define __STRTOF ____new_wcstold_l
> > > >> + # define ____STRTOF_INTERNAL ____wcstold_l_internal
> > > >> ++# define STRTOF_NAN __wcstold_nan
> > > >> + #else
> > > >> + extern long double ____new_strtold_l (const char *, char **,
> > > __locale_t);
> > > >> + # define STRTOF __new_strtold_l
> > > >> + # define __STRTOF ____new_strtold_l
> > > >> + # define ____STRTOF_INTERNAL ____strtold_l_internal
> > > >> ++# define STRTOF_NAN __strtold_nan
> > > >> + #endif
> > > >> + extern __typeof (__STRTOF) STRTOF;
> > > >> + libc_hidden_proto (__STRTOF)
> > > >> + libc_hidden_proto (STRTOF)
> > > >> + #define MPN2FLOAT __mpn_construct_long_double
> > > >> + #define FLOAT_HUGE_VAL HUGE_VALL
> > > >> +-# define SET_MANTISSA(flt, mant) \
> > > >> +- do { union ibm_extended_long_double u;
> > > \
> > > >> +- u.ld = (flt);
> > > \
> > > >> +- u.d[0].ieee_nan.mantissa0 = (mant) >> 32;
> > > \
> > > >> +- u.d[0].ieee_nan.mantissa1 = (mant);
> > > \
> > > >> +- if ((u.d[0].ieee.mantissa0 | u.d[0].ieee.mantissa1) != 0)
> > > \
> > > >> +- (flt) = u.ld;
> > > \
> > > >> +- } while (0)
> > > >> +
> > > >> + #include <strtod_l.c>
> > > >> +
> > > >> +Index: git/sysdeps/ieee754/ldbl-64-128/strtold_l.c
> > > >> +===================================================================
> > > >> +--- git.orig/sysdeps/ieee754/ldbl-64-128/strtold_l.c
> > > >> ++++ git/sysdeps/ieee754/ldbl-64-128/strtold_l.c
> > > >> +@@ -30,28 +30,19 @@ extern long double ____new_wcstold_l (co
> > > >> + # define STRTOF __new_wcstold_l
> > > >> + # define __STRTOF ____new_wcstold_l
> > > >> + # define ____STRTOF_INTERNAL ____wcstold_l_internal
> > > >> ++# define STRTOF_NAN __wcstold_nan
> > > >> + #else
> > > >> + extern long double ____new_strtold_l (const char *, char **,
> > > __locale_t);
> > > >> + # define STRTOF __new_strtold_l
> > > >> + # define __STRTOF ____new_strtold_l
> > > >> + # define ____STRTOF_INTERNAL ____strtold_l_internal
> > > >> ++# define STRTOF_NAN __strtold_nan
> > > >> + #endif
> > > >> + extern __typeof (__STRTOF) STRTOF;
> > > >> + libc_hidden_proto (__STRTOF)
> > > >> + libc_hidden_proto (STRTOF)
> > > >> + #define MPN2FLOAT __mpn_construct_long_double
> > > >> + #define FLOAT_HUGE_VAL HUGE_VALL
> > > >> +-#define SET_MANTISSA(flt, mant) \
> > > >> +- do { union ieee854_long_double u;
> > > \
> > > >> +- u.d = (flt);
> > > \
> > > >> +- u.ieee_nan.mantissa0 = 0;
> > > \
> > > >> +- u.ieee_nan.mantissa1 = 0;
> > > \
> > > >> +- u.ieee_nan.mantissa2 = (mant) >> 32;
> > > \
> > > >> +- u.ieee_nan.mantissa3 = (mant);
> > > \
> > > >> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1
> > > \
> > > >> +- | u.ieee.mantissa2 | u.ieee.mantissa3) != 0)
> > > \
> > > >> +- (flt) = u.d;
> > > \
> > > >> +- } while (0)
> > > >> +
> > > >> + #include <strtod_l.c>
> > > >> +
> > > >> +Index: git/sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
> > > >> +@@ -0,0 +1,30 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. For ldbl-96.
> > > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#define FLOAT long double
> > > >> ++#define SET_MANTISSA(flt, mant) \
> > > >> ++ do \
> > > >> ++ { \
> > > >> ++ union ieee854_long_double u; \
> > > >> ++ u.d = (flt); \
> > > >> ++ u.ieee_nan.mantissa0 = (mant) >> 32; \
> > > >> ++ u.ieee_nan.mantissa1 = (mant); \
> > > >> ++ if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
> > > >> ++ (flt) = u.d; \
> > > >> ++ } \
> > > >> ++ while (0)
> > > >> +Index: git/sysdeps/ieee754/ldbl-96/strtold_l.c
> > > >> +===================================================================
> > > >> +--- git.orig/sysdeps/ieee754/ldbl-96/strtold_l.c
> > > >> ++++ git/sysdeps/ieee754/ldbl-96/strtold_l.c
> > > >> +@@ -25,19 +25,13 @@
> > > >> + #ifdef USE_WIDE_CHAR
> > > >> + # define STRTOF wcstold_l
> > > >> + # define __STRTOF __wcstold_l
> > > >> ++# define STRTOF_NAN __wcstold_nan
> > > >> + #else
> > > >> + # define STRTOF strtold_l
> > > >> + # define __STRTOF __strtold_l
> > > >> ++# define STRTOF_NAN __strtold_nan
> > > >> + #endif
> > > >> + #define MPN2FLOAT __mpn_construct_long_double
> > > >> + #define FLOAT_HUGE_VAL HUGE_VALL
> > > >> +-#define SET_MANTISSA(flt, mant) \
> > > >> +- do { union ieee854_long_double u;
> > > \
> > > >> +- u.d = (flt);
> > > \
> > > >> +- u.ieee_nan.mantissa0 = (mant) >> 32;
> > > \
> > > >> +- u.ieee_nan.mantissa1 = (mant);
> > > \
> > > >> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0)
> > > \
> > > >> +- (flt) = u.d;
> > > \
> > > >> +- } while (0)
> > > >> +
> > > >> + #include <stdlib/strtod_l.c>
> > > >> +Index: git/wcsmbs/Makefile
> > > >> +===================================================================
> > > >> +--- git.orig/wcsmbs/Makefile
> > > >> ++++ git/wcsmbs/Makefile
> > > >> +@@ -39,6 +39,7 @@ routines-$(OPTION_POSIX_C_LANG_WIDE_CHAR
> > > >> + wcstol wcstoul wcstoll wcstoull wcstod wcstold wcstof \
> > > >> + wcstol_l wcstoul_l wcstoll_l wcstoull_l \
> > > >> + wcstod_l wcstold_l wcstof_l \
> > > >> ++ wcstod_nan wcstold_nan wcstof_nan \
> > > >> + wcscoll wcsxfrm \
> > > >> + wcwidth wcswidth \
> > > >> + wcscoll_l wcsxfrm_l \
> > > >> +Index: git/wcsmbs/wcstod_l.c
> > > >> +===================================================================
> > > >> +--- git.orig/wcsmbs/wcstod_l.c
> > > >> ++++ git/wcsmbs/wcstod_l.c
> > > >> +@@ -23,9 +23,6 @@
> > > >> +
> > > >> + extern double ____wcstod_l_internal (const wchar_t *, wchar_t **, int,
> > > >> + __locale_t);
> > > >> +-extern unsigned long long int ____wcstoull_l_internal (const wchar_t
> > > *,
> > > >> +- wchar_t **, int,
> > > int,
> > > >> +- __locale_t);
> > > >> +
> > > >> + #define USE_WIDE_CHAR 1
> > > >> +
> > > >> +Index: git/wcsmbs/wcstod_nan.c
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/wcsmbs/wcstod_nan.c
> > > >> +@@ -0,0 +1,23 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. Wide
> > > strings, double.
> > > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#include "../stdlib/strtod_nan_wide.h"
> > > >> ++#include "../stdlib/strtod_nan_double.h"
> > > >> ++
> > > >> ++#define STRTOD_NAN __wcstod_nan
> > > >> ++#include "../stdlib/strtod_nan_main.c"
> > > >> +Index: git/wcsmbs/wcstof_l.c
> > > >> +===================================================================
> > > >> +--- git.orig/wcsmbs/wcstof_l.c
> > > >> ++++ git/wcsmbs/wcstof_l.c
> > > >> +@@ -25,8 +25,5 @@
> > > >> +
> > > >> + extern float ____wcstof_l_internal (const wchar_t *, wchar_t **, int,
> > > >> + __locale_t);
> > > >> +-extern unsigned long long int ____wcstoull_l_internal (const wchar_t
> > > *,
> > > >> +- wchar_t **, int,
> > > int,
> > > >> +- __locale_t);
> > > >> +
> > > >> + #include <stdlib/strtof_l.c>
> > > >> +Index: git/wcsmbs/wcstof_nan.c
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/wcsmbs/wcstof_nan.c
> > > >> +@@ -0,0 +1,23 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. Wide
> > > strings, float.
> > > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#include "../stdlib/strtod_nan_wide.h"
> > > >> ++#include "../stdlib/strtod_nan_float.h"
> > > >> ++
> > > >> ++#define STRTOD_NAN __wcstof_nan
> > > >> ++#include "../stdlib/strtod_nan_main.c"
> > > >> +Index: git/wcsmbs/wcstold_l.c
> > > >> +===================================================================
> > > >> +--- git.orig/wcsmbs/wcstold_l.c
> > > >> ++++ git/wcsmbs/wcstold_l.c
> > > >> +@@ -24,8 +24,5 @@
> > > >> +
> > > >> + extern long double ____wcstold_l_internal (const wchar_t *, wchar_t
> > > **, int,
> > > >> + __locale_t);
> > > >> +-extern unsigned long long int ____wcstoull_l_internal (const wchar_t
> > > *,
> > > >> +- wchar_t **, int,
> > > int,
> > > >> +- __locale_t);
> > > >> +
> > > >> + #include <strtold_l.c>
> > > >> +Index: git/wcsmbs/wcstold_nan.c
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/wcsmbs/wcstold_nan.c
> > > >> +@@ -0,0 +1,30 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. Wide strings,
> > > >> ++ long double.
> > > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#include <math.h>
> > > >> ++
> > > >> ++/* This function is unused if long double and double have the same
> > > >> ++ representation. */
> > > >> ++#ifndef __NO_LONG_DOUBLE_MATH
> > > >> ++# include "../stdlib/strtod_nan_wide.h"
> > > >> ++# include <strtod_nan_ldouble.h>
> > > >> ++
> > > >> ++# define STRTOD_NAN __wcstold_nan
> > > >> ++# include "../stdlib/strtod_nan_main.c"
> > > >> ++#endif
> > > >> +Index: git/ChangeLog
> > > >> +===================================================================
> > > >> +--- git.orig/ChangeLog
> > > >> ++++ git/ChangeLog
> > > >> +@@ -1,3 +1,57 @@
> > > >> ++2015-11-24 Joseph Myers <joseph@codesourcery.com>
> > > >> ++
> > > >> ++ * stdlib/strtod_nan.c: New file.
> > > >> ++ * stdlib/strtod_nan_double.h: Likewise.
> > > >> ++ * stdlib/strtod_nan_float.h: Likewise.
> > > >> ++ * stdlib/strtod_nan_main.c: Likewise.
> > > >> ++ * stdlib/strtod_nan_narrow.h: Likewise.
> > > >> ++ * stdlib/strtod_nan_wide.h: Likewise.
> > > >> ++ * stdlib/strtof_nan.c: Likewise.
> > > >> ++ * stdlib/strtold_nan.c: Likewise.
> > > >> ++ * sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h: Likewise.
> > > >> ++ * sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h: Likewise.
> > > >> ++ * sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h: Likewise.
> > > >> ++ * wcsmbs/wcstod_nan.c: Likewise.
> > > >> ++ * wcsmbs/wcstof_nan.c: Likewise.
> > > >> ++ * wcsmbs/wcstold_nan.c: Likewise.
> > > >> ++ * stdlib/Makefile (routines): Add strtof_nan, strtod_nan and
> > > >> ++ strtold_nan.
> > > >> ++ * wcsmbs/Makefile (routines): Add wcstod_nan, wcstold_nan and
> > > >> ++ wcstof_nan.
> > > >> ++ * include/stdlib.h (__strtof_nan): Declare and use
> > > >> ++ libc_hidden_proto.
> > > >> ++ (__strtod_nan): Likewise.
> > > >> ++ (__strtold_nan): Likewise.
> > > >> ++ (__wcstof_nan): Likewise.
> > > >> ++ (__wcstod_nan): Likewise.
> > > >> ++ (__wcstold_nan): Likewise.
> > > >> ++ * include/wchar.h (____wcstoull_l_internal): Declare.
> > > >> ++ * stdlib/strtod_l.c: Do not include <ieee754.h>.
> > > >> ++ (____strtoull_l_internal): Remove declaration.
> > > >> ++ (STRTOF_NAN): Define macro.
> > > >> ++ (SET_MANTISSA): Remove macro.
> > > >> ++ (STRTOULL): Likewise.
> > > >> ++ (____STRTOF_INTERNAL): Use STRTOF_NAN to parse NaN payload.
> > > >> ++ * stdlib/strtof_l.c (____strtoull_l_internal): Remove declaration.
> > > >> ++ (STRTOF_NAN): Define macro.
> > > >> ++ (SET_MANTISSA): Remove macro.
> > > >> ++ * sysdeps/ieee754/ldbl-128/strtold_l.c (STRTOF_NAN): Define macro.
> > > >> ++ (SET_MANTISSA): Remove macro.
> > > >> ++ * sysdeps/ieee754/ldbl-128ibm/strtold_l.c (STRTOF_NAN): Define
> > > >> ++ macro.
> > > >> ++ (SET_MANTISSA): Remove macro.
> > > >> ++ * sysdeps/ieee754/ldbl-64-128/strtold_l.c (STRTOF_NAN): Define
> > > >> ++ macro.
> > > >> ++ (SET_MANTISSA): Remove macro.
> > > >> ++ * sysdeps/ieee754/ldbl-96/strtold_l.c (STRTOF_NAN): Define macro.
> > > >> ++ (SET_MANTISSA): Remove macro.
> > > >> ++ * wcsmbs/wcstod_l.c (____wcstoull_l_internal): Remove declaration.
> > > >> ++ * wcsmbs/wcstof_l.c (____wcstoull_l_internal): Likewise.
> > > >> ++ * wcsmbs/wcstold_l.c (____wcstoull_l_internal): Likewise.
> > > >> ++
> > > >> ++ [BZ #19266]
> > > >> ++ * stdlib/strtod_l.c (____STRTOF_INTERNAL): Check directly for
> > > >> ++ upper case and lower case letters inside NAN(), not using TOLOWER.
> > > >> + 2015-08-08 Paul Pluzhnikov <ppluzhnikov@google.com>
> > > >> +
> > > >> + [BZ #17905]
> > > >> diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
> > > b/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
> > > >> new file mode 100644
> > > >> index 0000000..0df5e50
> > > >> --- /dev/null
> > > >> +++ b/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
> > > >> @@ -0,0 +1,388 @@
> > > >> +From 8f5e8b01a1da2a207228f2072c934fa5918554b8 Mon Sep 17 00:00:00 2001
> > > >> +From: Joseph Myers <joseph@codesourcery.com>
> > > >> +Date: Fri, 4 Dec 2015 20:36:28 +0000
> > > >> +Subject: [PATCH] Fix nan functions handling of payload strings (bug
> > > 16961, bug
> > > >> + 16962).
> > > >> +
> > > >> +The nan, nanf and nanl functions handle payload strings by doing e.g.:
> > > >> +
> > > >> + if (tagp[0] != '\0')
> > > >> + {
> > > >> + char buf[6 + strlen (tagp)];
> > > >> + sprintf (buf, "NAN(%s)", tagp);
> > > >> + return strtod (buf, NULL);
> > > >> + }
> > > >> +
> > > >> +This is an unbounded stack allocation based on the length of the
> > > >> +argument. Furthermore, if the argument starts with an n-char-sequence
> > > >> +followed by ')', that n-char-sequence is wrongly treated as
> > > >> +significant for determining the payload of the resulting NaN, when ISO
> > > >> +C says the call should be equivalent to strtod ("NAN", NULL), without
> > > >> +being affected by that initial n-char-sequence. This patch fixes both
> > > >> +those problems by using the __strtod_nan etc. functions recently
> > > >> +factored out of strtod etc. for that purpose, with those functions
> > > >> +being exported from libc at version GLIBC_PRIVATE.
> > > >> +
> > > >> +Tested for x86_64, x86, mips64 and powerpc.
> > > >> +
> > > >> + [BZ #16961]
> > > >> + [BZ #16962]
> > > >> + * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
> > > >> + string on the stack for strtod.
> > > >> + * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
> > > >> + a string on the stack for strtof.
> > > >> + * math/s_nanl.c (__nanl): Use __strtold_nan instead of
> > > >> + constructing a string on the stack for strtold.
> > > >> + * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
> > > >> + __strtold_nan to GLIBC_PRIVATE.
> > > >> + * math/test-nan-overflow.c: New file.
> > > >> + * math/test-nan-payload.c: Likewise.
> > > >> + * math/Makefile (tests): Add test-nan-overflow and
> > > >> + test-nan-payload.
> > > >> +
> > > >> +Upstream-Status: Backport
> > > >> +CVE: CVE-2015-9761 patch #2
> > > >> +[Yocto # 8980]
> > > >> +
> > > >> +
> > > https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f5e8b01a1da2a207228f2072c934fa5918554b8
> > > >> +
> > > >> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> > > >> +
> > > >> +---
> > > >> + ChangeLog | 17 +++++++
> > > >> + NEWS | 6 +++
> > > >> + math/Makefile | 3 +-
> > > >> + math/s_nan.c | 9 +---
> > > >> + math/s_nanf.c | 9 +---
> > > >> + math/s_nanl.c | 9 +---
> > > >> + math/test-nan-overflow.c | 66 +++++++++++++++++++++++++
> > > >> + math/test-nan-payload.c | 122
> > > +++++++++++++++++++++++++++++++++++++++++++++++
> > > >> + stdlib/Versions | 1 +
> > > >> + 9 files changed, 217 insertions(+), 25 deletions(-)
> > > >> + create mode 100644 math/test-nan-overflow.c
> > > >> + create mode 100644 math/test-nan-payload.c
> > > >> +
> > > >> +Index: git/ChangeLog
> > > >> +===================================================================
> > > >> +--- git.orig/ChangeLog
> > > >> ++++ git/ChangeLog
> > > >> +@@ -1,3 +1,20 @@
> > > >> ++2015-12-04 Joseph Myers <joseph@codesourcery.com>
> > > >> ++
> > > >> ++ [BZ #16961]
> > > >> ++ [BZ #16962]
> > > >> ++ * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
> > > >> ++ string on the stack for strtod.
> > > >> ++ * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
> > > >> ++ a string on the stack for strtof.
> > > >> ++ * math/s_nanl.c (__nanl): Use __strtold_nan instead of
> > > >> ++ constructing a string on the stack for strtold.
> > > >> ++ * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
> > > >> ++ __strtold_nan to GLIBC_PRIVATE.
> > > >> ++ * math/test-nan-overflow.c: New file.
> > > >> ++ * math/test-nan-payload.c: Likewise.
> > > >> ++ * math/Makefile (tests): Add test-nan-overflow and
> > > >> ++ test-nan-payload.
> > > >> ++
> > > >> + 2015-11-24 Joseph Myers <joseph@codesourcery.com>
> > > >> +
> > > >> + * stdlib/strtod_nan.c: New file.
> > > >> +Index: git/NEWS
> > > >> +===================================================================
> > > >> +--- git.orig/NEWS
> > > >> ++++ git/NEWS
> > > >> +@@ -7,6 +7,12 @@ using `glibc' in the "product" field.
> > > >> +
> > > >> + Version 2.21
> > > >> +
> > > >> ++Security related changes:
> > > >> ++
> > > >> ++* The nan, nanf and nanl functions no longer have unbounded stack
> > > usage
> > > >> ++ depending on the length of the string passed as an argument to the
> > > >> ++ functions. Reported by Joseph Myers.
> > > >> ++
> > > >> + * The following bugs are resolved with this release:
> > > >> +
> > > >> + 6652, 10672, 12674, 12847, 12926, 13862, 14132, 14138, 14171, 14498,
> > > >> +Index: git/math/s_nan.c
> > > >> +===================================================================
> > > >> +--- git.orig/math/s_nan.c
> > > >> ++++ git/math/s_nan.c
> > > >> +@@ -28,14 +28,7 @@
> > > >> + double
> > > >> + __nan (const char *tagp)
> > > >> + {
> > > >> +- if (tagp[0] != '\0')
> > > >> +- {
> > > >> +- char buf[6 + strlen (tagp)];
> > > >> +- sprintf (buf, "NAN(%s)", tagp);
> > > >> +- return strtod (buf, NULL);
> > > >> +- }
> > > >> +-
> > > >> +- return NAN;
> > > >> ++ return __strtod_nan (tagp, NULL, 0);
> > > >> + }
> > > >> + weak_alias (__nan, nan)
> > > >> + #ifdef NO_LONG_DOUBLE
> > > >> +Index: git/math/s_nanf.c
> > > >> +===================================================================
> > > >> +--- git.orig/math/s_nanf.c
> > > >> ++++ git/math/s_nanf.c
> > > >> +@@ -28,13 +28,6 @@
> > > >> + float
> > > >> + __nanf (const char *tagp)
> > > >> + {
> > > >> +- if (tagp[0] != '\0')
> > > >> +- {
> > > >> +- char buf[6 + strlen (tagp)];
> > > >> +- sprintf (buf, "NAN(%s)", tagp);
> > > >> +- return strtof (buf, NULL);
> > > >> +- }
> > > >> +-
> > > >> +- return NAN;
> > > >> ++ return __strtof_nan (tagp, NULL, 0);
> > > >> + }
> > > >> + weak_alias (__nanf, nanf)
> > > >> +Index: git/math/s_nanl.c
> > > >> +===================================================================
> > > >> +--- git.orig/math/s_nanl.c
> > > >> ++++ git/math/s_nanl.c
> > > >> +@@ -28,13 +28,6 @@
> > > >> + long double
> > > >> + __nanl (const char *tagp)
> > > >> + {
> > > >> +- if (tagp[0] != '\0')
> > > >> +- {
> > > >> +- char buf[6 + strlen (tagp)];
> > > >> +- sprintf (buf, "NAN(%s)", tagp);
> > > >> +- return strtold (buf, NULL);
> > > >> +- }
> > > >> +-
> > > >> +- return NAN;
> > > >> ++ return __strtold_nan (tagp, NULL, 0);
> > > >> + }
> > > >> + weak_alias (__nanl, nanl)
> > > >> +Index: git/math/test-nan-overflow.c
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/math/test-nan-overflow.c
> > > >> +@@ -0,0 +1,66 @@
> > > >> ++/* Test nan functions stack overflow (bug 16962).
> > > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#include <math.h>
> > > >> ++#include <stdio.h>
> > > >> ++#include <string.h>
> > > >> ++#include <sys/resource.h>
> > > >> ++
> > > >> ++#define STACK_LIM 1048576
> > > >> ++#define STRING_SIZE (2 * STACK_LIM)
> > > >> ++
> > > >> ++static int
> > > >> ++do_test (void)
> > > >> ++{
> > > >> ++ int result = 0;
> > > >> ++ struct rlimit lim;
> > > >> ++ getrlimit (RLIMIT_STACK, &lim);
> > > >> ++ lim.rlim_cur = STACK_LIM;
> > > >> ++ setrlimit (RLIMIT_STACK, &lim);
> > > >> ++ char *nanstr = malloc (STRING_SIZE);
> > > >> ++ if (nanstr == NULL)
> > > >> ++ {
> > > >> ++ puts ("malloc failed, cannot test");
> > > >> ++ return 77;
> > > >> ++ }
> > > >> ++ memset (nanstr, '0', STRING_SIZE - 1);
> > > >> ++ nanstr[STRING_SIZE - 1] = 0;
> > > >> ++#define NAN_TEST(TYPE, FUNC) \
> > > >> ++ do \
> > > >> ++ { \
> > > >> ++ char *volatile p = nanstr; \
> > > >> ++ volatile TYPE v = FUNC (p); \
> > > >> ++ if (isnan (v)) \
> > > >> ++ puts ("PASS: " #FUNC); \
> > > >> ++ else \
> > > >> ++ { \
> > > >> ++ puts ("FAIL: " #FUNC); \
> > > >> ++ result = 1; \
> > > >> ++ } \
> > > >> ++ } \
> > > >> ++ while (0)
> > > >> ++ NAN_TEST (float, nanf);
> > > >> ++ NAN_TEST (double, nan);
> > > >> ++#ifndef NO_LONG_DOUBLE
> > > >> ++ NAN_TEST (long double, nanl);
> > > >> ++#endif
> > > >> ++ return result;
> > > >> ++}
> > > >> ++
> > > >> ++#define TEST_FUNCTION do_test ()
> > > >> ++#include "../test-skeleton.c"
> > > >> +Index: git/math/test-nan-payload.c
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/math/test-nan-payload.c
> > > >> +@@ -0,0 +1,122 @@
> > > >> ++/* Test nan functions payload handling (bug 16961).
> > > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#include <float.h>
> > > >> ++#include <math.h>
> > > >> ++#include <stdio.h>
> > > >> ++#include <stdlib.h>
> > > >> ++#include <string.h>
> > > >> ++
> > > >> ++/* Avoid built-in functions. */
> > > >> ++#define WRAP_NAN(FUNC, STR) \
> > > >> ++ ({ const char *volatile wns = (STR); FUNC (wns); })
> > > >> ++#define WRAP_STRTO(FUNC, STR) \
> > > >> ++ ({ const char *volatile wss = (STR); FUNC (wss, NULL); })
> > > >> ++
> > > >> ++#define CHECK_IS_NAN(TYPE, A) \
> > > >> ++ do \
> > > >> ++ { \
> > > >> ++ if (isnan (A)) \
> > > >> ++ puts ("PASS: " #TYPE " " #A); \
> > > >> ++ else \
> > > >> ++ { \
> > > >> ++ puts ("FAIL: " #TYPE " " #A); \
> > > >> ++ result = 1; \
> > > >> ++ } \
> > > >> ++ } \
> > > >> ++ while (0)
> > > >> ++
> > > >> ++#define CHECK_SAME_NAN(TYPE, A, B) \
> > > >> ++ do \
> > > >> ++ { \
> > > >> ++ if (memcmp (&(A), &(B), sizeof (A)) == 0) \
> > > >> ++ puts ("PASS: " #TYPE " " #A " = " #B); \
> > > >> ++ else \
> > > >> ++ { \
> > > >> ++ puts ("FAIL: " #TYPE " " #A " = " #B); \
> > > >> ++ result = 1; \
> > > >> ++ } \
> > > >> ++ } \
> > > >> ++ while (0)
> > > >> ++
> > > >> ++#define CHECK_DIFF_NAN(TYPE, A, B) \
> > > >> ++ do \
> > > >> ++ { \
> > > >> ++ if (memcmp (&(A), &(B), sizeof (A)) != 0) \
> > > >> ++ puts ("PASS: " #TYPE " " #A " != " #B); \
> > > >> ++ else \
> > > >> ++ { \
> > > >> ++ puts ("FAIL: " #TYPE " " #A " != " #B); \
> > > >> ++ result = 1; \
> > > >> ++ } \
> > > >> ++ } \
> > > >> ++ while (0)
> > > >> ++
> > > >> ++/* Cannot test payloads by memcmp for formats where NaNs have padding
> > > >> ++ bits. */
> > > >> ++#define CAN_TEST_EQ(MANT_DIG) ((MANT_DIG) != 64 && (MANT_DIG) != 106)
> > > >> ++
> > > >> ++#define RUN_TESTS(TYPE, SFUNC, FUNC, MANT_DIG) \
> > > >> ++ do \
> > > >> ++ { \
> > > >> ++ TYPE n123 = WRAP_NAN (FUNC, "123"); \
> > > >> ++ CHECK_IS_NAN (TYPE, n123); \
> > > >> ++ TYPE s123 = WRAP_STRTO (SFUNC, "NAN(123)"); \
> > > >> ++ CHECK_IS_NAN (TYPE, s123); \
> > > >> ++ TYPE n456 = WRAP_NAN (FUNC, "456"); \
> > > >> ++ CHECK_IS_NAN (TYPE, n456); \
> > > >> ++ TYPE s456 = WRAP_STRTO (SFUNC, "NAN(456)"); \
> > > >> ++ CHECK_IS_NAN (TYPE, s456); \
> > > >> ++ TYPE n123x = WRAP_NAN (FUNC, "123)"); \
> > > >> ++ CHECK_IS_NAN (TYPE, n123x); \
> > > >> ++ TYPE nemp = WRAP_NAN (FUNC, ""); \
> > > >> ++ CHECK_IS_NAN (TYPE, nemp); \
> > > >> ++ TYPE semp = WRAP_STRTO (SFUNC, "NAN()"); \
> > > >> ++ CHECK_IS_NAN (TYPE, semp); \
> > > >> ++ TYPE sx = WRAP_STRTO (SFUNC, "NAN"); \
> > > >> ++ CHECK_IS_NAN (TYPE, sx); \
> > > >> ++ if (CAN_TEST_EQ (MANT_DIG)) \
> > > >> ++ CHECK_SAME_NAN (TYPE, n123, s123); \
> > > >> ++ if (CAN_TEST_EQ (MANT_DIG)) \
> > > >> ++ CHECK_SAME_NAN (TYPE, n456, s456); \
> > > >> ++ if (CAN_TEST_EQ (MANT_DIG)) \
> > > >> ++ CHECK_SAME_NAN (TYPE, nemp, semp); \
> > > >> ++ if (CAN_TEST_EQ (MANT_DIG)) \
> > > >> ++ CHECK_SAME_NAN (TYPE, n123x, sx); \
> > > >> ++ CHECK_DIFF_NAN (TYPE, n123, n456); \
> > > >> ++ CHECK_DIFF_NAN (TYPE, n123, nemp); \
> > > >> ++ CHECK_DIFF_NAN (TYPE, n123, n123x); \
> > > >> ++ CHECK_DIFF_NAN (TYPE, n456, nemp); \
> > > >> ++ CHECK_DIFF_NAN (TYPE, n456, n123x); \
> > > >> ++ } \
> > > >> ++ while (0)
> > > >> ++
> > > >> ++static int
> > > >> ++do_test (void)
> > > >> ++{
> > > >> ++ int result = 0;
> > > >> ++ RUN_TESTS (float, strtof, nanf, FLT_MANT_DIG);
> > > >> ++ RUN_TESTS (double, strtod, nan, DBL_MANT_DIG);
> > > >> ++#ifndef NO_LONG_DOUBLE
> > > >> ++ RUN_TESTS (long double, strtold, nanl, LDBL_MANT_DIG);
> > > >> ++#endif
> > > >> ++ return result;
> > > >> ++}
> > > >> ++
> > > >> ++#define TEST_FUNCTION do_test ()
> > > >> ++#include "../test-skeleton.c"
> > > >> +Index: git/stdlib/Versions
> > > >> +===================================================================
> > > >> +--- git.orig/stdlib/Versions
> > > >> ++++ git/stdlib/Versions
> > > >> +@@ -118,5 +118,6 @@ libc {
> > > >> + # Used from other libraries
> > > >> + __libc_secure_getenv;
> > > >> + __call_tls_dtors;
> > > >> ++ __strtof_nan; __strtod_nan; __strtold_nan;
> > > >> + }
> > > >> + }
> > > >> +Index: git/math/Makefile
> > > >> +===================================================================
> > > >> +--- git.orig/math/Makefile
> > > >> ++++ git/math/Makefile
> > > >> +@@ -92,7 +92,9 @@ tests = test-matherr test-fenv atest-exp
> > > >> + test-misc test-fpucw test-fpucw-ieee tst-definitions test-tgmath \
> > > >> + test-tgmath-ret bug-nextafter bug-nexttoward bug-tgmath1 \
> > > >> + test-tgmath-int test-tgmath2 test-powl tst-CMPLX tst-CMPLX2
> > > test-snan \
> > > >> +- test-fenv-tls test-fenv-preserve test-fenv-return $(tests-static)
> > > >> ++ test-fenv-tls test-fenv-preserve test-fenv-return \
> > > >> ++ test-nan-overflow test-nan-payload \
> > > >> ++ $(tests-static)
> > > >> + tests-static = test-fpucw-static test-fpucw-ieee-static
> > > >> + # We do the `long double' tests only if this data type is available
> > > and
> > > >> + # distinct from `double'.
> > > >> diff --git a/meta/recipes-core/glibc/glibc_2.20.bb
> > > b/meta/recipes-core/glibc/glibc_2.20.bb
> > > >> index af568d9..d099d5d 100644
> > > >> --- a/meta/recipes-core/glibc/glibc_2.20.bb
> > > >> +++ b/meta/recipes-core/glibc/glibc_2.20.bb
> > > >> @@ -50,6 +50,8 @@ CVEPATCHES = "\
> > > >> file://CVE-2015-7547.patch \
> > > >> file://CVE-2015-8777.patch \
> > > >> file://CVE-2015-8779.patch \
> > > >> + file://CVE-2015-9761_1.patch \
> > > >> + file://CVE-2015-9761_2.patch \
> > > >> "
> > > >>
> > > >> LIC_FILES_CHKSUM =
> > > "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
> > > >> --
> > > >> 2.3.5
> > > >>
> > > >> --
> > > >> _______________________________________________
> > > >> Openembedded-core mailing list
> > > >> Openembedded-core@lists.openembedded.org
> > > >> http://lists.openembedded.org/mailman/listinfo/openembedded-core
> > > >
> > >
>
> --
> Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com
--
Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 188 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [dizzy][PATCH 3/4] glibc: CVE-2015-9761
2016-03-11 13:58 ` Martin Jansa
2016-03-17 15:48 ` Martin Jansa
@ 2016-03-22 0:42 ` akuster808
1 sibling, 0 replies; 9+ messages in thread
From: akuster808 @ 2016-03-22 0:42 UTC (permalink / raw)
To: Martin Jansa, akuster; +Cc: Patches and discussions about the oe-core layer
Martin,
On 03/11/2016 05:58 AM, Martin Jansa wrote:
> On Thu, Mar 03, 2016 at 09:47:11PM +0100, Martin Jansa wrote:
>> I was asking you about the CVE number (but I realize it was already merged
>> in other branches with wrong number so maybe it will be less confusing use
>> the same in Dizzy)
>>
>> And "please merge" was informal
>> Acked-by: Martin Jansa <Martin.Jansa@gmail.com>
>>
>> after testing this series in our Dizzy based builds.
>
> Any ETA on getting these in dizzy branch?
>
> I know that everybody is busy with Mx release, I just need the ETA to
> decide if
> 1) we'll upgrade oe-core now with only the first security fix
> and upgrade again later when these are merged
> 2) we'll upgrade oe-core now with only the first security fix
> and backport other 4 fixes in our internal layer - and remove these
> backports in next oe-core upgrade when these are merged
> 3) we'll wait a bit more to get all 5 fixes in one oe-core upgrade
looks like they got merged.
- armin
>
> I've already tested all 5 in our builds, only issue I've noticed
> is incorrect CVE number used in patches as reported.
>
>> On Thu, Mar 3, 2016 at 9:35 PM, akuster@mvista <akuster@mvista.com> wrote:
>>
>>> On 3/3/16 12:16 AM, Martin Jansa wrote:
>>>> On Sun, Feb 28, 2016 at 10:53:34AM -0800, Armin Kuster wrote:
>>>>> From: Armin Kuster <akuster@mvista.com>
>>>>
>>>> I think this is 2014-9761 not 2015-9761
>>>>
>>>> But other than that please merge this series.
>>>
>>> Are you asking me? I don't have write perms.
>>>
>>> - armin
>>>>
>>>>> A stack overflow vulnerability was found in nan* functions that could
>>> cause
>>>>> applications which process long strings with the nan function to crash
>>> or,
>>>>> potentially, execute arbitrary code.
>>>>>
>>>>> (From OE-Core rev: fd3da8178c8c06b549dbc19ecec40e98ab934d49)
>>>>>
>>>>> Signed-off-by: Armin Kuster <akuster@mvista.com>
>>>>> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
>>>>> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
>>>>> Signed-off-by: Armin Kuster <akuster@mvista.com>
>>>>> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
>>>>> Signed-off-by: Armin Kuster <akuster808@gmail.com>
>>>>> ---
>>>>> .../recipes-core/glibc/glibc/CVE-2015-9761_1.patch | 1039
>>> ++++++++++++++++++++
>>>>> .../recipes-core/glibc/glibc/CVE-2015-9761_2.patch | 388 ++++++++
>>>>> meta/recipes-core/glibc/glibc_2.20.bb | 2 +
>>>>> 3 files changed, 1429 insertions(+)
>>>>> create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
>>>>> create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
>>>>>
>>>>> diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
>>> b/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
>>>>> new file mode 100644
>>>>> index 0000000..3aca913
>>>>> --- /dev/null
>>>>> +++ b/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
>>>>> @@ -0,0 +1,1039 @@
>>>>> +From e02cabecf0d025ec4f4ddee290bdf7aadb873bb3 Mon Sep 17 00:00:00 2001
>>>>> +From: Joseph Myers <joseph@codesourcery.com>
>>>>> +Date: Tue, 24 Nov 2015 22:24:52 +0000
>>>>> +Subject: [PATCH] Refactor strtod parsing of NaN payloads.
>>>>> +
>>>>> +The nan* functions handle their string argument by constructing a
>>>>> +NAN(...) string on the stack as a VLA and passing it to strtod
>>>>> +functions.
>>>>> +
>>>>> +This approach has problems discussed in bug 16961 and bug 16962: the
>>>>> +stack usage is unbounded, and it gives incorrect results in certain
>>>>> +cases where the argument is not a valid n-char-sequence.
>>>>> +
>>>>> +The natural fix for both issues is to refactor the NaN payload parsing
>>>>> +out of strtod into a separate function that the nan* functions can
>>>>> +call directly, so that no temporary string needs constructing on the
>>>>> +stack at all. This patch does that refactoring in preparation for
>>>>> +fixing those bugs (but without actually using the new functions from
>>>>> +nan* - which will also require exporting them from libc at version
>>>>> +GLIBC_PRIVATE). This patch is not intended to change any user-visible
>>>>> +behavior, so no tests are added (fixes for the above bugs will of
>>>>> +course add tests for them).
>>>>> +
>>>>> +This patch builds on my recent fixes for strtol and strtod issues in
>>>>> +Turkish locales. Given those fixes, the parsing of NaN payloads is
>>>>> +locale-independent; thus, the new functions do not need to take a
>>>>> +locale_t argument.
>>>>> +
>>>>> +Tested for x86_64, x86, mips64 and powerpc.
>>>>> +
>>>>> + * stdlib/strtod_nan.c: New file.
>>>>> + * stdlib/strtod_nan_double.h: Likewise.
>>>>> + * stdlib/strtod_nan_float.h: Likewise.
>>>>> + * stdlib/strtod_nan_main.c: Likewise.
>>>>> + * stdlib/strtod_nan_narrow.h: Likewise.
>>>>> + * stdlib/strtod_nan_wide.h: Likewise.
>>>>> + * stdlib/strtof_nan.c: Likewise.
>>>>> + * stdlib/strtold_nan.c: Likewise.
>>>>> + * sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h: Likewise.
>>>>> + * sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h: Likewise.
>>>>> + * sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h: Likewise.
>>>>> + * wcsmbs/wcstod_nan.c: Likewise.
>>>>> + * wcsmbs/wcstof_nan.c: Likewise.
>>>>> + * wcsmbs/wcstold_nan.c: Likewise.
>>>>> + * stdlib/Makefile (routines): Add strtof_nan, strtod_nan and
>>>>> + strtold_nan.
>>>>> + * wcsmbs/Makefile (routines): Add wcstod_nan, wcstold_nan and
>>>>> + wcstof_nan.
>>>>> + * include/stdlib.h (__strtof_nan): Declare and use
>>>>> + libc_hidden_proto.
>>>>> + (__strtod_nan): Likewise.
>>>>> + (__strtold_nan): Likewise.
>>>>> + (__wcstof_nan): Likewise.
>>>>> + (__wcstod_nan): Likewise.
>>>>> + (__wcstold_nan): Likewise.
>>>>> + * include/wchar.h (____wcstoull_l_internal): Declare.
>>>>> + * stdlib/strtod_l.c: Do not include <ieee754.h>.
>>>>> + (____strtoull_l_internal): Remove declaration.
>>>>> + (STRTOF_NAN): Define macro.
>>>>> + (SET_MANTISSA): Remove macro.
>>>>> + (STRTOULL): Likewise.
>>>>> + (____STRTOF_INTERNAL): Use STRTOF_NAN to parse NaN payload.
>>>>> + * stdlib/strtof_l.c (____strtoull_l_internal): Remove declaration.
>>>>> + (STRTOF_NAN): Define macro.
>>>>> + (SET_MANTISSA): Remove macro.
>>>>> + * sysdeps/ieee754/ldbl-128/strtold_l.c (STRTOF_NAN): Define macro.
>>>>> + (SET_MANTISSA): Remove macro.
>>>>> + * sysdeps/ieee754/ldbl-128ibm/strtold_l.c (STRTOF_NAN): Define
>>>>> + macro.
>>>>> + (SET_MANTISSA): Remove macro.
>>>>> + * sysdeps/ieee754/ldbl-64-128/strtold_l.c (STRTOF_NAN): Define
>>>>> + macro.
>>>>> + (SET_MANTISSA): Remove macro.
>>>>> + * sysdeps/ieee754/ldbl-96/strtold_l.c (STRTOF_NAN): Define macro.
>>>>> + (SET_MANTISSA): Remove macro.
>>>>> + * wcsmbs/wcstod_l.c (____wcstoull_l_internal): Remove declaration.
>>>>> + * wcsmbs/wcstof_l.c (____wcstoull_l_internal): Likewise.
>>>>> + * wcsmbs/wcstold_l.c (____wcstoull_l_internal): Likewise.
>>>>> +
>>>>> +Upstream-Status: Backport
>>>>> +CVE: CVE-2015-9761 patch #1
>>>>> +[Yocto # 8980]
>>>>> +
>>>>> +
>>> https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02cabecf0d025ec4f4ddee290bdf7aadb873bb3
>>>>> +
>>>>> +Signed-off-by: Armin Kuster <akuster@mvista.com>
>>>>> +
>>>>> +---
>>>>> + ChangeLog | 49
>>> ++++++++++++++++++
>>>>> + include/stdlib.h | 18 +++++++
>>>>> + include/wchar.h | 3 ++
>>>>> + stdlib/Makefile | 1 +
>>>>> + stdlib/strtod_l.c | 48
>>> ++++--------------
>>>>> + stdlib/strtod_nan.c | 24 +++++++++
>>>>> + stdlib/strtod_nan_double.h | 30 +++++++++++
>>>>> + stdlib/strtod_nan_float.h | 29 +++++++++++
>>>>> + stdlib/strtod_nan_main.c | 63
>>> ++++++++++++++++++++++++
>>>>> + stdlib/strtod_nan_narrow.h | 22 +++++++++
>>>>> + stdlib/strtod_nan_wide.h | 22 +++++++++
>>>>> + stdlib/strtof_l.c | 11 +----
>>>>> + stdlib/strtof_nan.c | 24 +++++++++
>>>>> + stdlib/strtold_nan.c | 30 +++++++++++
>>>>> + sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h | 33 +++++++++++++
>>>>> + sysdeps/ieee754/ldbl-128/strtold_l.c | 13 +----
>>>>> + sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h | 30 +++++++++++
>>>>> + sysdeps/ieee754/ldbl-128ibm/strtold_l.c | 10 +---
>>>>> + sysdeps/ieee754/ldbl-64-128/strtold_l.c | 13 +----
>>>>> + sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h | 30 +++++++++++
>>>>> + sysdeps/ieee754/ldbl-96/strtold_l.c | 10 +---
>>>>> + wcsmbs/Makefile | 1 +
>>>>> + wcsmbs/wcstod_l.c | 3 --
>>>>> + wcsmbs/wcstod_nan.c | 23 +++++++++
>>>>> + wcsmbs/wcstof_l.c | 3 --
>>>>> + wcsmbs/wcstof_nan.c | 23 +++++++++
>>>>> + wcsmbs/wcstold_l.c | 3 --
>>>>> + wcsmbs/wcstold_nan.c | 30 +++++++++++
>>>>> + 28 files changed, 504 insertions(+), 95 deletions(-)
>>>>> + create mode 100644 stdlib/strtod_nan.c
>>>>> + create mode 100644 stdlib/strtod_nan_double.h
>>>>> + create mode 100644 stdlib/strtod_nan_float.h
>>>>> + create mode 100644 stdlib/strtod_nan_main.c
>>>>> + create mode 100644 stdlib/strtod_nan_narrow.h
>>>>> + create mode 100644 stdlib/strtod_nan_wide.h
>>>>> + create mode 100644 stdlib/strtof_nan.c
>>>>> + create mode 100644 stdlib/strtold_nan.c
>>>>> + create mode 100644 sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
>>>>> + create mode 100644 sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
>>>>> + create mode 100644 sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
>>>>> + create mode 100644 wcsmbs/wcstod_nan.c
>>>>> + create mode 100644 wcsmbs/wcstof_nan.c
>>>>> + create mode 100644 wcsmbs/wcstold_nan.c
>>>>> +
>>>>> +Index: git/include/stdlib.h
>>>>> +===================================================================
>>>>> +--- git.orig/include/stdlib.h
>>>>> ++++ git/include/stdlib.h
>>>>> +@@ -203,6 +203,24 @@ libc_hidden_proto (strtoll)
>>>>> + libc_hidden_proto (strtoul)
>>>>> + libc_hidden_proto (strtoull)
>>>>> +
>>>>> ++extern float __strtof_nan (const char *, char **, char)
>>> internal_function;
>>>>> ++extern double __strtod_nan (const char *, char **, char)
>>> internal_function;
>>>>> ++extern long double __strtold_nan (const char *, char **, char)
>>>>> ++ internal_function;
>>>>> ++extern float __wcstof_nan (const wchar_t *, wchar_t **, wchar_t)
>>>>> ++ internal_function;
>>>>> ++extern double __wcstod_nan (const wchar_t *, wchar_t **, wchar_t)
>>>>> ++ internal_function;
>>>>> ++extern long double __wcstold_nan (const wchar_t *, wchar_t **,
>>> wchar_t)
>>>>> ++ internal_function;
>>>>> ++
>>>>> ++libc_hidden_proto (__strtof_nan)
>>>>> ++libc_hidden_proto (__strtod_nan)
>>>>> ++libc_hidden_proto (__strtold_nan)
>>>>> ++libc_hidden_proto (__wcstof_nan)
>>>>> ++libc_hidden_proto (__wcstod_nan)
>>>>> ++libc_hidden_proto (__wcstold_nan)
>>>>> ++
>>>>> + extern char *__ecvt (double __value, int __ndigit, int *__restrict
>>> __decpt,
>>>>> + int *__restrict __sign);
>>>>> + extern char *__fcvt (double __value, int __ndigit, int *__restrict
>>> __decpt,
>>>>> +Index: git/include/wchar.h
>>>>> +===================================================================
>>>>> +--- git.orig/include/wchar.h
>>>>> ++++ git/include/wchar.h
>>>>> +@@ -52,6 +52,9 @@ extern unsigned long long int __wcstoull
>>>>> + __restrict __endptr,
>>>>> + int __base,
>>>>> + int __group) __THROW;
>>>>> ++extern unsigned long long int ____wcstoull_l_internal (const wchar_t
>>> *,
>>>>> ++ wchar_t **, int,
>>> int,
>>>>> ++ __locale_t);
>>>>> + libc_hidden_proto (__wcstof_internal)
>>>>> + libc_hidden_proto (__wcstod_internal)
>>>>> + libc_hidden_proto (__wcstold_internal)
>>>>> +Index: git/stdlib/Makefile
>>>>> +===================================================================
>>>>> +--- git.orig/stdlib/Makefile
>>>>> ++++ git/stdlib/Makefile
>>>>> +@@ -51,6 +51,7 @@ routines-y :=
>>> \
>>>>> + strtol_l strtoul_l strtoll_l strtoull_l
>>> \
>>>>> + strtof strtod strtold
>>> \
>>>>> + strtof_l strtod_l strtold_l
>>> \
>>>>> ++ strtof_nan strtod_nan strtold_nan
>>> \
>>>>> + system canonicalize
>>> \
>>>>> + a64l l64a
>>> \
>>>>> + getsubopt xpg_basename
>>> \
>>>>> +Index: git/stdlib/strtod_l.c
>>>>> +===================================================================
>>>>> +--- git.orig/stdlib/strtod_l.c
>>>>> ++++ git/stdlib/strtod_l.c
>>>>> +@@ -21,8 +21,6 @@
>>>>> + #include <xlocale.h>
>>>>> +
>>>>> + extern double ____strtod_l_internal (const char *, char **, int,
>>> __locale_t);
>>>>> +-extern unsigned long long int ____strtoull_l_internal (const char *,
>>> char **,
>>>>> +- int, int,
>>> __locale_t);
>>>>> +
>>>>> + /* Configuration part. These macros are defined by `strtold.c',
>>>>> + `strtof.c', `wcstod.c', `wcstold.c', and `wcstof.c' to produce the
>>>>> +@@ -34,27 +32,20 @@ extern unsigned long long int ____strtou
>>>>> + # ifdef USE_WIDE_CHAR
>>>>> + # define STRTOF wcstod_l
>>>>> + # define __STRTOF __wcstod_l
>>>>> ++# define STRTOF_NAN __wcstod_nan
>>>>> + # else
>>>>> + # define STRTOF strtod_l
>>>>> + # define __STRTOF __strtod_l
>>>>> ++# define STRTOF_NAN __strtod_nan
>>>>> + # endif
>>>>> + # define MPN2FLOAT __mpn_construct_double
>>>>> + # define FLOAT_HUGE_VAL HUGE_VAL
>>>>> +-# define SET_MANTISSA(flt, mant) \
>>>>> +- do { union ieee754_double u;
>>> \
>>>>> +- u.d = (flt);
>>> \
>>>>> +- u.ieee_nan.mantissa0 = (mant) >> 32;
>>> \
>>>>> +- u.ieee_nan.mantissa1 = (mant);
>>> \
>>>>> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0)
>>> \
>>>>> +- (flt) = u.d;
>>> \
>>>>> +- } while (0)
>>>>> + #endif
>>>>> + /* End of configuration part. */
>>>>> +
>>>>> + #include <ctype.h>
>>>>> + #include <errno.h>
>>>>> + #include <float.h>
>>>>> +-#include <ieee754.h>
>>>>> + #include "../locale/localeinfo.h"
>>>>> + #include <locale.h>
>>>>> + #include <math.h>
>>>>> +@@ -105,7 +96,6 @@ extern unsigned long long int ____strtou
>>>>> + # define TOLOWER_C(Ch) __towlower_l ((Ch), _nl_C_locobj_ptr)
>>>>> + # define STRNCASECMP(S1, S2, N) \
>>>>> + __wcsncasecmp_l ((S1), (S2), (N), _nl_C_locobj_ptr)
>>>>> +-# define STRTOULL(S, E, B) ____wcstoull_l_internal ((S), (E), (B), 0,
>>> loc)
>>>>> + #else
>>>>> + # define STRING_TYPE char
>>>>> + # define CHAR_TYPE char
>>>>> +@@ -117,7 +107,6 @@ extern unsigned long long int ____strtou
>>>>> + # define TOLOWER_C(Ch) __tolower_l ((Ch), _nl_C_locobj_ptr)
>>>>> + # define STRNCASECMP(S1, S2, N) \
>>>>> + __strncasecmp_l ((S1), (S2), (N), _nl_C_locobj_ptr)
>>>>> +-# define STRTOULL(S, E, B) ____strtoull_l_internal ((S), (E), (B), 0,
>>> loc)
>>>>> + #endif
>>>>> +
>>>>> +
>>>>> +@@ -668,33 +657,14 @@ ____STRTOF_INTERNAL (nptr, endptr, group
>>>>> + if (*cp == L_('('))
>>>>> + {
>>>>> + const STRING_TYPE *startp = cp;
>>>>> +- do
>>>>> +- ++cp;
>>>>> +- while ((*cp >= L_('0') && *cp <= L_('9'))
>>>>> +- || ({ CHAR_TYPE lo = TOLOWER (*cp);
>>>>> +- lo >= L_('a') && lo <= L_('z'); })
>>>>> +- || *cp == L_('_'));
>>>>> +-
>>>>> +- if (*cp != L_(')'))
>>>>> +- /* The closing brace is missing. Only match the NAN
>>>>> +- part. */
>>>>> +- cp = startp;
>>>>> ++ STRING_TYPE *endp;
>>>>> ++ retval = STRTOF_NAN (cp + 1, &endp, L_(')'));
>>>>> ++ if (*endp == L_(')'))
>>>>> ++ /* Consume the closing parenthesis. */
>>>>> ++ cp = endp + 1;
>>>>> + else
>>>>> +- {
>>>>> +- /* This is a system-dependent way to specify the
>>>>> +- bitmask used for the NaN. We expect it to be
>>>>> +- a number which is put in the mantissa of the
>>>>> +- number. */
>>>>> +- STRING_TYPE *endp;
>>>>> +- unsigned long long int mant;
>>>>> +-
>>>>> +- mant = STRTOULL (startp + 1, &endp, 0);
>>>>> +- if (endp == cp)
>>>>> +- SET_MANTISSA (retval, mant);
>>>>> +-
>>>>> +- /* Consume the closing brace. */
>>>>> +- ++cp;
>>>>> +- }
>>>>> ++ /* Only match the NAN part. */
>>>>> ++ cp = startp;
>>>>> + }
>>>>> +
>>>>> + if (endptr != NULL)
>>>>> +Index: git/stdlib/strtod_nan.c
>>>>> +===================================================================
>>>>> +--- /dev/null
>>>>> ++++ git/stdlib/strtod_nan.c
>>>>> +@@ -0,0 +1,24 @@
>>>>> ++/* Convert string for NaN payload to corresponding NaN. Narrow
>>>>> ++ strings, double.
>>>>> ++ Copyright (C) 2015 Free Software Foundation, Inc.
>>>>> ++ This file is part of the GNU C Library.
>>>>> ++
>>>>> ++ The GNU C Library is free software; you can redistribute it and/or
>>>>> ++ modify it under the terms of the GNU Lesser General Public
>>>>> ++ License as published by the Free Software Foundation; either
>>>>> ++ version 2.1 of the License, or (at your option) any later version.
>>>>> ++
>>>>> ++ The GNU C Library is distributed in the hope that it will be
>>> useful,
>>>>> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>>> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>>>>> ++ Lesser General Public License for more details.
>>>>> ++
>>>>> ++ You should have received a copy of the GNU Lesser General Public
>>>>> ++ License along with the GNU C Library; if not, see
>>>>> ++ <http://www.gnu.org/licenses/>. */
>>>>> ++
>>>>> ++#include <strtod_nan_narrow.h>
>>>>> ++#include <strtod_nan_double.h>
>>>>> ++
>>>>> ++#define STRTOD_NAN __strtod_nan
>>>>> ++#include <strtod_nan_main.c>
>>>>> +Index: git/stdlib/strtod_nan_double.h
>>>>> +===================================================================
>>>>> +--- /dev/null
>>>>> ++++ git/stdlib/strtod_nan_double.h
>>>>> +@@ -0,0 +1,30 @@
>>>>> ++/* Convert string for NaN payload to corresponding NaN. For double.
>>>>> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
>>>>> ++ This file is part of the GNU C Library.
>>>>> ++
>>>>> ++ The GNU C Library is free software; you can redistribute it and/or
>>>>> ++ modify it under the terms of the GNU Lesser General Public
>>>>> ++ License as published by the Free Software Foundation; either
>>>>> ++ version 2.1 of the License, or (at your option) any later version.
>>>>> ++
>>>>> ++ The GNU C Library is distributed in the hope that it will be
>>> useful,
>>>>> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>>> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>>>>> ++ Lesser General Public License for more details.
>>>>> ++
>>>>> ++ You should have received a copy of the GNU Lesser General Public
>>>>> ++ License along with the GNU C Library; if not, see
>>>>> ++ <http://www.gnu.org/licenses/>. */
>>>>> ++
>>>>> ++#define FLOAT double
>>>>> ++#define SET_MANTISSA(flt, mant) \
>>>>> ++ do \
>>>>> ++ { \
>>>>> ++ union ieee754_double u; \
>>>>> ++ u.d = (flt); \
>>>>> ++ u.ieee_nan.mantissa0 = (mant) >> 32; \
>>>>> ++ u.ieee_nan.mantissa1 = (mant); \
>>>>> ++ if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
>>>>> ++ (flt) = u.d; \
>>>>> ++ } \
>>>>> ++ while (0)
>>>>> +Index: git/stdlib/strtod_nan_float.h
>>>>> +===================================================================
>>>>> +--- /dev/null
>>>>> ++++ git/stdlib/strtod_nan_float.h
>>>>> +@@ -0,0 +1,29 @@
>>>>> ++/* Convert string for NaN payload to corresponding NaN. For float.
>>>>> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
>>>>> ++ This file is part of the GNU C Library.
>>>>> ++
>>>>> ++ The GNU C Library is free software; you can redistribute it and/or
>>>>> ++ modify it under the terms of the GNU Lesser General Public
>>>>> ++ License as published by the Free Software Foundation; either
>>>>> ++ version 2.1 of the License, or (at your option) any later version.
>>>>> ++
>>>>> ++ The GNU C Library is distributed in the hope that it will be
>>> useful,
>>>>> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>>> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>>>>> ++ Lesser General Public License for more details.
>>>>> ++
>>>>> ++ You should have received a copy of the GNU Lesser General Public
>>>>> ++ License along with the GNU C Library; if not, see
>>>>> ++ <http://www.gnu.org/licenses/>. */
>>>>> ++
>>>>> ++#define FLOAT float
>>>>> ++#define SET_MANTISSA(flt, mant) \
>>>>> ++ do \
>>>>> ++ { \
>>>>> ++ union ieee754_float u; \
>>>>> ++ u.f = (flt); \
>>>>> ++ u.ieee_nan.mantissa = (mant); \
>>>>> ++ if (u.ieee.mantissa != 0) \
>>>>> ++ (flt) = u.f; \
>>>>> ++ } \
>>>>> ++ while (0)
>>>>> +Index: git/stdlib/strtod_nan_main.c
>>>>> +===================================================================
>>>>> +--- /dev/null
>>>>> ++++ git/stdlib/strtod_nan_main.c
>>>>> +@@ -0,0 +1,63 @@
>>>>> ++/* Convert string for NaN payload to corresponding NaN.
>>>>> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
>>>>> ++ This file is part of the GNU C Library.
>>>>> ++
>>>>> ++ The GNU C Library is free software; you can redistribute it and/or
>>>>> ++ modify it under the terms of the GNU Lesser General Public
>>>>> ++ License as published by the Free Software Foundation; either
>>>>> ++ version 2.1 of the License, or (at your option) any later version.
>>>>> ++
>>>>> ++ The GNU C Library is distributed in the hope that it will be
>>> useful,
>>>>> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>>> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>>>>> ++ Lesser General Public License for more details.
>>>>> ++
>>>>> ++ You should have received a copy of the GNU Lesser General Public
>>>>> ++ License along with the GNU C Library; if not, see
>>>>> ++ <http://www.gnu.org/licenses/>. */
>>>>> ++
>>>>> ++#include <ieee754.h>
>>>>> ++#include <locale.h>
>>>>> ++#include <math.h>
>>>>> ++#include <stdlib.h>
>>>>> ++#include <wchar.h>
>>>>> ++
>>>>> ++
>>>>> ++/* If STR starts with an optional n-char-sequence as defined by ISO C
>>>>> ++ (a sequence of ASCII letters, digits and underscores), followed by
>>>>> ++ ENDC, return a NaN whose payload is set based on STR. Otherwise,
>>>>> ++ return a default NAN. If ENDPTR is not NULL, set *ENDPTR to point
>>>>> ++ to the character after the initial n-char-sequence. */
>>>>> ++
>>>>> ++internal_function
>>>>> ++FLOAT
>>>>> ++STRTOD_NAN (const STRING_TYPE *str, STRING_TYPE **endptr, STRING_TYPE
>>> endc)
>>>>> ++{
>>>>> ++ const STRING_TYPE *cp = str;
>>>>> ++
>>>>> ++ while ((*cp >= L_('0') && *cp <= L_('9'))
>>>>> ++ || (*cp >= L_('A') && *cp <= L_('Z'))
>>>>> ++ || (*cp >= L_('a') && *cp <= L_('z'))
>>>>> ++ || *cp == L_('_'))
>>>>> ++ ++cp;
>>>>> ++
>>>>> ++ FLOAT retval = NAN;
>>>>> ++ if (*cp != endc)
>>>>> ++ goto out;
>>>>> ++
>>>>> ++ /* This is a system-dependent way to specify the bitmask used for
>>>>> ++ the NaN. We expect it to be a number which is put in the
>>>>> ++ mantissa of the number. */
>>>>> ++ STRING_TYPE *endp;
>>>>> ++ unsigned long long int mant;
>>>>> ++
>>>>> ++ mant = STRTOULL (str, &endp, 0);
>>>>> ++ if (endp == cp)
>>>>> ++ SET_MANTISSA (retval, mant);
>>>>> ++
>>>>> ++ out:
>>>>> ++ if (endptr != NULL)
>>>>> ++ *endptr = (STRING_TYPE *) cp;
>>>>> ++ return retval;
>>>>> ++}
>>>>> ++libc_hidden_def (STRTOD_NAN)
>>>>> +Index: git/stdlib/strtod_nan_narrow.h
>>>>> +===================================================================
>>>>> +--- /dev/null
>>>>> ++++ git/stdlib/strtod_nan_narrow.h
>>>>> +@@ -0,0 +1,22 @@
>>>>> ++/* Convert string for NaN payload to corresponding NaN. Narrow
>>> strings.
>>>>> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
>>>>> ++ This file is part of the GNU C Library.
>>>>> ++
>>>>> ++ The GNU C Library is free software; you can redistribute it and/or
>>>>> ++ modify it under the terms of the GNU Lesser General Public
>>>>> ++ License as published by the Free Software Foundation; either
>>>>> ++ version 2.1 of the License, or (at your option) any later version.
>>>>> ++
>>>>> ++ The GNU C Library is distributed in the hope that it will be
>>> useful,
>>>>> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>>> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>>>>> ++ Lesser General Public License for more details.
>>>>> ++
>>>>> ++ You should have received a copy of the GNU Lesser General Public
>>>>> ++ License along with the GNU C Library; if not, see
>>>>> ++ <http://www.gnu.org/licenses/>. */
>>>>> ++
>>>>> ++#define STRING_TYPE char
>>>>> ++#define L_(Ch) Ch
>>>>> ++#define STRTOULL(S, E, B) ____strtoull_l_internal ((S), (E), (B), 0,
>>> \
>>>>> ++ _nl_C_locobj_ptr)
>>>>> +Index: git/stdlib/strtod_nan_wide.h
>>>>> +===================================================================
>>>>> +--- /dev/null
>>>>> ++++ git/stdlib/strtod_nan_wide.h
>>>>> +@@ -0,0 +1,22 @@
>>>>> ++/* Convert string for NaN payload to corresponding NaN. Wide strings.
>>>>> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
>>>>> ++ This file is part of the GNU C Library.
>>>>> ++
>>>>> ++ The GNU C Library is free software; you can redistribute it and/or
>>>>> ++ modify it under the terms of the GNU Lesser General Public
>>>>> ++ License as published by the Free Software Foundation; either
>>>>> ++ version 2.1 of the License, or (at your option) any later version.
>>>>> ++
>>>>> ++ The GNU C Library is distributed in the hope that it will be
>>> useful,
>>>>> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>>> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>>>>> ++ Lesser General Public License for more details.
>>>>> ++
>>>>> ++ You should have received a copy of the GNU Lesser General Public
>>>>> ++ License along with the GNU C Library; if not, see
>>>>> ++ <http://www.gnu.org/licenses/>. */
>>>>> ++
>>>>> ++#define STRING_TYPE wchar_t
>>>>> ++#define L_(Ch) L##Ch
>>>>> ++#define STRTOULL(S, E, B) ____wcstoull_l_internal ((S), (E), (B), 0,
>>> \
>>>>> ++ _nl_C_locobj_ptr)
>>>>> +Index: git/stdlib/strtof_l.c
>>>>> +===================================================================
>>>>> +--- git.orig/stdlib/strtof_l.c
>>>>> ++++ git/stdlib/strtof_l.c
>>>>> +@@ -20,26 +20,19 @@
>>>>> + #include <xlocale.h>
>>>>> +
>>>>> + extern float ____strtof_l_internal (const char *, char **, int,
>>> __locale_t);
>>>>> +-extern unsigned long long int ____strtoull_l_internal (const char *,
>>> char **,
>>>>> +- int, int,
>>> __locale_t);
>>>>> +
>>>>> + #define FLOAT float
>>>>> + #define FLT FLT
>>>>> + #ifdef USE_WIDE_CHAR
>>>>> + # define STRTOF wcstof_l
>>>>> + # define __STRTOF __wcstof_l
>>>>> ++# define STRTOF_NAN __wcstof_nan
>>>>> + #else
>>>>> + # define STRTOF strtof_l
>>>>> + # define __STRTOF __strtof_l
>>>>> ++# define STRTOF_NAN __strtof_nan
>>>>> + #endif
>>>>> + #define MPN2FLOAT __mpn_construct_float
>>>>> + #define FLOAT_HUGE_VAL HUGE_VALF
>>>>> +-#define SET_MANTISSA(flt, mant) \
>>>>> +- do { union ieee754_float u;
>>> \
>>>>> +- u.f = (flt);
>>> \
>>>>> +- u.ieee_nan.mantissa = (mant);
>>> \
>>>>> +- if (u.ieee.mantissa != 0)
>>> \
>>>>> +- (flt) = u.f;
>>> \
>>>>> +- } while (0)
>>>>> +
>>>>> + #include "strtod_l.c"
>>>>> +Index: git/stdlib/strtof_nan.c
>>>>> +===================================================================
>>>>> +--- /dev/null
>>>>> ++++ git/stdlib/strtof_nan.c
>>>>> +@@ -0,0 +1,24 @@
>>>>> ++/* Convert string for NaN payload to corresponding NaN. Narrow
>>>>> ++ strings, float.
>>>>> ++ Copyright (C) 2015 Free Software Foundation, Inc.
>>>>> ++ This file is part of the GNU C Library.
>>>>> ++
>>>>> ++ The GNU C Library is free software; you can redistribute it and/or
>>>>> ++ modify it under the terms of the GNU Lesser General Public
>>>>> ++ License as published by the Free Software Foundation; either
>>>>> ++ version 2.1 of the License, or (at your option) any later version.
>>>>> ++
>>>>> ++ The GNU C Library is distributed in the hope that it will be
>>> useful,
>>>>> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>>> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>>>>> ++ Lesser General Public License for more details.
>>>>> ++
>>>>> ++ You should have received a copy of the GNU Lesser General Public
>>>>> ++ License along with the GNU C Library; if not, see
>>>>> ++ <http://www.gnu.org/licenses/>. */
>>>>> ++
>>>>> ++#include <strtod_nan_narrow.h>
>>>>> ++#include <strtod_nan_float.h>
>>>>> ++
>>>>> ++#define STRTOD_NAN __strtof_nan
>>>>> ++#include <strtod_nan_main.c>
>>>>> +Index: git/stdlib/strtold_nan.c
>>>>> +===================================================================
>>>>> +--- /dev/null
>>>>> ++++ git/stdlib/strtold_nan.c
>>>>> +@@ -0,0 +1,30 @@
>>>>> ++/* Convert string for NaN payload to corresponding NaN. Narrow
>>>>> ++ strings, long double.
>>>>> ++ Copyright (C) 2015 Free Software Foundation, Inc.
>>>>> ++ This file is part of the GNU C Library.
>>>>> ++
>>>>> ++ The GNU C Library is free software; you can redistribute it and/or
>>>>> ++ modify it under the terms of the GNU Lesser General Public
>>>>> ++ License as published by the Free Software Foundation; either
>>>>> ++ version 2.1 of the License, or (at your option) any later version.
>>>>> ++
>>>>> ++ The GNU C Library is distributed in the hope that it will be
>>> useful,
>>>>> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>>> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>>>>> ++ Lesser General Public License for more details.
>>>>> ++
>>>>> ++ You should have received a copy of the GNU Lesser General Public
>>>>> ++ License along with the GNU C Library; if not, see
>>>>> ++ <http://www.gnu.org/licenses/>. */
>>>>> ++
>>>>> ++#include <math.h>
>>>>> ++
>>>>> ++/* This function is unused if long double and double have the same
>>>>> ++ representation. */
>>>>> ++#ifndef __NO_LONG_DOUBLE_MATH
>>>>> ++# include <strtod_nan_narrow.h>
>>>>> ++# include <strtod_nan_ldouble.h>
>>>>> ++
>>>>> ++# define STRTOD_NAN __strtold_nan
>>>>> ++# include <strtod_nan_main.c>
>>>>> ++#endif
>>>>> +Index: git/sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
>>>>> +===================================================================
>>>>> +--- /dev/null
>>>>> ++++ git/sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
>>>>> +@@ -0,0 +1,33 @@
>>>>> ++/* Convert string for NaN payload to corresponding NaN. For ldbl-128.
>>>>> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
>>>>> ++ This file is part of the GNU C Library.
>>>>> ++
>>>>> ++ The GNU C Library is free software; you can redistribute it and/or
>>>>> ++ modify it under the terms of the GNU Lesser General Public
>>>>> ++ License as published by the Free Software Foundation; either
>>>>> ++ version 2.1 of the License, or (at your option) any later version.
>>>>> ++
>>>>> ++ The GNU C Library is distributed in the hope that it will be
>>> useful,
>>>>> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>>> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>>>>> ++ Lesser General Public License for more details.
>>>>> ++
>>>>> ++ You should have received a copy of the GNU Lesser General Public
>>>>> ++ License along with the GNU C Library; if not, see
>>>>> ++ <http://www.gnu.org/licenses/>. */
>>>>> ++
>>>>> ++#define FLOAT long double
>>>>> ++#define SET_MANTISSA(flt, mant) \
>>>>> ++ do \
>>>>> ++ { \
>>>>> ++ union ieee854_long_double u; \
>>>>> ++ u.d = (flt); \
>>>>> ++ u.ieee_nan.mantissa0 = 0; \
>>>>> ++ u.ieee_nan.mantissa1 = 0; \
>>>>> ++ u.ieee_nan.mantissa2 = (mant) >> 32; \
>>>>> ++ u.ieee_nan.mantissa3 = (mant); \
>>>>> ++ if ((u.ieee.mantissa0 | u.ieee.mantissa1 \
>>>>> ++ | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \
>>>>> ++ (flt) = u.d; \
>>>>> ++ } \
>>>>> ++ while (0)
>>>>> +Index: git/sysdeps/ieee754/ldbl-128/strtold_l.c
>>>>> +===================================================================
>>>>> +--- git.orig/sysdeps/ieee754/ldbl-128/strtold_l.c
>>>>> ++++ git/sysdeps/ieee754/ldbl-128/strtold_l.c
>>>>> +@@ -25,22 +25,13 @@
>>>>> + #ifdef USE_WIDE_CHAR
>>>>> + # define STRTOF wcstold_l
>>>>> + # define __STRTOF __wcstold_l
>>>>> ++# define STRTOF_NAN __wcstold_nan
>>>>> + #else
>>>>> + # define STRTOF strtold_l
>>>>> + # define __STRTOF __strtold_l
>>>>> ++# define STRTOF_NAN __strtold_nan
>>>>> + #endif
>>>>> + #define MPN2FLOAT __mpn_construct_long_double
>>>>> + #define FLOAT_HUGE_VAL HUGE_VALL
>>>>> +-#define SET_MANTISSA(flt, mant) \
>>>>> +- do { union ieee854_long_double u;
>>> \
>>>>> +- u.d = (flt);
>>> \
>>>>> +- u.ieee_nan.mantissa0 = 0;
>>> \
>>>>> +- u.ieee_nan.mantissa1 = 0;
>>> \
>>>>> +- u.ieee_nan.mantissa2 = (mant) >> 32;
>>> \
>>>>> +- u.ieee_nan.mantissa3 = (mant);
>>> \
>>>>> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1
>>> \
>>>>> +- | u.ieee.mantissa2 | u.ieee.mantissa3) != 0)
>>> \
>>>>> +- (flt) = u.d;
>>> \
>>>>> +- } while (0)
>>>>> +
>>>>> + #include <strtod_l.c>
>>>>> +Index: git/sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
>>>>> +===================================================================
>>>>> +--- /dev/null
>>>>> ++++ git/sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
>>>>> +@@ -0,0 +1,30 @@
>>>>> ++/* Convert string for NaN payload to corresponding NaN. For
>>> ldbl-128ibm.
>>>>> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
>>>>> ++ This file is part of the GNU C Library.
>>>>> ++
>>>>> ++ The GNU C Library is free software; you can redistribute it and/or
>>>>> ++ modify it under the terms of the GNU Lesser General Public
>>>>> ++ License as published by the Free Software Foundation; either
>>>>> ++ version 2.1 of the License, or (at your option) any later version.
>>>>> ++
>>>>> ++ The GNU C Library is distributed in the hope that it will be
>>> useful,
>>>>> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>>> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>>>>> ++ Lesser General Public License for more details.
>>>>> ++
>>>>> ++ You should have received a copy of the GNU Lesser General Public
>>>>> ++ License along with the GNU C Library; if not, see
>>>>> ++ <http://www.gnu.org/licenses/>. */
>>>>> ++
>>>>> ++#define FLOAT long double
>>>>> ++#define SET_MANTISSA(flt, mant) \
>>>>> ++ do \
>>>>> ++ { \
>>>>> ++ union ibm_extended_long_double u; \
>>>>> ++ u.ld = (flt); \
>>>>> ++ u.d[0].ieee_nan.mantissa0 = (mant) >> 32; \
>>>>> ++ u.d[0].ieee_nan.mantissa1 = (mant); \
>>>>> ++ if ((u.d[0].ieee.mantissa0 | u.d[0].ieee.mantissa1) != 0) \
>>>>> ++ (flt) = u.ld; \
>>>>> ++ } \
>>>>> ++ while (0)
>>>>> +Index: git/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
>>>>> +===================================================================
>>>>> +--- git.orig/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
>>>>> ++++ git/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
>>>>> +@@ -30,25 +30,19 @@ extern long double ____new_wcstold_l (co
>>>>> + # define STRTOF __new_wcstold_l
>>>>> + # define __STRTOF ____new_wcstold_l
>>>>> + # define ____STRTOF_INTERNAL ____wcstold_l_internal
>>>>> ++# define STRTOF_NAN __wcstold_nan
>>>>> + #else
>>>>> + extern long double ____new_strtold_l (const char *, char **,
>>> __locale_t);
>>>>> + # define STRTOF __new_strtold_l
>>>>> + # define __STRTOF ____new_strtold_l
>>>>> + # define ____STRTOF_INTERNAL ____strtold_l_internal
>>>>> ++# define STRTOF_NAN __strtold_nan
>>>>> + #endif
>>>>> + extern __typeof (__STRTOF) STRTOF;
>>>>> + libc_hidden_proto (__STRTOF)
>>>>> + libc_hidden_proto (STRTOF)
>>>>> + #define MPN2FLOAT __mpn_construct_long_double
>>>>> + #define FLOAT_HUGE_VAL HUGE_VALL
>>>>> +-# define SET_MANTISSA(flt, mant) \
>>>>> +- do { union ibm_extended_long_double u;
>>> \
>>>>> +- u.ld = (flt);
>>> \
>>>>> +- u.d[0].ieee_nan.mantissa0 = (mant) >> 32;
>>> \
>>>>> +- u.d[0].ieee_nan.mantissa1 = (mant);
>>> \
>>>>> +- if ((u.d[0].ieee.mantissa0 | u.d[0].ieee.mantissa1) != 0)
>>> \
>>>>> +- (flt) = u.ld;
>>> \
>>>>> +- } while (0)
>>>>> +
>>>>> + #include <strtod_l.c>
>>>>> +
>>>>> +Index: git/sysdeps/ieee754/ldbl-64-128/strtold_l.c
>>>>> +===================================================================
>>>>> +--- git.orig/sysdeps/ieee754/ldbl-64-128/strtold_l.c
>>>>> ++++ git/sysdeps/ieee754/ldbl-64-128/strtold_l.c
>>>>> +@@ -30,28 +30,19 @@ extern long double ____new_wcstold_l (co
>>>>> + # define STRTOF __new_wcstold_l
>>>>> + # define __STRTOF ____new_wcstold_l
>>>>> + # define ____STRTOF_INTERNAL ____wcstold_l_internal
>>>>> ++# define STRTOF_NAN __wcstold_nan
>>>>> + #else
>>>>> + extern long double ____new_strtold_l (const char *, char **,
>>> __locale_t);
>>>>> + # define STRTOF __new_strtold_l
>>>>> + # define __STRTOF ____new_strtold_l
>>>>> + # define ____STRTOF_INTERNAL ____strtold_l_internal
>>>>> ++# define STRTOF_NAN __strtold_nan
>>>>> + #endif
>>>>> + extern __typeof (__STRTOF) STRTOF;
>>>>> + libc_hidden_proto (__STRTOF)
>>>>> + libc_hidden_proto (STRTOF)
>>>>> + #define MPN2FLOAT __mpn_construct_long_double
>>>>> + #define FLOAT_HUGE_VAL HUGE_VALL
>>>>> +-#define SET_MANTISSA(flt, mant) \
>>>>> +- do { union ieee854_long_double u;
>>> \
>>>>> +- u.d = (flt);
>>> \
>>>>> +- u.ieee_nan.mantissa0 = 0;
>>> \
>>>>> +- u.ieee_nan.mantissa1 = 0;
>>> \
>>>>> +- u.ieee_nan.mantissa2 = (mant) >> 32;
>>> \
>>>>> +- u.ieee_nan.mantissa3 = (mant);
>>> \
>>>>> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1
>>> \
>>>>> +- | u.ieee.mantissa2 | u.ieee.mantissa3) != 0)
>>> \
>>>>> +- (flt) = u.d;
>>> \
>>>>> +- } while (0)
>>>>> +
>>>>> + #include <strtod_l.c>
>>>>> +
>>>>> +Index: git/sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
>>>>> +===================================================================
>>>>> +--- /dev/null
>>>>> ++++ git/sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
>>>>> +@@ -0,0 +1,30 @@
>>>>> ++/* Convert string for NaN payload to corresponding NaN. For ldbl-96.
>>>>> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
>>>>> ++ This file is part of the GNU C Library.
>>>>> ++
>>>>> ++ The GNU C Library is free software; you can redistribute it and/or
>>>>> ++ modify it under the terms of the GNU Lesser General Public
>>>>> ++ License as published by the Free Software Foundation; either
>>>>> ++ version 2.1 of the License, or (at your option) any later version.
>>>>> ++
>>>>> ++ The GNU C Library is distributed in the hope that it will be
>>> useful,
>>>>> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>>> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>>>>> ++ Lesser General Public License for more details.
>>>>> ++
>>>>> ++ You should have received a copy of the GNU Lesser General Public
>>>>> ++ License along with the GNU C Library; if not, see
>>>>> ++ <http://www.gnu.org/licenses/>. */
>>>>> ++
>>>>> ++#define FLOAT long double
>>>>> ++#define SET_MANTISSA(flt, mant) \
>>>>> ++ do \
>>>>> ++ { \
>>>>> ++ union ieee854_long_double u; \
>>>>> ++ u.d = (flt); \
>>>>> ++ u.ieee_nan.mantissa0 = (mant) >> 32; \
>>>>> ++ u.ieee_nan.mantissa1 = (mant); \
>>>>> ++ if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
>>>>> ++ (flt) = u.d; \
>>>>> ++ } \
>>>>> ++ while (0)
>>>>> +Index: git/sysdeps/ieee754/ldbl-96/strtold_l.c
>>>>> +===================================================================
>>>>> +--- git.orig/sysdeps/ieee754/ldbl-96/strtold_l.c
>>>>> ++++ git/sysdeps/ieee754/ldbl-96/strtold_l.c
>>>>> +@@ -25,19 +25,13 @@
>>>>> + #ifdef USE_WIDE_CHAR
>>>>> + # define STRTOF wcstold_l
>>>>> + # define __STRTOF __wcstold_l
>>>>> ++# define STRTOF_NAN __wcstold_nan
>>>>> + #else
>>>>> + # define STRTOF strtold_l
>>>>> + # define __STRTOF __strtold_l
>>>>> ++# define STRTOF_NAN __strtold_nan
>>>>> + #endif
>>>>> + #define MPN2FLOAT __mpn_construct_long_double
>>>>> + #define FLOAT_HUGE_VAL HUGE_VALL
>>>>> +-#define SET_MANTISSA(flt, mant) \
>>>>> +- do { union ieee854_long_double u;
>>> \
>>>>> +- u.d = (flt);
>>> \
>>>>> +- u.ieee_nan.mantissa0 = (mant) >> 32;
>>> \
>>>>> +- u.ieee_nan.mantissa1 = (mant);
>>> \
>>>>> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0)
>>> \
>>>>> +- (flt) = u.d;
>>> \
>>>>> +- } while (0)
>>>>> +
>>>>> + #include <stdlib/strtod_l.c>
>>>>> +Index: git/wcsmbs/Makefile
>>>>> +===================================================================
>>>>> +--- git.orig/wcsmbs/Makefile
>>>>> ++++ git/wcsmbs/Makefile
>>>>> +@@ -39,6 +39,7 @@ routines-$(OPTION_POSIX_C_LANG_WIDE_CHAR
>>>>> + wcstol wcstoul wcstoll wcstoull wcstod wcstold wcstof \
>>>>> + wcstol_l wcstoul_l wcstoll_l wcstoull_l \
>>>>> + wcstod_l wcstold_l wcstof_l \
>>>>> ++ wcstod_nan wcstold_nan wcstof_nan \
>>>>> + wcscoll wcsxfrm \
>>>>> + wcwidth wcswidth \
>>>>> + wcscoll_l wcsxfrm_l \
>>>>> +Index: git/wcsmbs/wcstod_l.c
>>>>> +===================================================================
>>>>> +--- git.orig/wcsmbs/wcstod_l.c
>>>>> ++++ git/wcsmbs/wcstod_l.c
>>>>> +@@ -23,9 +23,6 @@
>>>>> +
>>>>> + extern double ____wcstod_l_internal (const wchar_t *, wchar_t **, int,
>>>>> + __locale_t);
>>>>> +-extern unsigned long long int ____wcstoull_l_internal (const wchar_t
>>> *,
>>>>> +- wchar_t **, int,
>>> int,
>>>>> +- __locale_t);
>>>>> +
>>>>> + #define USE_WIDE_CHAR 1
>>>>> +
>>>>> +Index: git/wcsmbs/wcstod_nan.c
>>>>> +===================================================================
>>>>> +--- /dev/null
>>>>> ++++ git/wcsmbs/wcstod_nan.c
>>>>> +@@ -0,0 +1,23 @@
>>>>> ++/* Convert string for NaN payload to corresponding NaN. Wide
>>> strings, double.
>>>>> ++ Copyright (C) 2015 Free Software Foundation, Inc.
>>>>> ++ This file is part of the GNU C Library.
>>>>> ++
>>>>> ++ The GNU C Library is free software; you can redistribute it and/or
>>>>> ++ modify it under the terms of the GNU Lesser General Public
>>>>> ++ License as published by the Free Software Foundation; either
>>>>> ++ version 2.1 of the License, or (at your option) any later version.
>>>>> ++
>>>>> ++ The GNU C Library is distributed in the hope that it will be
>>> useful,
>>>>> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>>> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>>>>> ++ Lesser General Public License for more details.
>>>>> ++
>>>>> ++ You should have received a copy of the GNU Lesser General Public
>>>>> ++ License along with the GNU C Library; if not, see
>>>>> ++ <http://www.gnu.org/licenses/>. */
>>>>> ++
>>>>> ++#include "../stdlib/strtod_nan_wide.h"
>>>>> ++#include "../stdlib/strtod_nan_double.h"
>>>>> ++
>>>>> ++#define STRTOD_NAN __wcstod_nan
>>>>> ++#include "../stdlib/strtod_nan_main.c"
>>>>> +Index: git/wcsmbs/wcstof_l.c
>>>>> +===================================================================
>>>>> +--- git.orig/wcsmbs/wcstof_l.c
>>>>> ++++ git/wcsmbs/wcstof_l.c
>>>>> +@@ -25,8 +25,5 @@
>>>>> +
>>>>> + extern float ____wcstof_l_internal (const wchar_t *, wchar_t **, int,
>>>>> + __locale_t);
>>>>> +-extern unsigned long long int ____wcstoull_l_internal (const wchar_t
>>> *,
>>>>> +- wchar_t **, int,
>>> int,
>>>>> +- __locale_t);
>>>>> +
>>>>> + #include <stdlib/strtof_l.c>
>>>>> +Index: git/wcsmbs/wcstof_nan.c
>>>>> +===================================================================
>>>>> +--- /dev/null
>>>>> ++++ git/wcsmbs/wcstof_nan.c
>>>>> +@@ -0,0 +1,23 @@
>>>>> ++/* Convert string for NaN payload to corresponding NaN. Wide
>>> strings, float.
>>>>> ++ Copyright (C) 2015 Free Software Foundation, Inc.
>>>>> ++ This file is part of the GNU C Library.
>>>>> ++
>>>>> ++ The GNU C Library is free software; you can redistribute it and/or
>>>>> ++ modify it under the terms of the GNU Lesser General Public
>>>>> ++ License as published by the Free Software Foundation; either
>>>>> ++ version 2.1 of the License, or (at your option) any later version.
>>>>> ++
>>>>> ++ The GNU C Library is distributed in the hope that it will be
>>> useful,
>>>>> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>>> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>>>>> ++ Lesser General Public License for more details.
>>>>> ++
>>>>> ++ You should have received a copy of the GNU Lesser General Public
>>>>> ++ License along with the GNU C Library; if not, see
>>>>> ++ <http://www.gnu.org/licenses/>. */
>>>>> ++
>>>>> ++#include "../stdlib/strtod_nan_wide.h"
>>>>> ++#include "../stdlib/strtod_nan_float.h"
>>>>> ++
>>>>> ++#define STRTOD_NAN __wcstof_nan
>>>>> ++#include "../stdlib/strtod_nan_main.c"
>>>>> +Index: git/wcsmbs/wcstold_l.c
>>>>> +===================================================================
>>>>> +--- git.orig/wcsmbs/wcstold_l.c
>>>>> ++++ git/wcsmbs/wcstold_l.c
>>>>> +@@ -24,8 +24,5 @@
>>>>> +
>>>>> + extern long double ____wcstold_l_internal (const wchar_t *, wchar_t
>>> **, int,
>>>>> + __locale_t);
>>>>> +-extern unsigned long long int ____wcstoull_l_internal (const wchar_t
>>> *,
>>>>> +- wchar_t **, int,
>>> int,
>>>>> +- __locale_t);
>>>>> +
>>>>> + #include <strtold_l.c>
>>>>> +Index: git/wcsmbs/wcstold_nan.c
>>>>> +===================================================================
>>>>> +--- /dev/null
>>>>> ++++ git/wcsmbs/wcstold_nan.c
>>>>> +@@ -0,0 +1,30 @@
>>>>> ++/* Convert string for NaN payload to corresponding NaN. Wide strings,
>>>>> ++ long double.
>>>>> ++ Copyright (C) 2015 Free Software Foundation, Inc.
>>>>> ++ This file is part of the GNU C Library.
>>>>> ++
>>>>> ++ The GNU C Library is free software; you can redistribute it and/or
>>>>> ++ modify it under the terms of the GNU Lesser General Public
>>>>> ++ License as published by the Free Software Foundation; either
>>>>> ++ version 2.1 of the License, or (at your option) any later version.
>>>>> ++
>>>>> ++ The GNU C Library is distributed in the hope that it will be
>>> useful,
>>>>> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>>> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>>>>> ++ Lesser General Public License for more details.
>>>>> ++
>>>>> ++ You should have received a copy of the GNU Lesser General Public
>>>>> ++ License along with the GNU C Library; if not, see
>>>>> ++ <http://www.gnu.org/licenses/>. */
>>>>> ++
>>>>> ++#include <math.h>
>>>>> ++
>>>>> ++/* This function is unused if long double and double have the same
>>>>> ++ representation. */
>>>>> ++#ifndef __NO_LONG_DOUBLE_MATH
>>>>> ++# include "../stdlib/strtod_nan_wide.h"
>>>>> ++# include <strtod_nan_ldouble.h>
>>>>> ++
>>>>> ++# define STRTOD_NAN __wcstold_nan
>>>>> ++# include "../stdlib/strtod_nan_main.c"
>>>>> ++#endif
>>>>> +Index: git/ChangeLog
>>>>> +===================================================================
>>>>> +--- git.orig/ChangeLog
>>>>> ++++ git/ChangeLog
>>>>> +@@ -1,3 +1,57 @@
>>>>> ++2015-11-24 Joseph Myers <joseph@codesourcery.com>
>>>>> ++
>>>>> ++ * stdlib/strtod_nan.c: New file.
>>>>> ++ * stdlib/strtod_nan_double.h: Likewise.
>>>>> ++ * stdlib/strtod_nan_float.h: Likewise.
>>>>> ++ * stdlib/strtod_nan_main.c: Likewise.
>>>>> ++ * stdlib/strtod_nan_narrow.h: Likewise.
>>>>> ++ * stdlib/strtod_nan_wide.h: Likewise.
>>>>> ++ * stdlib/strtof_nan.c: Likewise.
>>>>> ++ * stdlib/strtold_nan.c: Likewise.
>>>>> ++ * sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h: Likewise.
>>>>> ++ * sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h: Likewise.
>>>>> ++ * sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h: Likewise.
>>>>> ++ * wcsmbs/wcstod_nan.c: Likewise.
>>>>> ++ * wcsmbs/wcstof_nan.c: Likewise.
>>>>> ++ * wcsmbs/wcstold_nan.c: Likewise.
>>>>> ++ * stdlib/Makefile (routines): Add strtof_nan, strtod_nan and
>>>>> ++ strtold_nan.
>>>>> ++ * wcsmbs/Makefile (routines): Add wcstod_nan, wcstold_nan and
>>>>> ++ wcstof_nan.
>>>>> ++ * include/stdlib.h (__strtof_nan): Declare and use
>>>>> ++ libc_hidden_proto.
>>>>> ++ (__strtod_nan): Likewise.
>>>>> ++ (__strtold_nan): Likewise.
>>>>> ++ (__wcstof_nan): Likewise.
>>>>> ++ (__wcstod_nan): Likewise.
>>>>> ++ (__wcstold_nan): Likewise.
>>>>> ++ * include/wchar.h (____wcstoull_l_internal): Declare.
>>>>> ++ * stdlib/strtod_l.c: Do not include <ieee754.h>.
>>>>> ++ (____strtoull_l_internal): Remove declaration.
>>>>> ++ (STRTOF_NAN): Define macro.
>>>>> ++ (SET_MANTISSA): Remove macro.
>>>>> ++ (STRTOULL): Likewise.
>>>>> ++ (____STRTOF_INTERNAL): Use STRTOF_NAN to parse NaN payload.
>>>>> ++ * stdlib/strtof_l.c (____strtoull_l_internal): Remove declaration.
>>>>> ++ (STRTOF_NAN): Define macro.
>>>>> ++ (SET_MANTISSA): Remove macro.
>>>>> ++ * sysdeps/ieee754/ldbl-128/strtold_l.c (STRTOF_NAN): Define macro.
>>>>> ++ (SET_MANTISSA): Remove macro.
>>>>> ++ * sysdeps/ieee754/ldbl-128ibm/strtold_l.c (STRTOF_NAN): Define
>>>>> ++ macro.
>>>>> ++ (SET_MANTISSA): Remove macro.
>>>>> ++ * sysdeps/ieee754/ldbl-64-128/strtold_l.c (STRTOF_NAN): Define
>>>>> ++ macro.
>>>>> ++ (SET_MANTISSA): Remove macro.
>>>>> ++ * sysdeps/ieee754/ldbl-96/strtold_l.c (STRTOF_NAN): Define macro.
>>>>> ++ (SET_MANTISSA): Remove macro.
>>>>> ++ * wcsmbs/wcstod_l.c (____wcstoull_l_internal): Remove declaration.
>>>>> ++ * wcsmbs/wcstof_l.c (____wcstoull_l_internal): Likewise.
>>>>> ++ * wcsmbs/wcstold_l.c (____wcstoull_l_internal): Likewise.
>>>>> ++
>>>>> ++ [BZ #19266]
>>>>> ++ * stdlib/strtod_l.c (____STRTOF_INTERNAL): Check directly for
>>>>> ++ upper case and lower case letters inside NAN(), not using TOLOWER.
>>>>> + 2015-08-08 Paul Pluzhnikov <ppluzhnikov@google.com>
>>>>> +
>>>>> + [BZ #17905]
>>>>> diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
>>> b/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
>>>>> new file mode 100644
>>>>> index 0000000..0df5e50
>>>>> --- /dev/null
>>>>> +++ b/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
>>>>> @@ -0,0 +1,388 @@
>>>>> +From 8f5e8b01a1da2a207228f2072c934fa5918554b8 Mon Sep 17 00:00:00 2001
>>>>> +From: Joseph Myers <joseph@codesourcery.com>
>>>>> +Date: Fri, 4 Dec 2015 20:36:28 +0000
>>>>> +Subject: [PATCH] Fix nan functions handling of payload strings (bug
>>> 16961, bug
>>>>> + 16962).
>>>>> +
>>>>> +The nan, nanf and nanl functions handle payload strings by doing e.g.:
>>>>> +
>>>>> + if (tagp[0] != '\0')
>>>>> + {
>>>>> + char buf[6 + strlen (tagp)];
>>>>> + sprintf (buf, "NAN(%s)", tagp);
>>>>> + return strtod (buf, NULL);
>>>>> + }
>>>>> +
>>>>> +This is an unbounded stack allocation based on the length of the
>>>>> +argument. Furthermore, if the argument starts with an n-char-sequence
>>>>> +followed by ')', that n-char-sequence is wrongly treated as
>>>>> +significant for determining the payload of the resulting NaN, when ISO
>>>>> +C says the call should be equivalent to strtod ("NAN", NULL), without
>>>>> +being affected by that initial n-char-sequence. This patch fixes both
>>>>> +those problems by using the __strtod_nan etc. functions recently
>>>>> +factored out of strtod etc. for that purpose, with those functions
>>>>> +being exported from libc at version GLIBC_PRIVATE.
>>>>> +
>>>>> +Tested for x86_64, x86, mips64 and powerpc.
>>>>> +
>>>>> + [BZ #16961]
>>>>> + [BZ #16962]
>>>>> + * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
>>>>> + string on the stack for strtod.
>>>>> + * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
>>>>> + a string on the stack for strtof.
>>>>> + * math/s_nanl.c (__nanl): Use __strtold_nan instead of
>>>>> + constructing a string on the stack for strtold.
>>>>> + * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
>>>>> + __strtold_nan to GLIBC_PRIVATE.
>>>>> + * math/test-nan-overflow.c: New file.
>>>>> + * math/test-nan-payload.c: Likewise.
>>>>> + * math/Makefile (tests): Add test-nan-overflow and
>>>>> + test-nan-payload.
>>>>> +
>>>>> +Upstream-Status: Backport
>>>>> +CVE: CVE-2015-9761 patch #2
>>>>> +[Yocto # 8980]
>>>>> +
>>>>> +
>>> https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f5e8b01a1da2a207228f2072c934fa5918554b8
>>>>> +
>>>>> +Signed-off-by: Armin Kuster <akuster@mvista.com>
>>>>> +
>>>>> +---
>>>>> + ChangeLog | 17 +++++++
>>>>> + NEWS | 6 +++
>>>>> + math/Makefile | 3 +-
>>>>> + math/s_nan.c | 9 +---
>>>>> + math/s_nanf.c | 9 +---
>>>>> + math/s_nanl.c | 9 +---
>>>>> + math/test-nan-overflow.c | 66 +++++++++++++++++++++++++
>>>>> + math/test-nan-payload.c | 122
>>> +++++++++++++++++++++++++++++++++++++++++++++++
>>>>> + stdlib/Versions | 1 +
>>>>> + 9 files changed, 217 insertions(+), 25 deletions(-)
>>>>> + create mode 100644 math/test-nan-overflow.c
>>>>> + create mode 100644 math/test-nan-payload.c
>>>>> +
>>>>> +Index: git/ChangeLog
>>>>> +===================================================================
>>>>> +--- git.orig/ChangeLog
>>>>> ++++ git/ChangeLog
>>>>> +@@ -1,3 +1,20 @@
>>>>> ++2015-12-04 Joseph Myers <joseph@codesourcery.com>
>>>>> ++
>>>>> ++ [BZ #16961]
>>>>> ++ [BZ #16962]
>>>>> ++ * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
>>>>> ++ string on the stack for strtod.
>>>>> ++ * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
>>>>> ++ a string on the stack for strtof.
>>>>> ++ * math/s_nanl.c (__nanl): Use __strtold_nan instead of
>>>>> ++ constructing a string on the stack for strtold.
>>>>> ++ * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
>>>>> ++ __strtold_nan to GLIBC_PRIVATE.
>>>>> ++ * math/test-nan-overflow.c: New file.
>>>>> ++ * math/test-nan-payload.c: Likewise.
>>>>> ++ * math/Makefile (tests): Add test-nan-overflow and
>>>>> ++ test-nan-payload.
>>>>> ++
>>>>> + 2015-11-24 Joseph Myers <joseph@codesourcery.com>
>>>>> +
>>>>> + * stdlib/strtod_nan.c: New file.
>>>>> +Index: git/NEWS
>>>>> +===================================================================
>>>>> +--- git.orig/NEWS
>>>>> ++++ git/NEWS
>>>>> +@@ -7,6 +7,12 @@ using `glibc' in the "product" field.
>>>>> +
>>>>> + Version 2.21
>>>>> +
>>>>> ++Security related changes:
>>>>> ++
>>>>> ++* The nan, nanf and nanl functions no longer have unbounded stack
>>> usage
>>>>> ++ depending on the length of the string passed as an argument to the
>>>>> ++ functions. Reported by Joseph Myers.
>>>>> ++
>>>>> + * The following bugs are resolved with this release:
>>>>> +
>>>>> + 6652, 10672, 12674, 12847, 12926, 13862, 14132, 14138, 14171, 14498,
>>>>> +Index: git/math/s_nan.c
>>>>> +===================================================================
>>>>> +--- git.orig/math/s_nan.c
>>>>> ++++ git/math/s_nan.c
>>>>> +@@ -28,14 +28,7 @@
>>>>> + double
>>>>> + __nan (const char *tagp)
>>>>> + {
>>>>> +- if (tagp[0] != '\0')
>>>>> +- {
>>>>> +- char buf[6 + strlen (tagp)];
>>>>> +- sprintf (buf, "NAN(%s)", tagp);
>>>>> +- return strtod (buf, NULL);
>>>>> +- }
>>>>> +-
>>>>> +- return NAN;
>>>>> ++ return __strtod_nan (tagp, NULL, 0);
>>>>> + }
>>>>> + weak_alias (__nan, nan)
>>>>> + #ifdef NO_LONG_DOUBLE
>>>>> +Index: git/math/s_nanf.c
>>>>> +===================================================================
>>>>> +--- git.orig/math/s_nanf.c
>>>>> ++++ git/math/s_nanf.c
>>>>> +@@ -28,13 +28,6 @@
>>>>> + float
>>>>> + __nanf (const char *tagp)
>>>>> + {
>>>>> +- if (tagp[0] != '\0')
>>>>> +- {
>>>>> +- char buf[6 + strlen (tagp)];
>>>>> +- sprintf (buf, "NAN(%s)", tagp);
>>>>> +- return strtof (buf, NULL);
>>>>> +- }
>>>>> +-
>>>>> +- return NAN;
>>>>> ++ return __strtof_nan (tagp, NULL, 0);
>>>>> + }
>>>>> + weak_alias (__nanf, nanf)
>>>>> +Index: git/math/s_nanl.c
>>>>> +===================================================================
>>>>> +--- git.orig/math/s_nanl.c
>>>>> ++++ git/math/s_nanl.c
>>>>> +@@ -28,13 +28,6 @@
>>>>> + long double
>>>>> + __nanl (const char *tagp)
>>>>> + {
>>>>> +- if (tagp[0] != '\0')
>>>>> +- {
>>>>> +- char buf[6 + strlen (tagp)];
>>>>> +- sprintf (buf, "NAN(%s)", tagp);
>>>>> +- return strtold (buf, NULL);
>>>>> +- }
>>>>> +-
>>>>> +- return NAN;
>>>>> ++ return __strtold_nan (tagp, NULL, 0);
>>>>> + }
>>>>> + weak_alias (__nanl, nanl)
>>>>> +Index: git/math/test-nan-overflow.c
>>>>> +===================================================================
>>>>> +--- /dev/null
>>>>> ++++ git/math/test-nan-overflow.c
>>>>> +@@ -0,0 +1,66 @@
>>>>> ++/* Test nan functions stack overflow (bug 16962).
>>>>> ++ Copyright (C) 2015 Free Software Foundation, Inc.
>>>>> ++ This file is part of the GNU C Library.
>>>>> ++
>>>>> ++ The GNU C Library is free software; you can redistribute it and/or
>>>>> ++ modify it under the terms of the GNU Lesser General Public
>>>>> ++ License as published by the Free Software Foundation; either
>>>>> ++ version 2.1 of the License, or (at your option) any later version.
>>>>> ++
>>>>> ++ The GNU C Library is distributed in the hope that it will be
>>> useful,
>>>>> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>>> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>>>>> ++ Lesser General Public License for more details.
>>>>> ++
>>>>> ++ You should have received a copy of the GNU Lesser General Public
>>>>> ++ License along with the GNU C Library; if not, see
>>>>> ++ <http://www.gnu.org/licenses/>. */
>>>>> ++
>>>>> ++#include <math.h>
>>>>> ++#include <stdio.h>
>>>>> ++#include <string.h>
>>>>> ++#include <sys/resource.h>
>>>>> ++
>>>>> ++#define STACK_LIM 1048576
>>>>> ++#define STRING_SIZE (2 * STACK_LIM)
>>>>> ++
>>>>> ++static int
>>>>> ++do_test (void)
>>>>> ++{
>>>>> ++ int result = 0;
>>>>> ++ struct rlimit lim;
>>>>> ++ getrlimit (RLIMIT_STACK, &lim);
>>>>> ++ lim.rlim_cur = STACK_LIM;
>>>>> ++ setrlimit (RLIMIT_STACK, &lim);
>>>>> ++ char *nanstr = malloc (STRING_SIZE);
>>>>> ++ if (nanstr == NULL)
>>>>> ++ {
>>>>> ++ puts ("malloc failed, cannot test");
>>>>> ++ return 77;
>>>>> ++ }
>>>>> ++ memset (nanstr, '0', STRING_SIZE - 1);
>>>>> ++ nanstr[STRING_SIZE - 1] = 0;
>>>>> ++#define NAN_TEST(TYPE, FUNC) \
>>>>> ++ do \
>>>>> ++ { \
>>>>> ++ char *volatile p = nanstr; \
>>>>> ++ volatile TYPE v = FUNC (p); \
>>>>> ++ if (isnan (v)) \
>>>>> ++ puts ("PASS: " #FUNC); \
>>>>> ++ else \
>>>>> ++ { \
>>>>> ++ puts ("FAIL: " #FUNC); \
>>>>> ++ result = 1; \
>>>>> ++ } \
>>>>> ++ } \
>>>>> ++ while (0)
>>>>> ++ NAN_TEST (float, nanf);
>>>>> ++ NAN_TEST (double, nan);
>>>>> ++#ifndef NO_LONG_DOUBLE
>>>>> ++ NAN_TEST (long double, nanl);
>>>>> ++#endif
>>>>> ++ return result;
>>>>> ++}
>>>>> ++
>>>>> ++#define TEST_FUNCTION do_test ()
>>>>> ++#include "../test-skeleton.c"
>>>>> +Index: git/math/test-nan-payload.c
>>>>> +===================================================================
>>>>> +--- /dev/null
>>>>> ++++ git/math/test-nan-payload.c
>>>>> +@@ -0,0 +1,122 @@
>>>>> ++/* Test nan functions payload handling (bug 16961).
>>>>> ++ Copyright (C) 2015 Free Software Foundation, Inc.
>>>>> ++ This file is part of the GNU C Library.
>>>>> ++
>>>>> ++ The GNU C Library is free software; you can redistribute it and/or
>>>>> ++ modify it under the terms of the GNU Lesser General Public
>>>>> ++ License as published by the Free Software Foundation; either
>>>>> ++ version 2.1 of the License, or (at your option) any later version.
>>>>> ++
>>>>> ++ The GNU C Library is distributed in the hope that it will be
>>> useful,
>>>>> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>>> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>>>>> ++ Lesser General Public License for more details.
>>>>> ++
>>>>> ++ You should have received a copy of the GNU Lesser General Public
>>>>> ++ License along with the GNU C Library; if not, see
>>>>> ++ <http://www.gnu.org/licenses/>. */
>>>>> ++
>>>>> ++#include <float.h>
>>>>> ++#include <math.h>
>>>>> ++#include <stdio.h>
>>>>> ++#include <stdlib.h>
>>>>> ++#include <string.h>
>>>>> ++
>>>>> ++/* Avoid built-in functions. */
>>>>> ++#define WRAP_NAN(FUNC, STR) \
>>>>> ++ ({ const char *volatile wns = (STR); FUNC (wns); })
>>>>> ++#define WRAP_STRTO(FUNC, STR) \
>>>>> ++ ({ const char *volatile wss = (STR); FUNC (wss, NULL); })
>>>>> ++
>>>>> ++#define CHECK_IS_NAN(TYPE, A) \
>>>>> ++ do \
>>>>> ++ { \
>>>>> ++ if (isnan (A)) \
>>>>> ++ puts ("PASS: " #TYPE " " #A); \
>>>>> ++ else \
>>>>> ++ { \
>>>>> ++ puts ("FAIL: " #TYPE " " #A); \
>>>>> ++ result = 1; \
>>>>> ++ } \
>>>>> ++ } \
>>>>> ++ while (0)
>>>>> ++
>>>>> ++#define CHECK_SAME_NAN(TYPE, A, B) \
>>>>> ++ do \
>>>>> ++ { \
>>>>> ++ if (memcmp (&(A), &(B), sizeof (A)) == 0) \
>>>>> ++ puts ("PASS: " #TYPE " " #A " = " #B); \
>>>>> ++ else \
>>>>> ++ { \
>>>>> ++ puts ("FAIL: " #TYPE " " #A " = " #B); \
>>>>> ++ result = 1; \
>>>>> ++ } \
>>>>> ++ } \
>>>>> ++ while (0)
>>>>> ++
>>>>> ++#define CHECK_DIFF_NAN(TYPE, A, B) \
>>>>> ++ do \
>>>>> ++ { \
>>>>> ++ if (memcmp (&(A), &(B), sizeof (A)) != 0) \
>>>>> ++ puts ("PASS: " #TYPE " " #A " != " #B); \
>>>>> ++ else \
>>>>> ++ { \
>>>>> ++ puts ("FAIL: " #TYPE " " #A " != " #B); \
>>>>> ++ result = 1; \
>>>>> ++ } \
>>>>> ++ } \
>>>>> ++ while (0)
>>>>> ++
>>>>> ++/* Cannot test payloads by memcmp for formats where NaNs have padding
>>>>> ++ bits. */
>>>>> ++#define CAN_TEST_EQ(MANT_DIG) ((MANT_DIG) != 64 && (MANT_DIG) != 106)
>>>>> ++
>>>>> ++#define RUN_TESTS(TYPE, SFUNC, FUNC, MANT_DIG) \
>>>>> ++ do \
>>>>> ++ { \
>>>>> ++ TYPE n123 = WRAP_NAN (FUNC, "123"); \
>>>>> ++ CHECK_IS_NAN (TYPE, n123); \
>>>>> ++ TYPE s123 = WRAP_STRTO (SFUNC, "NAN(123)"); \
>>>>> ++ CHECK_IS_NAN (TYPE, s123); \
>>>>> ++ TYPE n456 = WRAP_NAN (FUNC, "456"); \
>>>>> ++ CHECK_IS_NAN (TYPE, n456); \
>>>>> ++ TYPE s456 = WRAP_STRTO (SFUNC, "NAN(456)"); \
>>>>> ++ CHECK_IS_NAN (TYPE, s456); \
>>>>> ++ TYPE n123x = WRAP_NAN (FUNC, "123)"); \
>>>>> ++ CHECK_IS_NAN (TYPE, n123x); \
>>>>> ++ TYPE nemp = WRAP_NAN (FUNC, ""); \
>>>>> ++ CHECK_IS_NAN (TYPE, nemp); \
>>>>> ++ TYPE semp = WRAP_STRTO (SFUNC, "NAN()"); \
>>>>> ++ CHECK_IS_NAN (TYPE, semp); \
>>>>> ++ TYPE sx = WRAP_STRTO (SFUNC, "NAN"); \
>>>>> ++ CHECK_IS_NAN (TYPE, sx); \
>>>>> ++ if (CAN_TEST_EQ (MANT_DIG)) \
>>>>> ++ CHECK_SAME_NAN (TYPE, n123, s123); \
>>>>> ++ if (CAN_TEST_EQ (MANT_DIG)) \
>>>>> ++ CHECK_SAME_NAN (TYPE, n456, s456); \
>>>>> ++ if (CAN_TEST_EQ (MANT_DIG)) \
>>>>> ++ CHECK_SAME_NAN (TYPE, nemp, semp); \
>>>>> ++ if (CAN_TEST_EQ (MANT_DIG)) \
>>>>> ++ CHECK_SAME_NAN (TYPE, n123x, sx); \
>>>>> ++ CHECK_DIFF_NAN (TYPE, n123, n456); \
>>>>> ++ CHECK_DIFF_NAN (TYPE, n123, nemp); \
>>>>> ++ CHECK_DIFF_NAN (TYPE, n123, n123x); \
>>>>> ++ CHECK_DIFF_NAN (TYPE, n456, nemp); \
>>>>> ++ CHECK_DIFF_NAN (TYPE, n456, n123x); \
>>>>> ++ } \
>>>>> ++ while (0)
>>>>> ++
>>>>> ++static int
>>>>> ++do_test (void)
>>>>> ++{
>>>>> ++ int result = 0;
>>>>> ++ RUN_TESTS (float, strtof, nanf, FLT_MANT_DIG);
>>>>> ++ RUN_TESTS (double, strtod, nan, DBL_MANT_DIG);
>>>>> ++#ifndef NO_LONG_DOUBLE
>>>>> ++ RUN_TESTS (long double, strtold, nanl, LDBL_MANT_DIG);
>>>>> ++#endif
>>>>> ++ return result;
>>>>> ++}
>>>>> ++
>>>>> ++#define TEST_FUNCTION do_test ()
>>>>> ++#include "../test-skeleton.c"
>>>>> +Index: git/stdlib/Versions
>>>>> +===================================================================
>>>>> +--- git.orig/stdlib/Versions
>>>>> ++++ git/stdlib/Versions
>>>>> +@@ -118,5 +118,6 @@ libc {
>>>>> + # Used from other libraries
>>>>> + __libc_secure_getenv;
>>>>> + __call_tls_dtors;
>>>>> ++ __strtof_nan; __strtod_nan; __strtold_nan;
>>>>> + }
>>>>> + }
>>>>> +Index: git/math/Makefile
>>>>> +===================================================================
>>>>> +--- git.orig/math/Makefile
>>>>> ++++ git/math/Makefile
>>>>> +@@ -92,7 +92,9 @@ tests = test-matherr test-fenv atest-exp
>>>>> + test-misc test-fpucw test-fpucw-ieee tst-definitions test-tgmath \
>>>>> + test-tgmath-ret bug-nextafter bug-nexttoward bug-tgmath1 \
>>>>> + test-tgmath-int test-tgmath2 test-powl tst-CMPLX tst-CMPLX2
>>> test-snan \
>>>>> +- test-fenv-tls test-fenv-preserve test-fenv-return $(tests-static)
>>>>> ++ test-fenv-tls test-fenv-preserve test-fenv-return \
>>>>> ++ test-nan-overflow test-nan-payload \
>>>>> ++ $(tests-static)
>>>>> + tests-static = test-fpucw-static test-fpucw-ieee-static
>>>>> + # We do the `long double' tests only if this data type is available
>>> and
>>>>> + # distinct from `double'.
>>>>> diff --git a/meta/recipes-core/glibc/glibc_2.20.bb
>>> b/meta/recipes-core/glibc/glibc_2.20.bb
>>>>> index af568d9..d099d5d 100644
>>>>> --- a/meta/recipes-core/glibc/glibc_2.20.bb
>>>>> +++ b/meta/recipes-core/glibc/glibc_2.20.bb
>>>>> @@ -50,6 +50,8 @@ CVEPATCHES = "\
>>>>> file://CVE-2015-7547.patch \
>>>>> file://CVE-2015-8777.patch \
>>>>> file://CVE-2015-8779.patch \
>>>>> + file://CVE-2015-9761_1.patch \
>>>>> + file://CVE-2015-9761_2.patch \
>>>>> "
>>>>>
>>>>> LIC_FILES_CHKSUM =
>>> "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
>>>>> --
>>>>> 2.3.5
>>>>>
>>>>> --
>>>>> _______________________________________________
>>>>> Openembedded-core mailing list
>>>>> Openembedded-core@lists.openembedded.org
>>>>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>>>>
>>>
>
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2016-03-22 0:42 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-02-28 18:53 [dizzy][PATCH 1/4] glibc: CVE-2015-8777 Armin Kuster
2016-02-28 18:53 ` [dizzy][PATCH 2/4] glibc: CVE-2015-8779 Armin Kuster
2016-02-28 18:53 ` [dizzy][PATCH 3/4] glibc: CVE-2015-9761 Armin Kuster
2016-03-03 8:16 ` Martin Jansa
[not found] ` <56D89FF7.2050201@mvista.com>
2016-03-03 20:47 ` Martin Jansa
2016-03-11 13:58 ` Martin Jansa
2016-03-17 15:48 ` Martin Jansa
2016-03-22 0:42 ` akuster808
2016-02-28 18:53 ` [dizzy][PATCH 4/4] glibc: CVE-2015-8776 Armin Kuster
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.