aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKai Kang <kai.kang@windriver.com>2019-04-10 01:56:06 -0400
committerJoe MacDonald <joe@deserted.net>2019-04-14 17:29:57 -0400
commitc0186953ac0396d415477b2c709decded5df4e32 (patch)
treecfa6ff532ef33ff40b44ad11ec7783d66e498172
parentfb5d3d86b5461694e144bfb1e9445d069cbb74a0 (diff)
downloadmeta-selinux-c0186953ac0396d415477b2c709decded5df4e32.tar.gz
meta-selinux-c0186953ac0396d415477b2c709decded5df4e32.tar.bz2
meta-selinux-c0186953ac0396d415477b2c709decded5df4e32.zip
setools: fix build failure with gcc 7
Backport patch from setools upstream to fix build failure with GCC 7 due to possible truncation of snprintf output. It could be reproduced on 64 bit bsps such as qemux86-64 and qemumips64 with configs: SELECTED_OPTIMIZATION = "${DEBUG_OPTIMIZATION}" DEBUG_BUILD = "1" Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
-rw-r--r--recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch90
1 files changed, 74 insertions, 16 deletions
diff --git a/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch b/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch
index d0faba8..a5af041 100644
--- a/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch
+++ b/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch
@@ -1,6 +1,10 @@
-From 790d7a538f515d27d2390f1ef56c9871b107a346 Mon Sep 17 00:00:00 2001
-From: Steve Langasek <steve.langasek@canonical.com>
-Date: Sun, 27 Aug 2017 21:28:40 -0700
+Upstream-Status: Backport [https://github.com/TresysTechnology/setools/commit/e41adf0]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From e41adf01647c695b80b112b337e76021bb9f30c3 Mon Sep 17 00:00:00 2001
+From: Laurent Bigonville <bigon@bigon.be>
+Date: Tue, 26 Sep 2017 15:15:30 +0200
Subject: [PATCH] Fix build failure with GCC 7 due to possible truncation of
snprintf output
@@ -15,33 +19,87 @@ libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 429496
snprintf(buff, 9, "@ttr%04zd", i + 1);
^~~~~~~~~~~
-Exceeding 10,000 attributes is necessarily going to result in collisions
-inserting into the hash table given this naming scheme, and we already error
-out on the first collision; but there will be holes since types are not
-handled the same as attributes. Short of making backwards-incompatible
-changes to the entry names, this is probably the best way to fix this build
-failure while reducing the chances of a hash collision in the unlikely event
-that the hashtable is (nearly) full.
+Increase the size of the buffer to avoid collisions
Closes: https://github.com/TresysTechnology/setools/issues/174
-Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+Signed-off-by: Laurent Bigonville <bigon@bigon.be>
---
- libqpol/policy_extend.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ libqpol/policy_extend.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/libqpol/policy_extend.c b/libqpol/policy_extend.c
-index 742819b..70e8f7c 100644
+index 742819b..739e184 100644
--- a/libqpol/policy_extend.c
+++ b/libqpol/policy_extend.c
+@@ -110,7 +110,7 @@ static int qpol_policy_remove_bogus_aliases(qpol_policy_t * policy)
+ * Builds data for the attributes and inserts them into the policydb.
+ * This function modifies the policydb. Names created for attributes
+ * are of the form @ttr<value> where value is the value of the attribute
+- * as a four digit number (prepended with 0's as needed).
++ * as a ten digit number (prepended with 0's as needed).
+ * @param policy The policy from which to read the attribute map and
+ * create the type data for the attributes. This policy will be altered
+ * by this function.
+@@ -125,7 +125,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy)
+ uint32_t bit = 0, count = 0;
+ ebitmap_node_t *node = NULL;
+ type_datum_t *tmp_type = NULL, *orig_type;
+- char *tmp_name = NULL, buff[10];
++ char *tmp_name = NULL, buff[16];
+ int error = 0, retv;
+
+ INFO(policy, "%s", "Generating attributes for policy. (Step 4 of 5)");
+@@ -137,7 +137,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy)
+
+ db = &policy->p->p;
+
+- memset(&buff, 0, 10 * sizeof(char));
++ memset(&buff, 0, 16 * sizeof(char));
+
+ for (i = 0; i < db->p_types.nprim; i++) {
+ /* skip types */
@@ -158,7 +158,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy)
* with this attribute */
/* Does not exist */
if (db->p_type_val_to_name[i] == NULL){
- snprintf(buff, 9, "@ttr%04zd", i + 1);
-+ snprintf(buff, 9, "@ttr%04zd", (i + 1) % 10000);
++ snprintf(buff, 15, "@ttr%010zd", i + 1);
tmp_name = strdup(buff);
if (!tmp_name) {
error = errno;
+@@ -240,7 +240,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy)
+ * Builds data for empty attributes and inserts them into the policydb.
+ * This function modifies the policydb. Names created for the attributes
+ * are of the form @ttr<value> where value is the value of the attribute
+- * as a four digit number (prepended with 0's as needed).
++ * as a ten digit number (prepended with 0's as needed).
+ * @param policy The policy to which to add type data for attributes.
+ * This policy will be altered by this function.
+ * @return Returns 0 on success and < 0 on failure; if the call fails,
+@@ -251,7 +251,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy)
+ static int qpol_policy_fill_attr_holes(qpol_policy_t * policy)
+ {
+ policydb_t *db = NULL;
+- char *tmp_name = NULL, buff[10];
++ char *tmp_name = NULL, buff[16];
+ int error = 0, retv = 0;
+ ebitmap_t tmp_bmap = { NULL, 0 };
+ type_datum_t *tmp_type = NULL;
+@@ -265,12 +265,12 @@ static int qpol_policy_fill_attr_holes(qpol_policy_t * policy)
+
+ db = &policy->p->p;
+
+- memset(&buff, 0, 10 * sizeof(char));
++ memset(&buff, 0, 16 * sizeof(char));
+
+ for (i = 0; i < db->p_types.nprim; i++) {
+ if (db->type_val_to_struct[i])
+ continue;
+- snprintf(buff, 9, "@ttr%04zd", i + 1);
++ snprintf(buff, 15, "@ttr%010zd", i + 1);
+ tmp_name = strdup(buff);
+ if (!tmp_name) {
+ error = errno;
--
-1.8.3.1
+2.20.1