From: Martin Jansa <martin.jansa@gmail.com>
To: "akuster@mvista" <akuster@mvista.com>
Cc: Patches and discussions about the oe-core layer
<openembedded-core@lists.openembedded.org>
Subject: Re: [dizzy][PATCH 3/4] glibc: CVE-2015-9761
Date: Thu, 17 Mar 2016 16:48:00 +0100 [thread overview]
Message-ID: <20160317154800.GE2553@jama> (raw)
In-Reply-To: <20160311135857.GB2555@jama>
[-- Attachment #1: Type: text/plain, Size: 78744 bytes --]
On Fri, Mar 11, 2016 at 02:58:57PM +0100, Martin Jansa wrote:
> On Thu, Mar 03, 2016 at 09:47:11PM +0100, Martin Jansa wrote:
> > I was asking you about the CVE number (but I realize it was already merged
> > in other branches with wrong number so maybe it will be less confusing use
> > the same in Dizzy)
> >
> > And "please merge" was informal
> > Acked-by: Martin Jansa <Martin.Jansa@gmail.com>
> >
> > after testing this series in our Dizzy based builds.
>
> Any ETA on getting these in dizzy branch?
>
> I know that everybody is busy with Mx release, I just need the ETA to
> decide if
> 1) we'll upgrade oe-core now with only the first security fix
> and upgrade again later when these are merged
> 2) we'll upgrade oe-core now with only the first security fix
> and backport other 4 fixes in our internal layer - and remove these
> backports in next oe-core upgrade when these are merged
> 3) we'll wait a bit more to get all 5 fixes in one oe-core upgrade
>
> I've already tested all 5 in our builds, only issue I've noticed
> is incorrect CVE number used in patches as reported.
ping
>
> > On Thu, Mar 3, 2016 at 9:35 PM, akuster@mvista <akuster@mvista.com> wrote:
> >
> > > On 3/3/16 12:16 AM, Martin Jansa wrote:
> > > > On Sun, Feb 28, 2016 at 10:53:34AM -0800, Armin Kuster wrote:
> > > >> From: Armin Kuster <akuster@mvista.com>
> > > >
> > > > I think this is 2014-9761 not 2015-9761
> > > >
> > > > But other than that please merge this series.
> > >
> > > Are you asking me? I don't have write perms.
> > >
> > > - armin
> > > >
> > > >> A stack overflow vulnerability was found in nan* functions that could
> > > cause
> > > >> applications which process long strings with the nan function to crash
> > > or,
> > > >> potentially, execute arbitrary code.
> > > >>
> > > >> (From OE-Core rev: fd3da8178c8c06b549dbc19ecec40e98ab934d49)
> > > >>
> > > >> Signed-off-by: Armin Kuster <akuster@mvista.com>
> > > >> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
> > > >> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > > >> Signed-off-by: Armin Kuster <akuster@mvista.com>
> > > >> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > > >> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> > > >> ---
> > > >> .../recipes-core/glibc/glibc/CVE-2015-9761_1.patch | 1039
> > > ++++++++++++++++++++
> > > >> .../recipes-core/glibc/glibc/CVE-2015-9761_2.patch | 388 ++++++++
> > > >> meta/recipes-core/glibc/glibc_2.20.bb | 2 +
> > > >> 3 files changed, 1429 insertions(+)
> > > >> create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
> > > >> create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
> > > >>
> > > >> diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
> > > b/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
> > > >> new file mode 100644
> > > >> index 0000000..3aca913
> > > >> --- /dev/null
> > > >> +++ b/meta/recipes-core/glibc/glibc/CVE-2015-9761_1.patch
> > > >> @@ -0,0 +1,1039 @@
> > > >> +From e02cabecf0d025ec4f4ddee290bdf7aadb873bb3 Mon Sep 17 00:00:00 2001
> > > >> +From: Joseph Myers <joseph@codesourcery.com>
> > > >> +Date: Tue, 24 Nov 2015 22:24:52 +0000
> > > >> +Subject: [PATCH] Refactor strtod parsing of NaN payloads.
> > > >> +
> > > >> +The nan* functions handle their string argument by constructing a
> > > >> +NAN(...) string on the stack as a VLA and passing it to strtod
> > > >> +functions.
> > > >> +
> > > >> +This approach has problems discussed in bug 16961 and bug 16962: the
> > > >> +stack usage is unbounded, and it gives incorrect results in certain
> > > >> +cases where the argument is not a valid n-char-sequence.
> > > >> +
> > > >> +The natural fix for both issues is to refactor the NaN payload parsing
> > > >> +out of strtod into a separate function that the nan* functions can
> > > >> +call directly, so that no temporary string needs constructing on the
> > > >> +stack at all. This patch does that refactoring in preparation for
> > > >> +fixing those bugs (but without actually using the new functions from
> > > >> +nan* - which will also require exporting them from libc at version
> > > >> +GLIBC_PRIVATE). This patch is not intended to change any user-visible
> > > >> +behavior, so no tests are added (fixes for the above bugs will of
> > > >> +course add tests for them).
> > > >> +
> > > >> +This patch builds on my recent fixes for strtol and strtod issues in
> > > >> +Turkish locales. Given those fixes, the parsing of NaN payloads is
> > > >> +locale-independent; thus, the new functions do not need to take a
> > > >> +locale_t argument.
> > > >> +
> > > >> +Tested for x86_64, x86, mips64 and powerpc.
> > > >> +
> > > >> + * stdlib/strtod_nan.c: New file.
> > > >> + * stdlib/strtod_nan_double.h: Likewise.
> > > >> + * stdlib/strtod_nan_float.h: Likewise.
> > > >> + * stdlib/strtod_nan_main.c: Likewise.
> > > >> + * stdlib/strtod_nan_narrow.h: Likewise.
> > > >> + * stdlib/strtod_nan_wide.h: Likewise.
> > > >> + * stdlib/strtof_nan.c: Likewise.
> > > >> + * stdlib/strtold_nan.c: Likewise.
> > > >> + * sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h: Likewise.
> > > >> + * sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h: Likewise.
> > > >> + * sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h: Likewise.
> > > >> + * wcsmbs/wcstod_nan.c: Likewise.
> > > >> + * wcsmbs/wcstof_nan.c: Likewise.
> > > >> + * wcsmbs/wcstold_nan.c: Likewise.
> > > >> + * stdlib/Makefile (routines): Add strtof_nan, strtod_nan and
> > > >> + strtold_nan.
> > > >> + * wcsmbs/Makefile (routines): Add wcstod_nan, wcstold_nan and
> > > >> + wcstof_nan.
> > > >> + * include/stdlib.h (__strtof_nan): Declare and use
> > > >> + libc_hidden_proto.
> > > >> + (__strtod_nan): Likewise.
> > > >> + (__strtold_nan): Likewise.
> > > >> + (__wcstof_nan): Likewise.
> > > >> + (__wcstod_nan): Likewise.
> > > >> + (__wcstold_nan): Likewise.
> > > >> + * include/wchar.h (____wcstoull_l_internal): Declare.
> > > >> + * stdlib/strtod_l.c: Do not include <ieee754.h>.
> > > >> + (____strtoull_l_internal): Remove declaration.
> > > >> + (STRTOF_NAN): Define macro.
> > > >> + (SET_MANTISSA): Remove macro.
> > > >> + (STRTOULL): Likewise.
> > > >> + (____STRTOF_INTERNAL): Use STRTOF_NAN to parse NaN payload.
> > > >> + * stdlib/strtof_l.c (____strtoull_l_internal): Remove declaration.
> > > >> + (STRTOF_NAN): Define macro.
> > > >> + (SET_MANTISSA): Remove macro.
> > > >> + * sysdeps/ieee754/ldbl-128/strtold_l.c (STRTOF_NAN): Define macro.
> > > >> + (SET_MANTISSA): Remove macro.
> > > >> + * sysdeps/ieee754/ldbl-128ibm/strtold_l.c (STRTOF_NAN): Define
> > > >> + macro.
> > > >> + (SET_MANTISSA): Remove macro.
> > > >> + * sysdeps/ieee754/ldbl-64-128/strtold_l.c (STRTOF_NAN): Define
> > > >> + macro.
> > > >> + (SET_MANTISSA): Remove macro.
> > > >> + * sysdeps/ieee754/ldbl-96/strtold_l.c (STRTOF_NAN): Define macro.
> > > >> + (SET_MANTISSA): Remove macro.
> > > >> + * wcsmbs/wcstod_l.c (____wcstoull_l_internal): Remove declaration.
> > > >> + * wcsmbs/wcstof_l.c (____wcstoull_l_internal): Likewise.
> > > >> + * wcsmbs/wcstold_l.c (____wcstoull_l_internal): Likewise.
> > > >> +
> > > >> +Upstream-Status: Backport
> > > >> +CVE: CVE-2015-9761 patch #1
> > > >> +[Yocto # 8980]
> > > >> +
> > > >> +
> > > https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02cabecf0d025ec4f4ddee290bdf7aadb873bb3
> > > >> +
> > > >> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> > > >> +
> > > >> +---
> > > >> + ChangeLog | 49
> > > ++++++++++++++++++
> > > >> + include/stdlib.h | 18 +++++++
> > > >> + include/wchar.h | 3 ++
> > > >> + stdlib/Makefile | 1 +
> > > >> + stdlib/strtod_l.c | 48
> > > ++++--------------
> > > >> + stdlib/strtod_nan.c | 24 +++++++++
> > > >> + stdlib/strtod_nan_double.h | 30 +++++++++++
> > > >> + stdlib/strtod_nan_float.h | 29 +++++++++++
> > > >> + stdlib/strtod_nan_main.c | 63
> > > ++++++++++++++++++++++++
> > > >> + stdlib/strtod_nan_narrow.h | 22 +++++++++
> > > >> + stdlib/strtod_nan_wide.h | 22 +++++++++
> > > >> + stdlib/strtof_l.c | 11 +----
> > > >> + stdlib/strtof_nan.c | 24 +++++++++
> > > >> + stdlib/strtold_nan.c | 30 +++++++++++
> > > >> + sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h | 33 +++++++++++++
> > > >> + sysdeps/ieee754/ldbl-128/strtold_l.c | 13 +----
> > > >> + sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h | 30 +++++++++++
> > > >> + sysdeps/ieee754/ldbl-128ibm/strtold_l.c | 10 +---
> > > >> + sysdeps/ieee754/ldbl-64-128/strtold_l.c | 13 +----
> > > >> + sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h | 30 +++++++++++
> > > >> + sysdeps/ieee754/ldbl-96/strtold_l.c | 10 +---
> > > >> + wcsmbs/Makefile | 1 +
> > > >> + wcsmbs/wcstod_l.c | 3 --
> > > >> + wcsmbs/wcstod_nan.c | 23 +++++++++
> > > >> + wcsmbs/wcstof_l.c | 3 --
> > > >> + wcsmbs/wcstof_nan.c | 23 +++++++++
> > > >> + wcsmbs/wcstold_l.c | 3 --
> > > >> + wcsmbs/wcstold_nan.c | 30 +++++++++++
> > > >> + 28 files changed, 504 insertions(+), 95 deletions(-)
> > > >> + create mode 100644 stdlib/strtod_nan.c
> > > >> + create mode 100644 stdlib/strtod_nan_double.h
> > > >> + create mode 100644 stdlib/strtod_nan_float.h
> > > >> + create mode 100644 stdlib/strtod_nan_main.c
> > > >> + create mode 100644 stdlib/strtod_nan_narrow.h
> > > >> + create mode 100644 stdlib/strtod_nan_wide.h
> > > >> + create mode 100644 stdlib/strtof_nan.c
> > > >> + create mode 100644 stdlib/strtold_nan.c
> > > >> + create mode 100644 sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
> > > >> + create mode 100644 sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
> > > >> + create mode 100644 sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
> > > >> + create mode 100644 wcsmbs/wcstod_nan.c
> > > >> + create mode 100644 wcsmbs/wcstof_nan.c
> > > >> + create mode 100644 wcsmbs/wcstold_nan.c
> > > >> +
> > > >> +Index: git/include/stdlib.h
> > > >> +===================================================================
> > > >> +--- git.orig/include/stdlib.h
> > > >> ++++ git/include/stdlib.h
> > > >> +@@ -203,6 +203,24 @@ libc_hidden_proto (strtoll)
> > > >> + libc_hidden_proto (strtoul)
> > > >> + libc_hidden_proto (strtoull)
> > > >> +
> > > >> ++extern float __strtof_nan (const char *, char **, char)
> > > internal_function;
> > > >> ++extern double __strtod_nan (const char *, char **, char)
> > > internal_function;
> > > >> ++extern long double __strtold_nan (const char *, char **, char)
> > > >> ++ internal_function;
> > > >> ++extern float __wcstof_nan (const wchar_t *, wchar_t **, wchar_t)
> > > >> ++ internal_function;
> > > >> ++extern double __wcstod_nan (const wchar_t *, wchar_t **, wchar_t)
> > > >> ++ internal_function;
> > > >> ++extern long double __wcstold_nan (const wchar_t *, wchar_t **,
> > > wchar_t)
> > > >> ++ internal_function;
> > > >> ++
> > > >> ++libc_hidden_proto (__strtof_nan)
> > > >> ++libc_hidden_proto (__strtod_nan)
> > > >> ++libc_hidden_proto (__strtold_nan)
> > > >> ++libc_hidden_proto (__wcstof_nan)
> > > >> ++libc_hidden_proto (__wcstod_nan)
> > > >> ++libc_hidden_proto (__wcstold_nan)
> > > >> ++
> > > >> + extern char *__ecvt (double __value, int __ndigit, int *__restrict
> > > __decpt,
> > > >> + int *__restrict __sign);
> > > >> + extern char *__fcvt (double __value, int __ndigit, int *__restrict
> > > __decpt,
> > > >> +Index: git/include/wchar.h
> > > >> +===================================================================
> > > >> +--- git.orig/include/wchar.h
> > > >> ++++ git/include/wchar.h
> > > >> +@@ -52,6 +52,9 @@ extern unsigned long long int __wcstoull
> > > >> + __restrict __endptr,
> > > >> + int __base,
> > > >> + int __group) __THROW;
> > > >> ++extern unsigned long long int ____wcstoull_l_internal (const wchar_t
> > > *,
> > > >> ++ wchar_t **, int,
> > > int,
> > > >> ++ __locale_t);
> > > >> + libc_hidden_proto (__wcstof_internal)
> > > >> + libc_hidden_proto (__wcstod_internal)
> > > >> + libc_hidden_proto (__wcstold_internal)
> > > >> +Index: git/stdlib/Makefile
> > > >> +===================================================================
> > > >> +--- git.orig/stdlib/Makefile
> > > >> ++++ git/stdlib/Makefile
> > > >> +@@ -51,6 +51,7 @@ routines-y :=
> > > \
> > > >> + strtol_l strtoul_l strtoll_l strtoull_l
> > > \
> > > >> + strtof strtod strtold
> > > \
> > > >> + strtof_l strtod_l strtold_l
> > > \
> > > >> ++ strtof_nan strtod_nan strtold_nan
> > > \
> > > >> + system canonicalize
> > > \
> > > >> + a64l l64a
> > > \
> > > >> + getsubopt xpg_basename
> > > \
> > > >> +Index: git/stdlib/strtod_l.c
> > > >> +===================================================================
> > > >> +--- git.orig/stdlib/strtod_l.c
> > > >> ++++ git/stdlib/strtod_l.c
> > > >> +@@ -21,8 +21,6 @@
> > > >> + #include <xlocale.h>
> > > >> +
> > > >> + extern double ____strtod_l_internal (const char *, char **, int,
> > > __locale_t);
> > > >> +-extern unsigned long long int ____strtoull_l_internal (const char *,
> > > char **,
> > > >> +- int, int,
> > > __locale_t);
> > > >> +
> > > >> + /* Configuration part. These macros are defined by `strtold.c',
> > > >> + `strtof.c', `wcstod.c', `wcstold.c', and `wcstof.c' to produce the
> > > >> +@@ -34,27 +32,20 @@ extern unsigned long long int ____strtou
> > > >> + # ifdef USE_WIDE_CHAR
> > > >> + # define STRTOF wcstod_l
> > > >> + # define __STRTOF __wcstod_l
> > > >> ++# define STRTOF_NAN __wcstod_nan
> > > >> + # else
> > > >> + # define STRTOF strtod_l
> > > >> + # define __STRTOF __strtod_l
> > > >> ++# define STRTOF_NAN __strtod_nan
> > > >> + # endif
> > > >> + # define MPN2FLOAT __mpn_construct_double
> > > >> + # define FLOAT_HUGE_VAL HUGE_VAL
> > > >> +-# define SET_MANTISSA(flt, mant) \
> > > >> +- do { union ieee754_double u;
> > > \
> > > >> +- u.d = (flt);
> > > \
> > > >> +- u.ieee_nan.mantissa0 = (mant) >> 32;
> > > \
> > > >> +- u.ieee_nan.mantissa1 = (mant);
> > > \
> > > >> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0)
> > > \
> > > >> +- (flt) = u.d;
> > > \
> > > >> +- } while (0)
> > > >> + #endif
> > > >> + /* End of configuration part. */
> > > >> +
> > > >> + #include <ctype.h>
> > > >> + #include <errno.h>
> > > >> + #include <float.h>
> > > >> +-#include <ieee754.h>
> > > >> + #include "../locale/localeinfo.h"
> > > >> + #include <locale.h>
> > > >> + #include <math.h>
> > > >> +@@ -105,7 +96,6 @@ extern unsigned long long int ____strtou
> > > >> + # define TOLOWER_C(Ch) __towlower_l ((Ch), _nl_C_locobj_ptr)
> > > >> + # define STRNCASECMP(S1, S2, N) \
> > > >> + __wcsncasecmp_l ((S1), (S2), (N), _nl_C_locobj_ptr)
> > > >> +-# define STRTOULL(S, E, B) ____wcstoull_l_internal ((S), (E), (B), 0,
> > > loc)
> > > >> + #else
> > > >> + # define STRING_TYPE char
> > > >> + # define CHAR_TYPE char
> > > >> +@@ -117,7 +107,6 @@ extern unsigned long long int ____strtou
> > > >> + # define TOLOWER_C(Ch) __tolower_l ((Ch), _nl_C_locobj_ptr)
> > > >> + # define STRNCASECMP(S1, S2, N) \
> > > >> + __strncasecmp_l ((S1), (S2), (N), _nl_C_locobj_ptr)
> > > >> +-# define STRTOULL(S, E, B) ____strtoull_l_internal ((S), (E), (B), 0,
> > > loc)
> > > >> + #endif
> > > >> +
> > > >> +
> > > >> +@@ -668,33 +657,14 @@ ____STRTOF_INTERNAL (nptr, endptr, group
> > > >> + if (*cp == L_('('))
> > > >> + {
> > > >> + const STRING_TYPE *startp = cp;
> > > >> +- do
> > > >> +- ++cp;
> > > >> +- while ((*cp >= L_('0') && *cp <= L_('9'))
> > > >> +- || ({ CHAR_TYPE lo = TOLOWER (*cp);
> > > >> +- lo >= L_('a') && lo <= L_('z'); })
> > > >> +- || *cp == L_('_'));
> > > >> +-
> > > >> +- if (*cp != L_(')'))
> > > >> +- /* The closing brace is missing. Only match the NAN
> > > >> +- part. */
> > > >> +- cp = startp;
> > > >> ++ STRING_TYPE *endp;
> > > >> ++ retval = STRTOF_NAN (cp + 1, &endp, L_(')'));
> > > >> ++ if (*endp == L_(')'))
> > > >> ++ /* Consume the closing parenthesis. */
> > > >> ++ cp = endp + 1;
> > > >> + else
> > > >> +- {
> > > >> +- /* This is a system-dependent way to specify the
> > > >> +- bitmask used for the NaN. We expect it to be
> > > >> +- a number which is put in the mantissa of the
> > > >> +- number. */
> > > >> +- STRING_TYPE *endp;
> > > >> +- unsigned long long int mant;
> > > >> +-
> > > >> +- mant = STRTOULL (startp + 1, &endp, 0);
> > > >> +- if (endp == cp)
> > > >> +- SET_MANTISSA (retval, mant);
> > > >> +-
> > > >> +- /* Consume the closing brace. */
> > > >> +- ++cp;
> > > >> +- }
> > > >> ++ /* Only match the NAN part. */
> > > >> ++ cp = startp;
> > > >> + }
> > > >> +
> > > >> + if (endptr != NULL)
> > > >> +Index: git/stdlib/strtod_nan.c
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/stdlib/strtod_nan.c
> > > >> +@@ -0,0 +1,24 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. Narrow
> > > >> ++ strings, double.
> > > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#include <strtod_nan_narrow.h>
> > > >> ++#include <strtod_nan_double.h>
> > > >> ++
> > > >> ++#define STRTOD_NAN __strtod_nan
> > > >> ++#include <strtod_nan_main.c>
> > > >> +Index: git/stdlib/strtod_nan_double.h
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/stdlib/strtod_nan_double.h
> > > >> +@@ -0,0 +1,30 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. For double.
> > > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#define FLOAT double
> > > >> ++#define SET_MANTISSA(flt, mant) \
> > > >> ++ do \
> > > >> ++ { \
> > > >> ++ union ieee754_double u; \
> > > >> ++ u.d = (flt); \
> > > >> ++ u.ieee_nan.mantissa0 = (mant) >> 32; \
> > > >> ++ u.ieee_nan.mantissa1 = (mant); \
> > > >> ++ if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
> > > >> ++ (flt) = u.d; \
> > > >> ++ } \
> > > >> ++ while (0)
> > > >> +Index: git/stdlib/strtod_nan_float.h
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/stdlib/strtod_nan_float.h
> > > >> +@@ -0,0 +1,29 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. For float.
> > > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#define FLOAT float
> > > >> ++#define SET_MANTISSA(flt, mant) \
> > > >> ++ do \
> > > >> ++ { \
> > > >> ++ union ieee754_float u; \
> > > >> ++ u.f = (flt); \
> > > >> ++ u.ieee_nan.mantissa = (mant); \
> > > >> ++ if (u.ieee.mantissa != 0) \
> > > >> ++ (flt) = u.f; \
> > > >> ++ } \
> > > >> ++ while (0)
> > > >> +Index: git/stdlib/strtod_nan_main.c
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/stdlib/strtod_nan_main.c
> > > >> +@@ -0,0 +1,63 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN.
> > > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#include <ieee754.h>
> > > >> ++#include <locale.h>
> > > >> ++#include <math.h>
> > > >> ++#include <stdlib.h>
> > > >> ++#include <wchar.h>
> > > >> ++
> > > >> ++
> > > >> ++/* If STR starts with an optional n-char-sequence as defined by ISO C
> > > >> ++ (a sequence of ASCII letters, digits and underscores), followed by
> > > >> ++ ENDC, return a NaN whose payload is set based on STR. Otherwise,
> > > >> ++ return a default NAN. If ENDPTR is not NULL, set *ENDPTR to point
> > > >> ++ to the character after the initial n-char-sequence. */
> > > >> ++
> > > >> ++internal_function
> > > >> ++FLOAT
> > > >> ++STRTOD_NAN (const STRING_TYPE *str, STRING_TYPE **endptr, STRING_TYPE
> > > endc)
> > > >> ++{
> > > >> ++ const STRING_TYPE *cp = str;
> > > >> ++
> > > >> ++ while ((*cp >= L_('0') && *cp <= L_('9'))
> > > >> ++ || (*cp >= L_('A') && *cp <= L_('Z'))
> > > >> ++ || (*cp >= L_('a') && *cp <= L_('z'))
> > > >> ++ || *cp == L_('_'))
> > > >> ++ ++cp;
> > > >> ++
> > > >> ++ FLOAT retval = NAN;
> > > >> ++ if (*cp != endc)
> > > >> ++ goto out;
> > > >> ++
> > > >> ++ /* This is a system-dependent way to specify the bitmask used for
> > > >> ++ the NaN. We expect it to be a number which is put in the
> > > >> ++ mantissa of the number. */
> > > >> ++ STRING_TYPE *endp;
> > > >> ++ unsigned long long int mant;
> > > >> ++
> > > >> ++ mant = STRTOULL (str, &endp, 0);
> > > >> ++ if (endp == cp)
> > > >> ++ SET_MANTISSA (retval, mant);
> > > >> ++
> > > >> ++ out:
> > > >> ++ if (endptr != NULL)
> > > >> ++ *endptr = (STRING_TYPE *) cp;
> > > >> ++ return retval;
> > > >> ++}
> > > >> ++libc_hidden_def (STRTOD_NAN)
> > > >> +Index: git/stdlib/strtod_nan_narrow.h
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/stdlib/strtod_nan_narrow.h
> > > >> +@@ -0,0 +1,22 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. Narrow
> > > strings.
> > > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#define STRING_TYPE char
> > > >> ++#define L_(Ch) Ch
> > > >> ++#define STRTOULL(S, E, B) ____strtoull_l_internal ((S), (E), (B), 0,
> > > \
> > > >> ++ _nl_C_locobj_ptr)
> > > >> +Index: git/stdlib/strtod_nan_wide.h
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/stdlib/strtod_nan_wide.h
> > > >> +@@ -0,0 +1,22 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. Wide strings.
> > > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#define STRING_TYPE wchar_t
> > > >> ++#define L_(Ch) L##Ch
> > > >> ++#define STRTOULL(S, E, B) ____wcstoull_l_internal ((S), (E), (B), 0,
> > > \
> > > >> ++ _nl_C_locobj_ptr)
> > > >> +Index: git/stdlib/strtof_l.c
> > > >> +===================================================================
> > > >> +--- git.orig/stdlib/strtof_l.c
> > > >> ++++ git/stdlib/strtof_l.c
> > > >> +@@ -20,26 +20,19 @@
> > > >> + #include <xlocale.h>
> > > >> +
> > > >> + extern float ____strtof_l_internal (const char *, char **, int,
> > > __locale_t);
> > > >> +-extern unsigned long long int ____strtoull_l_internal (const char *,
> > > char **,
> > > >> +- int, int,
> > > __locale_t);
> > > >> +
> > > >> + #define FLOAT float
> > > >> + #define FLT FLT
> > > >> + #ifdef USE_WIDE_CHAR
> > > >> + # define STRTOF wcstof_l
> > > >> + # define __STRTOF __wcstof_l
> > > >> ++# define STRTOF_NAN __wcstof_nan
> > > >> + #else
> > > >> + # define STRTOF strtof_l
> > > >> + # define __STRTOF __strtof_l
> > > >> ++# define STRTOF_NAN __strtof_nan
> > > >> + #endif
> > > >> + #define MPN2FLOAT __mpn_construct_float
> > > >> + #define FLOAT_HUGE_VAL HUGE_VALF
> > > >> +-#define SET_MANTISSA(flt, mant) \
> > > >> +- do { union ieee754_float u;
> > > \
> > > >> +- u.f = (flt);
> > > \
> > > >> +- u.ieee_nan.mantissa = (mant);
> > > \
> > > >> +- if (u.ieee.mantissa != 0)
> > > \
> > > >> +- (flt) = u.f;
> > > \
> > > >> +- } while (0)
> > > >> +
> > > >> + #include "strtod_l.c"
> > > >> +Index: git/stdlib/strtof_nan.c
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/stdlib/strtof_nan.c
> > > >> +@@ -0,0 +1,24 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. Narrow
> > > >> ++ strings, float.
> > > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#include <strtod_nan_narrow.h>
> > > >> ++#include <strtod_nan_float.h>
> > > >> ++
> > > >> ++#define STRTOD_NAN __strtof_nan
> > > >> ++#include <strtod_nan_main.c>
> > > >> +Index: git/stdlib/strtold_nan.c
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/stdlib/strtold_nan.c
> > > >> +@@ -0,0 +1,30 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. Narrow
> > > >> ++ strings, long double.
> > > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#include <math.h>
> > > >> ++
> > > >> ++/* This function is unused if long double and double have the same
> > > >> ++ representation. */
> > > >> ++#ifndef __NO_LONG_DOUBLE_MATH
> > > >> ++# include <strtod_nan_narrow.h>
> > > >> ++# include <strtod_nan_ldouble.h>
> > > >> ++
> > > >> ++# define STRTOD_NAN __strtold_nan
> > > >> ++# include <strtod_nan_main.c>
> > > >> ++#endif
> > > >> +Index: git/sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h
> > > >> +@@ -0,0 +1,33 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. For ldbl-128.
> > > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#define FLOAT long double
> > > >> ++#define SET_MANTISSA(flt, mant) \
> > > >> ++ do \
> > > >> ++ { \
> > > >> ++ union ieee854_long_double u; \
> > > >> ++ u.d = (flt); \
> > > >> ++ u.ieee_nan.mantissa0 = 0; \
> > > >> ++ u.ieee_nan.mantissa1 = 0; \
> > > >> ++ u.ieee_nan.mantissa2 = (mant) >> 32; \
> > > >> ++ u.ieee_nan.mantissa3 = (mant); \
> > > >> ++ if ((u.ieee.mantissa0 | u.ieee.mantissa1 \
> > > >> ++ | u.ieee.mantissa2 | u.ieee.mantissa3) != 0) \
> > > >> ++ (flt) = u.d; \
> > > >> ++ } \
> > > >> ++ while (0)
> > > >> +Index: git/sysdeps/ieee754/ldbl-128/strtold_l.c
> > > >> +===================================================================
> > > >> +--- git.orig/sysdeps/ieee754/ldbl-128/strtold_l.c
> > > >> ++++ git/sysdeps/ieee754/ldbl-128/strtold_l.c
> > > >> +@@ -25,22 +25,13 @@
> > > >> + #ifdef USE_WIDE_CHAR
> > > >> + # define STRTOF wcstold_l
> > > >> + # define __STRTOF __wcstold_l
> > > >> ++# define STRTOF_NAN __wcstold_nan
> > > >> + #else
> > > >> + # define STRTOF strtold_l
> > > >> + # define __STRTOF __strtold_l
> > > >> ++# define STRTOF_NAN __strtold_nan
> > > >> + #endif
> > > >> + #define MPN2FLOAT __mpn_construct_long_double
> > > >> + #define FLOAT_HUGE_VAL HUGE_VALL
> > > >> +-#define SET_MANTISSA(flt, mant) \
> > > >> +- do { union ieee854_long_double u;
> > > \
> > > >> +- u.d = (flt);
> > > \
> > > >> +- u.ieee_nan.mantissa0 = 0;
> > > \
> > > >> +- u.ieee_nan.mantissa1 = 0;
> > > \
> > > >> +- u.ieee_nan.mantissa2 = (mant) >> 32;
> > > \
> > > >> +- u.ieee_nan.mantissa3 = (mant);
> > > \
> > > >> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1
> > > \
> > > >> +- | u.ieee.mantissa2 | u.ieee.mantissa3) != 0)
> > > \
> > > >> +- (flt) = u.d;
> > > \
> > > >> +- } while (0)
> > > >> +
> > > >> + #include <strtod_l.c>
> > > >> +Index: git/sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h
> > > >> +@@ -0,0 +1,30 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. For
> > > ldbl-128ibm.
> > > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#define FLOAT long double
> > > >> ++#define SET_MANTISSA(flt, mant) \
> > > >> ++ do \
> > > >> ++ { \
> > > >> ++ union ibm_extended_long_double u; \
> > > >> ++ u.ld = (flt); \
> > > >> ++ u.d[0].ieee_nan.mantissa0 = (mant) >> 32; \
> > > >> ++ u.d[0].ieee_nan.mantissa1 = (mant); \
> > > >> ++ if ((u.d[0].ieee.mantissa0 | u.d[0].ieee.mantissa1) != 0) \
> > > >> ++ (flt) = u.ld; \
> > > >> ++ } \
> > > >> ++ while (0)
> > > >> +Index: git/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
> > > >> +===================================================================
> > > >> +--- git.orig/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
> > > >> ++++ git/sysdeps/ieee754/ldbl-128ibm/strtold_l.c
> > > >> +@@ -30,25 +30,19 @@ extern long double ____new_wcstold_l (co
> > > >> + # define STRTOF __new_wcstold_l
> > > >> + # define __STRTOF ____new_wcstold_l
> > > >> + # define ____STRTOF_INTERNAL ____wcstold_l_internal
> > > >> ++# define STRTOF_NAN __wcstold_nan
> > > >> + #else
> > > >> + extern long double ____new_strtold_l (const char *, char **,
> > > __locale_t);
> > > >> + # define STRTOF __new_strtold_l
> > > >> + # define __STRTOF ____new_strtold_l
> > > >> + # define ____STRTOF_INTERNAL ____strtold_l_internal
> > > >> ++# define STRTOF_NAN __strtold_nan
> > > >> + #endif
> > > >> + extern __typeof (__STRTOF) STRTOF;
> > > >> + libc_hidden_proto (__STRTOF)
> > > >> + libc_hidden_proto (STRTOF)
> > > >> + #define MPN2FLOAT __mpn_construct_long_double
> > > >> + #define FLOAT_HUGE_VAL HUGE_VALL
> > > >> +-# define SET_MANTISSA(flt, mant) \
> > > >> +- do { union ibm_extended_long_double u;
> > > \
> > > >> +- u.ld = (flt);
> > > \
> > > >> +- u.d[0].ieee_nan.mantissa0 = (mant) >> 32;
> > > \
> > > >> +- u.d[0].ieee_nan.mantissa1 = (mant);
> > > \
> > > >> +- if ((u.d[0].ieee.mantissa0 | u.d[0].ieee.mantissa1) != 0)
> > > \
> > > >> +- (flt) = u.ld;
> > > \
> > > >> +- } while (0)
> > > >> +
> > > >> + #include <strtod_l.c>
> > > >> +
> > > >> +Index: git/sysdeps/ieee754/ldbl-64-128/strtold_l.c
> > > >> +===================================================================
> > > >> +--- git.orig/sysdeps/ieee754/ldbl-64-128/strtold_l.c
> > > >> ++++ git/sysdeps/ieee754/ldbl-64-128/strtold_l.c
> > > >> +@@ -30,28 +30,19 @@ extern long double ____new_wcstold_l (co
> > > >> + # define STRTOF __new_wcstold_l
> > > >> + # define __STRTOF ____new_wcstold_l
> > > >> + # define ____STRTOF_INTERNAL ____wcstold_l_internal
> > > >> ++# define STRTOF_NAN __wcstold_nan
> > > >> + #else
> > > >> + extern long double ____new_strtold_l (const char *, char **,
> > > __locale_t);
> > > >> + # define STRTOF __new_strtold_l
> > > >> + # define __STRTOF ____new_strtold_l
> > > >> + # define ____STRTOF_INTERNAL ____strtold_l_internal
> > > >> ++# define STRTOF_NAN __strtold_nan
> > > >> + #endif
> > > >> + extern __typeof (__STRTOF) STRTOF;
> > > >> + libc_hidden_proto (__STRTOF)
> > > >> + libc_hidden_proto (STRTOF)
> > > >> + #define MPN2FLOAT __mpn_construct_long_double
> > > >> + #define FLOAT_HUGE_VAL HUGE_VALL
> > > >> +-#define SET_MANTISSA(flt, mant) \
> > > >> +- do { union ieee854_long_double u;
> > > \
> > > >> +- u.d = (flt);
> > > \
> > > >> +- u.ieee_nan.mantissa0 = 0;
> > > \
> > > >> +- u.ieee_nan.mantissa1 = 0;
> > > \
> > > >> +- u.ieee_nan.mantissa2 = (mant) >> 32;
> > > \
> > > >> +- u.ieee_nan.mantissa3 = (mant);
> > > \
> > > >> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1
> > > \
> > > >> +- | u.ieee.mantissa2 | u.ieee.mantissa3) != 0)
> > > \
> > > >> +- (flt) = u.d;
> > > \
> > > >> +- } while (0)
> > > >> +
> > > >> + #include <strtod_l.c>
> > > >> +
> > > >> +Index: git/sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h
> > > >> +@@ -0,0 +1,30 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. For ldbl-96.
> > > >> ++ Copyright (C) 1997-2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#define FLOAT long double
> > > >> ++#define SET_MANTISSA(flt, mant) \
> > > >> ++ do \
> > > >> ++ { \
> > > >> ++ union ieee854_long_double u; \
> > > >> ++ u.d = (flt); \
> > > >> ++ u.ieee_nan.mantissa0 = (mant) >> 32; \
> > > >> ++ u.ieee_nan.mantissa1 = (mant); \
> > > >> ++ if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0) \
> > > >> ++ (flt) = u.d; \
> > > >> ++ } \
> > > >> ++ while (0)
> > > >> +Index: git/sysdeps/ieee754/ldbl-96/strtold_l.c
> > > >> +===================================================================
> > > >> +--- git.orig/sysdeps/ieee754/ldbl-96/strtold_l.c
> > > >> ++++ git/sysdeps/ieee754/ldbl-96/strtold_l.c
> > > >> +@@ -25,19 +25,13 @@
> > > >> + #ifdef USE_WIDE_CHAR
> > > >> + # define STRTOF wcstold_l
> > > >> + # define __STRTOF __wcstold_l
> > > >> ++# define STRTOF_NAN __wcstold_nan
> > > >> + #else
> > > >> + # define STRTOF strtold_l
> > > >> + # define __STRTOF __strtold_l
> > > >> ++# define STRTOF_NAN __strtold_nan
> > > >> + #endif
> > > >> + #define MPN2FLOAT __mpn_construct_long_double
> > > >> + #define FLOAT_HUGE_VAL HUGE_VALL
> > > >> +-#define SET_MANTISSA(flt, mant) \
> > > >> +- do { union ieee854_long_double u;
> > > \
> > > >> +- u.d = (flt);
> > > \
> > > >> +- u.ieee_nan.mantissa0 = (mant) >> 32;
> > > \
> > > >> +- u.ieee_nan.mantissa1 = (mant);
> > > \
> > > >> +- if ((u.ieee.mantissa0 | u.ieee.mantissa1) != 0)
> > > \
> > > >> +- (flt) = u.d;
> > > \
> > > >> +- } while (0)
> > > >> +
> > > >> + #include <stdlib/strtod_l.c>
> > > >> +Index: git/wcsmbs/Makefile
> > > >> +===================================================================
> > > >> +--- git.orig/wcsmbs/Makefile
> > > >> ++++ git/wcsmbs/Makefile
> > > >> +@@ -39,6 +39,7 @@ routines-$(OPTION_POSIX_C_LANG_WIDE_CHAR
> > > >> + wcstol wcstoul wcstoll wcstoull wcstod wcstold wcstof \
> > > >> + wcstol_l wcstoul_l wcstoll_l wcstoull_l \
> > > >> + wcstod_l wcstold_l wcstof_l \
> > > >> ++ wcstod_nan wcstold_nan wcstof_nan \
> > > >> + wcscoll wcsxfrm \
> > > >> + wcwidth wcswidth \
> > > >> + wcscoll_l wcsxfrm_l \
> > > >> +Index: git/wcsmbs/wcstod_l.c
> > > >> +===================================================================
> > > >> +--- git.orig/wcsmbs/wcstod_l.c
> > > >> ++++ git/wcsmbs/wcstod_l.c
> > > >> +@@ -23,9 +23,6 @@
> > > >> +
> > > >> + extern double ____wcstod_l_internal (const wchar_t *, wchar_t **, int,
> > > >> + __locale_t);
> > > >> +-extern unsigned long long int ____wcstoull_l_internal (const wchar_t
> > > *,
> > > >> +- wchar_t **, int,
> > > int,
> > > >> +- __locale_t);
> > > >> +
> > > >> + #define USE_WIDE_CHAR 1
> > > >> +
> > > >> +Index: git/wcsmbs/wcstod_nan.c
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/wcsmbs/wcstod_nan.c
> > > >> +@@ -0,0 +1,23 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. Wide
> > > strings, double.
> > > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#include "../stdlib/strtod_nan_wide.h"
> > > >> ++#include "../stdlib/strtod_nan_double.h"
> > > >> ++
> > > >> ++#define STRTOD_NAN __wcstod_nan
> > > >> ++#include "../stdlib/strtod_nan_main.c"
> > > >> +Index: git/wcsmbs/wcstof_l.c
> > > >> +===================================================================
> > > >> +--- git.orig/wcsmbs/wcstof_l.c
> > > >> ++++ git/wcsmbs/wcstof_l.c
> > > >> +@@ -25,8 +25,5 @@
> > > >> +
> > > >> + extern float ____wcstof_l_internal (const wchar_t *, wchar_t **, int,
> > > >> + __locale_t);
> > > >> +-extern unsigned long long int ____wcstoull_l_internal (const wchar_t
> > > *,
> > > >> +- wchar_t **, int,
> > > int,
> > > >> +- __locale_t);
> > > >> +
> > > >> + #include <stdlib/strtof_l.c>
> > > >> +Index: git/wcsmbs/wcstof_nan.c
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/wcsmbs/wcstof_nan.c
> > > >> +@@ -0,0 +1,23 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. Wide
> > > strings, float.
> > > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#include "../stdlib/strtod_nan_wide.h"
> > > >> ++#include "../stdlib/strtod_nan_float.h"
> > > >> ++
> > > >> ++#define STRTOD_NAN __wcstof_nan
> > > >> ++#include "../stdlib/strtod_nan_main.c"
> > > >> +Index: git/wcsmbs/wcstold_l.c
> > > >> +===================================================================
> > > >> +--- git.orig/wcsmbs/wcstold_l.c
> > > >> ++++ git/wcsmbs/wcstold_l.c
> > > >> +@@ -24,8 +24,5 @@
> > > >> +
> > > >> + extern long double ____wcstold_l_internal (const wchar_t *, wchar_t
> > > **, int,
> > > >> + __locale_t);
> > > >> +-extern unsigned long long int ____wcstoull_l_internal (const wchar_t
> > > *,
> > > >> +- wchar_t **, int,
> > > int,
> > > >> +- __locale_t);
> > > >> +
> > > >> + #include <strtold_l.c>
> > > >> +Index: git/wcsmbs/wcstold_nan.c
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/wcsmbs/wcstold_nan.c
> > > >> +@@ -0,0 +1,30 @@
> > > >> ++/* Convert string for NaN payload to corresponding NaN. Wide strings,
> > > >> ++ long double.
> > > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#include <math.h>
> > > >> ++
> > > >> ++/* This function is unused if long double and double have the same
> > > >> ++ representation. */
> > > >> ++#ifndef __NO_LONG_DOUBLE_MATH
> > > >> ++# include "../stdlib/strtod_nan_wide.h"
> > > >> ++# include <strtod_nan_ldouble.h>
> > > >> ++
> > > >> ++# define STRTOD_NAN __wcstold_nan
> > > >> ++# include "../stdlib/strtod_nan_main.c"
> > > >> ++#endif
> > > >> +Index: git/ChangeLog
> > > >> +===================================================================
> > > >> +--- git.orig/ChangeLog
> > > >> ++++ git/ChangeLog
> > > >> +@@ -1,3 +1,57 @@
> > > >> ++2015-11-24 Joseph Myers <joseph@codesourcery.com>
> > > >> ++
> > > >> ++ * stdlib/strtod_nan.c: New file.
> > > >> ++ * stdlib/strtod_nan_double.h: Likewise.
> > > >> ++ * stdlib/strtod_nan_float.h: Likewise.
> > > >> ++ * stdlib/strtod_nan_main.c: Likewise.
> > > >> ++ * stdlib/strtod_nan_narrow.h: Likewise.
> > > >> ++ * stdlib/strtod_nan_wide.h: Likewise.
> > > >> ++ * stdlib/strtof_nan.c: Likewise.
> > > >> ++ * stdlib/strtold_nan.c: Likewise.
> > > >> ++ * sysdeps/ieee754/ldbl-128/strtod_nan_ldouble.h: Likewise.
> > > >> ++ * sysdeps/ieee754/ldbl-128ibm/strtod_nan_ldouble.h: Likewise.
> > > >> ++ * sysdeps/ieee754/ldbl-96/strtod_nan_ldouble.h: Likewise.
> > > >> ++ * wcsmbs/wcstod_nan.c: Likewise.
> > > >> ++ * wcsmbs/wcstof_nan.c: Likewise.
> > > >> ++ * wcsmbs/wcstold_nan.c: Likewise.
> > > >> ++ * stdlib/Makefile (routines): Add strtof_nan, strtod_nan and
> > > >> ++ strtold_nan.
> > > >> ++ * wcsmbs/Makefile (routines): Add wcstod_nan, wcstold_nan and
> > > >> ++ wcstof_nan.
> > > >> ++ * include/stdlib.h (__strtof_nan): Declare and use
> > > >> ++ libc_hidden_proto.
> > > >> ++ (__strtod_nan): Likewise.
> > > >> ++ (__strtold_nan): Likewise.
> > > >> ++ (__wcstof_nan): Likewise.
> > > >> ++ (__wcstod_nan): Likewise.
> > > >> ++ (__wcstold_nan): Likewise.
> > > >> ++ * include/wchar.h (____wcstoull_l_internal): Declare.
> > > >> ++ * stdlib/strtod_l.c: Do not include <ieee754.h>.
> > > >> ++ (____strtoull_l_internal): Remove declaration.
> > > >> ++ (STRTOF_NAN): Define macro.
> > > >> ++ (SET_MANTISSA): Remove macro.
> > > >> ++ (STRTOULL): Likewise.
> > > >> ++ (____STRTOF_INTERNAL): Use STRTOF_NAN to parse NaN payload.
> > > >> ++ * stdlib/strtof_l.c (____strtoull_l_internal): Remove declaration.
> > > >> ++ (STRTOF_NAN): Define macro.
> > > >> ++ (SET_MANTISSA): Remove macro.
> > > >> ++ * sysdeps/ieee754/ldbl-128/strtold_l.c (STRTOF_NAN): Define macro.
> > > >> ++ (SET_MANTISSA): Remove macro.
> > > >> ++ * sysdeps/ieee754/ldbl-128ibm/strtold_l.c (STRTOF_NAN): Define
> > > >> ++ macro.
> > > >> ++ (SET_MANTISSA): Remove macro.
> > > >> ++ * sysdeps/ieee754/ldbl-64-128/strtold_l.c (STRTOF_NAN): Define
> > > >> ++ macro.
> > > >> ++ (SET_MANTISSA): Remove macro.
> > > >> ++ * sysdeps/ieee754/ldbl-96/strtold_l.c (STRTOF_NAN): Define macro.
> > > >> ++ (SET_MANTISSA): Remove macro.
> > > >> ++ * wcsmbs/wcstod_l.c (____wcstoull_l_internal): Remove declaration.
> > > >> ++ * wcsmbs/wcstof_l.c (____wcstoull_l_internal): Likewise.
> > > >> ++ * wcsmbs/wcstold_l.c (____wcstoull_l_internal): Likewise.
> > > >> ++
> > > >> ++ [BZ #19266]
> > > >> ++ * stdlib/strtod_l.c (____STRTOF_INTERNAL): Check directly for
> > > >> ++ upper case and lower case letters inside NAN(), not using TOLOWER.
> > > >> + 2015-08-08 Paul Pluzhnikov <ppluzhnikov@google.com>
> > > >> +
> > > >> + [BZ #17905]
> > > >> diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
> > > b/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
> > > >> new file mode 100644
> > > >> index 0000000..0df5e50
> > > >> --- /dev/null
> > > >> +++ b/meta/recipes-core/glibc/glibc/CVE-2015-9761_2.patch
> > > >> @@ -0,0 +1,388 @@
> > > >> +From 8f5e8b01a1da2a207228f2072c934fa5918554b8 Mon Sep 17 00:00:00 2001
> > > >> +From: Joseph Myers <joseph@codesourcery.com>
> > > >> +Date: Fri, 4 Dec 2015 20:36:28 +0000
> > > >> +Subject: [PATCH] Fix nan functions handling of payload strings (bug
> > > 16961, bug
> > > >> + 16962).
> > > >> +
> > > >> +The nan, nanf and nanl functions handle payload strings by doing e.g.:
> > > >> +
> > > >> + if (tagp[0] != '\0')
> > > >> + {
> > > >> + char buf[6 + strlen (tagp)];
> > > >> + sprintf (buf, "NAN(%s)", tagp);
> > > >> + return strtod (buf, NULL);
> > > >> + }
> > > >> +
> > > >> +This is an unbounded stack allocation based on the length of the
> > > >> +argument. Furthermore, if the argument starts with an n-char-sequence
> > > >> +followed by ')', that n-char-sequence is wrongly treated as
> > > >> +significant for determining the payload of the resulting NaN, when ISO
> > > >> +C says the call should be equivalent to strtod ("NAN", NULL), without
> > > >> +being affected by that initial n-char-sequence. This patch fixes both
> > > >> +those problems by using the __strtod_nan etc. functions recently
> > > >> +factored out of strtod etc. for that purpose, with those functions
> > > >> +being exported from libc at version GLIBC_PRIVATE.
> > > >> +
> > > >> +Tested for x86_64, x86, mips64 and powerpc.
> > > >> +
> > > >> + [BZ #16961]
> > > >> + [BZ #16962]
> > > >> + * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
> > > >> + string on the stack for strtod.
> > > >> + * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
> > > >> + a string on the stack for strtof.
> > > >> + * math/s_nanl.c (__nanl): Use __strtold_nan instead of
> > > >> + constructing a string on the stack for strtold.
> > > >> + * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
> > > >> + __strtold_nan to GLIBC_PRIVATE.
> > > >> + * math/test-nan-overflow.c: New file.
> > > >> + * math/test-nan-payload.c: Likewise.
> > > >> + * math/Makefile (tests): Add test-nan-overflow and
> > > >> + test-nan-payload.
> > > >> +
> > > >> +Upstream-Status: Backport
> > > >> +CVE: CVE-2015-9761 patch #2
> > > >> +[Yocto # 8980]
> > > >> +
> > > >> +
> > > https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f5e8b01a1da2a207228f2072c934fa5918554b8
> > > >> +
> > > >> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> > > >> +
> > > >> +---
> > > >> + ChangeLog | 17 +++++++
> > > >> + NEWS | 6 +++
> > > >> + math/Makefile | 3 +-
> > > >> + math/s_nan.c | 9 +---
> > > >> + math/s_nanf.c | 9 +---
> > > >> + math/s_nanl.c | 9 +---
> > > >> + math/test-nan-overflow.c | 66 +++++++++++++++++++++++++
> > > >> + math/test-nan-payload.c | 122
> > > +++++++++++++++++++++++++++++++++++++++++++++++
> > > >> + stdlib/Versions | 1 +
> > > >> + 9 files changed, 217 insertions(+), 25 deletions(-)
> > > >> + create mode 100644 math/test-nan-overflow.c
> > > >> + create mode 100644 math/test-nan-payload.c
> > > >> +
> > > >> +Index: git/ChangeLog
> > > >> +===================================================================
> > > >> +--- git.orig/ChangeLog
> > > >> ++++ git/ChangeLog
> > > >> +@@ -1,3 +1,20 @@
> > > >> ++2015-12-04 Joseph Myers <joseph@codesourcery.com>
> > > >> ++
> > > >> ++ [BZ #16961]
> > > >> ++ [BZ #16962]
> > > >> ++ * math/s_nan.c (__nan): Use __strtod_nan instead of constructing a
> > > >> ++ string on the stack for strtod.
> > > >> ++ * math/s_nanf.c (__nanf): Use __strtof_nan instead of constructing
> > > >> ++ a string on the stack for strtof.
> > > >> ++ * math/s_nanl.c (__nanl): Use __strtold_nan instead of
> > > >> ++ constructing a string on the stack for strtold.
> > > >> ++ * stdlib/Versions (libc): Add __strtof_nan, __strtod_nan and
> > > >> ++ __strtold_nan to GLIBC_PRIVATE.
> > > >> ++ * math/test-nan-overflow.c: New file.
> > > >> ++ * math/test-nan-payload.c: Likewise.
> > > >> ++ * math/Makefile (tests): Add test-nan-overflow and
> > > >> ++ test-nan-payload.
> > > >> ++
> > > >> + 2015-11-24 Joseph Myers <joseph@codesourcery.com>
> > > >> +
> > > >> + * stdlib/strtod_nan.c: New file.
> > > >> +Index: git/NEWS
> > > >> +===================================================================
> > > >> +--- git.orig/NEWS
> > > >> ++++ git/NEWS
> > > >> +@@ -7,6 +7,12 @@ using `glibc' in the "product" field.
> > > >> +
> > > >> + Version 2.21
> > > >> +
> > > >> ++Security related changes:
> > > >> ++
> > > >> ++* The nan, nanf and nanl functions no longer have unbounded stack
> > > usage
> > > >> ++ depending on the length of the string passed as an argument to the
> > > >> ++ functions. Reported by Joseph Myers.
> > > >> ++
> > > >> + * The following bugs are resolved with this release:
> > > >> +
> > > >> + 6652, 10672, 12674, 12847, 12926, 13862, 14132, 14138, 14171, 14498,
> > > >> +Index: git/math/s_nan.c
> > > >> +===================================================================
> > > >> +--- git.orig/math/s_nan.c
> > > >> ++++ git/math/s_nan.c
> > > >> +@@ -28,14 +28,7 @@
> > > >> + double
> > > >> + __nan (const char *tagp)
> > > >> + {
> > > >> +- if (tagp[0] != '\0')
> > > >> +- {
> > > >> +- char buf[6 + strlen (tagp)];
> > > >> +- sprintf (buf, "NAN(%s)", tagp);
> > > >> +- return strtod (buf, NULL);
> > > >> +- }
> > > >> +-
> > > >> +- return NAN;
> > > >> ++ return __strtod_nan (tagp, NULL, 0);
> > > >> + }
> > > >> + weak_alias (__nan, nan)
> > > >> + #ifdef NO_LONG_DOUBLE
> > > >> +Index: git/math/s_nanf.c
> > > >> +===================================================================
> > > >> +--- git.orig/math/s_nanf.c
> > > >> ++++ git/math/s_nanf.c
> > > >> +@@ -28,13 +28,6 @@
> > > >> + float
> > > >> + __nanf (const char *tagp)
> > > >> + {
> > > >> +- if (tagp[0] != '\0')
> > > >> +- {
> > > >> +- char buf[6 + strlen (tagp)];
> > > >> +- sprintf (buf, "NAN(%s)", tagp);
> > > >> +- return strtof (buf, NULL);
> > > >> +- }
> > > >> +-
> > > >> +- return NAN;
> > > >> ++ return __strtof_nan (tagp, NULL, 0);
> > > >> + }
> > > >> + weak_alias (__nanf, nanf)
> > > >> +Index: git/math/s_nanl.c
> > > >> +===================================================================
> > > >> +--- git.orig/math/s_nanl.c
> > > >> ++++ git/math/s_nanl.c
> > > >> +@@ -28,13 +28,6 @@
> > > >> + long double
> > > >> + __nanl (const char *tagp)
> > > >> + {
> > > >> +- if (tagp[0] != '\0')
> > > >> +- {
> > > >> +- char buf[6 + strlen (tagp)];
> > > >> +- sprintf (buf, "NAN(%s)", tagp);
> > > >> +- return strtold (buf, NULL);
> > > >> +- }
> > > >> +-
> > > >> +- return NAN;
> > > >> ++ return __strtold_nan (tagp, NULL, 0);
> > > >> + }
> > > >> + weak_alias (__nanl, nanl)
> > > >> +Index: git/math/test-nan-overflow.c
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/math/test-nan-overflow.c
> > > >> +@@ -0,0 +1,66 @@
> > > >> ++/* Test nan functions stack overflow (bug 16962).
> > > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#include <math.h>
> > > >> ++#include <stdio.h>
> > > >> ++#include <string.h>
> > > >> ++#include <sys/resource.h>
> > > >> ++
> > > >> ++#define STACK_LIM 1048576
> > > >> ++#define STRING_SIZE (2 * STACK_LIM)
> > > >> ++
> > > >> ++static int
> > > >> ++do_test (void)
> > > >> ++{
> > > >> ++ int result = 0;
> > > >> ++ struct rlimit lim;
> > > >> ++ getrlimit (RLIMIT_STACK, &lim);
> > > >> ++ lim.rlim_cur = STACK_LIM;
> > > >> ++ setrlimit (RLIMIT_STACK, &lim);
> > > >> ++ char *nanstr = malloc (STRING_SIZE);
> > > >> ++ if (nanstr == NULL)
> > > >> ++ {
> > > >> ++ puts ("malloc failed, cannot test");
> > > >> ++ return 77;
> > > >> ++ }
> > > >> ++ memset (nanstr, '0', STRING_SIZE - 1);
> > > >> ++ nanstr[STRING_SIZE - 1] = 0;
> > > >> ++#define NAN_TEST(TYPE, FUNC) \
> > > >> ++ do \
> > > >> ++ { \
> > > >> ++ char *volatile p = nanstr; \
> > > >> ++ volatile TYPE v = FUNC (p); \
> > > >> ++ if (isnan (v)) \
> > > >> ++ puts ("PASS: " #FUNC); \
> > > >> ++ else \
> > > >> ++ { \
> > > >> ++ puts ("FAIL: " #FUNC); \
> > > >> ++ result = 1; \
> > > >> ++ } \
> > > >> ++ } \
> > > >> ++ while (0)
> > > >> ++ NAN_TEST (float, nanf);
> > > >> ++ NAN_TEST (double, nan);
> > > >> ++#ifndef NO_LONG_DOUBLE
> > > >> ++ NAN_TEST (long double, nanl);
> > > >> ++#endif
> > > >> ++ return result;
> > > >> ++}
> > > >> ++
> > > >> ++#define TEST_FUNCTION do_test ()
> > > >> ++#include "../test-skeleton.c"
> > > >> +Index: git/math/test-nan-payload.c
> > > >> +===================================================================
> > > >> +--- /dev/null
> > > >> ++++ git/math/test-nan-payload.c
> > > >> +@@ -0,0 +1,122 @@
> > > >> ++/* Test nan functions payload handling (bug 16961).
> > > >> ++ Copyright (C) 2015 Free Software Foundation, Inc.
> > > >> ++ This file is part of the GNU C Library.
> > > >> ++
> > > >> ++ The GNU C Library is free software; you can redistribute it and/or
> > > >> ++ modify it under the terms of the GNU Lesser General Public
> > > >> ++ License as published by the Free Software Foundation; either
> > > >> ++ version 2.1 of the License, or (at your option) any later version.
> > > >> ++
> > > >> ++ The GNU C Library is distributed in the hope that it will be
> > > useful,
> > > >> ++ but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > >> ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > >> ++ Lesser General Public License for more details.
> > > >> ++
> > > >> ++ You should have received a copy of the GNU Lesser General Public
> > > >> ++ License along with the GNU C Library; if not, see
> > > >> ++ <http://www.gnu.org/licenses/>. */
> > > >> ++
> > > >> ++#include <float.h>
> > > >> ++#include <math.h>
> > > >> ++#include <stdio.h>
> > > >> ++#include <stdlib.h>
> > > >> ++#include <string.h>
> > > >> ++
> > > >> ++/* Avoid built-in functions. */
> > > >> ++#define WRAP_NAN(FUNC, STR) \
> > > >> ++ ({ const char *volatile wns = (STR); FUNC (wns); })
> > > >> ++#define WRAP_STRTO(FUNC, STR) \
> > > >> ++ ({ const char *volatile wss = (STR); FUNC (wss, NULL); })
> > > >> ++
> > > >> ++#define CHECK_IS_NAN(TYPE, A) \
> > > >> ++ do \
> > > >> ++ { \
> > > >> ++ if (isnan (A)) \
> > > >> ++ puts ("PASS: " #TYPE " " #A); \
> > > >> ++ else \
> > > >> ++ { \
> > > >> ++ puts ("FAIL: " #TYPE " " #A); \
> > > >> ++ result = 1; \
> > > >> ++ } \
> > > >> ++ } \
> > > >> ++ while (0)
> > > >> ++
> > > >> ++#define CHECK_SAME_NAN(TYPE, A, B) \
> > > >> ++ do \
> > > >> ++ { \
> > > >> ++ if (memcmp (&(A), &(B), sizeof (A)) == 0) \
> > > >> ++ puts ("PASS: " #TYPE " " #A " = " #B); \
> > > >> ++ else \
> > > >> ++ { \
> > > >> ++ puts ("FAIL: " #TYPE " " #A " = " #B); \
> > > >> ++ result = 1; \
> > > >> ++ } \
> > > >> ++ } \
> > > >> ++ while (0)
> > > >> ++
> > > >> ++#define CHECK_DIFF_NAN(TYPE, A, B) \
> > > >> ++ do \
> > > >> ++ { \
> > > >> ++ if (memcmp (&(A), &(B), sizeof (A)) != 0) \
> > > >> ++ puts ("PASS: " #TYPE " " #A " != " #B); \
> > > >> ++ else \
> > > >> ++ { \
> > > >> ++ puts ("FAIL: " #TYPE " " #A " != " #B); \
> > > >> ++ result = 1; \
> > > >> ++ } \
> > > >> ++ } \
> > > >> ++ while (0)
> > > >> ++
> > > >> ++/* Cannot test payloads by memcmp for formats where NaNs have padding
> > > >> ++ bits. */
> > > >> ++#define CAN_TEST_EQ(MANT_DIG) ((MANT_DIG) != 64 && (MANT_DIG) != 106)
> > > >> ++
> > > >> ++#define RUN_TESTS(TYPE, SFUNC, FUNC, MANT_DIG) \
> > > >> ++ do \
> > > >> ++ { \
> > > >> ++ TYPE n123 = WRAP_NAN (FUNC, "123"); \
> > > >> ++ CHECK_IS_NAN (TYPE, n123); \
> > > >> ++ TYPE s123 = WRAP_STRTO (SFUNC, "NAN(123)"); \
> > > >> ++ CHECK_IS_NAN (TYPE, s123); \
> > > >> ++ TYPE n456 = WRAP_NAN (FUNC, "456"); \
> > > >> ++ CHECK_IS_NAN (TYPE, n456); \
> > > >> ++ TYPE s456 = WRAP_STRTO (SFUNC, "NAN(456)"); \
> > > >> ++ CHECK_IS_NAN (TYPE, s456); \
> > > >> ++ TYPE n123x = WRAP_NAN (FUNC, "123)"); \
> > > >> ++ CHECK_IS_NAN (TYPE, n123x); \
> > > >> ++ TYPE nemp = WRAP_NAN (FUNC, ""); \
> > > >> ++ CHECK_IS_NAN (TYPE, nemp); \
> > > >> ++ TYPE semp = WRAP_STRTO (SFUNC, "NAN()"); \
> > > >> ++ CHECK_IS_NAN (TYPE, semp); \
> > > >> ++ TYPE sx = WRAP_STRTO (SFUNC, "NAN"); \
> > > >> ++ CHECK_IS_NAN (TYPE, sx); \
> > > >> ++ if (CAN_TEST_EQ (MANT_DIG)) \
> > > >> ++ CHECK_SAME_NAN (TYPE, n123, s123); \
> > > >> ++ if (CAN_TEST_EQ (MANT_DIG)) \
> > > >> ++ CHECK_SAME_NAN (TYPE, n456, s456); \
> > > >> ++ if (CAN_TEST_EQ (MANT_DIG)) \
> > > >> ++ CHECK_SAME_NAN (TYPE, nemp, semp); \
> > > >> ++ if (CAN_TEST_EQ (MANT_DIG)) \
> > > >> ++ CHECK_SAME_NAN (TYPE, n123x, sx); \
> > > >> ++ CHECK_DIFF_NAN (TYPE, n123, n456); \
> > > >> ++ CHECK_DIFF_NAN (TYPE, n123, nemp); \
> > > >> ++ CHECK_DIFF_NAN (TYPE, n123, n123x); \
> > > >> ++ CHECK_DIFF_NAN (TYPE, n456, nemp); \
> > > >> ++ CHECK_DIFF_NAN (TYPE, n456, n123x); \
> > > >> ++ } \
> > > >> ++ while (0)
> > > >> ++
> > > >> ++static int
> > > >> ++do_test (void)
> > > >> ++{
> > > >> ++ int result = 0;
> > > >> ++ RUN_TESTS (float, strtof, nanf, FLT_MANT_DIG);
> > > >> ++ RUN_TESTS (double, strtod, nan, DBL_MANT_DIG);
> > > >> ++#ifndef NO_LONG_DOUBLE
> > > >> ++ RUN_TESTS (long double, strtold, nanl, LDBL_MANT_DIG);
> > > >> ++#endif
> > > >> ++ return result;
> > > >> ++}
> > > >> ++
> > > >> ++#define TEST_FUNCTION do_test ()
> > > >> ++#include "../test-skeleton.c"
> > > >> +Index: git/stdlib/Versions
> > > >> +===================================================================
> > > >> +--- git.orig/stdlib/Versions
> > > >> ++++ git/stdlib/Versions
> > > >> +@@ -118,5 +118,6 @@ libc {
> > > >> + # Used from other libraries
> > > >> + __libc_secure_getenv;
> > > >> + __call_tls_dtors;
> > > >> ++ __strtof_nan; __strtod_nan; __strtold_nan;
> > > >> + }
> > > >> + }
> > > >> +Index: git/math/Makefile
> > > >> +===================================================================
> > > >> +--- git.orig/math/Makefile
> > > >> ++++ git/math/Makefile
> > > >> +@@ -92,7 +92,9 @@ tests = test-matherr test-fenv atest-exp
> > > >> + test-misc test-fpucw test-fpucw-ieee tst-definitions test-tgmath \
> > > >> + test-tgmath-ret bug-nextafter bug-nexttoward bug-tgmath1 \
> > > >> + test-tgmath-int test-tgmath2 test-powl tst-CMPLX tst-CMPLX2
> > > test-snan \
> > > >> +- test-fenv-tls test-fenv-preserve test-fenv-return $(tests-static)
> > > >> ++ test-fenv-tls test-fenv-preserve test-fenv-return \
> > > >> ++ test-nan-overflow test-nan-payload \
> > > >> ++ $(tests-static)
> > > >> + tests-static = test-fpucw-static test-fpucw-ieee-static
> > > >> + # We do the `long double' tests only if this data type is available
> > > and
> > > >> + # distinct from `double'.
> > > >> diff --git a/meta/recipes-core/glibc/glibc_2.20.bb
> > > b/meta/recipes-core/glibc/glibc_2.20.bb
> > > >> index af568d9..d099d5d 100644
> > > >> --- a/meta/recipes-core/glibc/glibc_2.20.bb
> > > >> +++ b/meta/recipes-core/glibc/glibc_2.20.bb
> > > >> @@ -50,6 +50,8 @@ CVEPATCHES = "\
> > > >> file://CVE-2015-7547.patch \
> > > >> file://CVE-2015-8777.patch \
> > > >> file://CVE-2015-8779.patch \
> > > >> + file://CVE-2015-9761_1.patch \
> > > >> + file://CVE-2015-9761_2.patch \
> > > >> "
> > > >>
> > > >> LIC_FILES_CHKSUM =
> > > "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
> > > >> --
> > > >> 2.3.5
> > > >>
> > > >> --
> > > >> _______________________________________________
> > > >> Openembedded-core mailing list
> > > >> Openembedded-core@lists.openembedded.org
> > > >> http://lists.openembedded.org/mailman/listinfo/openembedded-core
> > > >
> > >
>
> --
> Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com
--
Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 188 bytes --]
next prev parent reply other threads:[~2016-03-17 15:44 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-28 18:53 [dizzy][PATCH 1/4] glibc: CVE-2015-8777 Armin Kuster
2016-02-28 18:53 ` [dizzy][PATCH 2/4] glibc: CVE-2015-8779 Armin Kuster
2016-02-28 18:53 ` [dizzy][PATCH 3/4] glibc: CVE-2015-9761 Armin Kuster
2016-03-03 8:16 ` Martin Jansa
[not found] ` <56D89FF7.2050201@mvista.com>
2016-03-03 20:47 ` Martin Jansa
2016-03-11 13:58 ` Martin Jansa
2016-03-17 15:48 ` Martin Jansa [this message]
2016-03-22 0:42 ` akuster808
2016-02-28 18:53 ` [dizzy][PATCH 4/4] glibc: CVE-2015-8776 Armin Kuster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160317154800.GE2553@jama \
--to=martin.jansa@gmail.com \
--cc=akuster@mvista.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.