Ubuntu
glibc package

Bug #1906250
Comment #8

Comment 8 for bug 1906250

Revision history for this message

bugproxy (bugproxy) wrote on 2020-12-17: Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2020-12-17 09:42 EDT-------
The build of the cross-packages is not finished yet:
https://launchpad.net/ubuntu/+source/cross-toolchain-base/43ubuntu3.1
See "Builds"
Focal: (Icon: currently building) amd64

But I had a look into glibc 2.31-0ubuntu9.2 source package
and recognized Florians patch:
debian/ubuntu/git-elf-Add-endianness-markup-to-ld.so.cache-bug-27008.patch

But compared to upstream, elf/dl-cache.c:_dl_load_cache_lookup():
if (file != MAP_FAILED && cachesize > sizeof *cache_new
&& memcmp (file, CACHEMAGIC_VERSION_NEW,
sizeof CACHEMAGIC_VERSION_NEW - 1) == 0)
### Missing the "Check for corruption, avoiding overflow." here. ###
{
if (! cache_file_new_matches_endian (file))
{

This check was introduced in a different patch. See my former comment:
On glibc upstream > glibc-2.31 && < glibc-2.32,
there is the following commit which adds a further check for corruption, avoiding overflow:
"ld.so: Check for new cache format first and enhance corruption check"
https://sourceware.org/git/?p=glibc.git;a=commit;h=e221c512c74ec42fd47b71de2981a475b38110a4

Ubuntuglibc package

Comment 8 for bug 1906250

Ubuntu
glibc package