From 60830a8ad3d62d7620fa7b56e00ba0fa764f33b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=99=88=E5=AD=90=E6=89=AC?= Date: Fri, 29 Jul 2022 07:25:33 +0000 Subject: [PATCH] backport patches from upstream --- ...ck-for-invalid-varargs-arguments-707.patch | 197 ++++++++++++++++++ ...uble-jump-table-slot-size-for-CET-71.patch | 54 +++++ libffi.spec | 13 +- 3 files changed, 262 insertions(+), 2 deletions(-) create mode 100644 backport-Fix-check-for-invalid-varargs-arguments-707.patch create mode 100644 backport-x86-64-Always-double-jump-table-slot-size-for-CET-71.patch diff --git a/backport-Fix-check-for-invalid-varargs-arguments-707.patch b/backport-Fix-check-for-invalid-varargs-arguments-707.patch new file mode 100644 index 0000000..56769dc --- /dev/null +++ b/backport-Fix-check-for-invalid-varargs-arguments-707.patch @@ -0,0 +1,197 @@ +From de95947ae5db07e4589bb16bab30b6c8ba2b3106 Mon Sep 17 00:00:00 2001 +From: Roland Schatz +Date: Tue, 24 May 2022 03:04:43 +0200 +Subject: [PATCH] Fix check for invalid varargs arguments. (#707) + +Conflict:NA +Reference:https://github.com/libffi/libffi/commit/de95947ae5db07e4589bb16bab30b6c8ba2b3106 +--- + src/prep_cif.c | 3 +- + testsuite/libffi.call/va_3.c | 154 +++++++++++++++++++++++++++++++++++ + 2 files changed, 156 insertions(+), 1 deletion(-) + create mode 100644 testsuite/libffi.call/va_3.c + +diff --git a/src/prep_cif.c b/src/prep_cif.c +index c1832b1..2d0f252 100644 +--- a/src/prep_cif.c ++++ b/src/prep_cif.c +@@ -1,6 +1,7 @@ + /* ----------------------------------------------------------------------- + prep_cif.c - Copyright (c) 2011, 2012, 2021 Anthony Green + Copyright (c) 1996, 1998, 2007 Red Hat, Inc. ++ Copyright (c) 2022 Oracle and/or its affiliates. + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the +@@ -240,7 +241,7 @@ ffi_status ffi_prep_cif_var(ffi_cif *cif, + if (rc != FFI_OK) + return rc; + +- for (i = 1; i < ntotalargs; i++) ++ for (i = nfixedargs; i < ntotalargs; i++) + { + ffi_type *arg_type = atypes[i]; + if (arg_type == &ffi_type_float +diff --git a/testsuite/libffi.call/va_3.c b/testsuite/libffi.call/va_3.c +new file mode 100644 +index 0000000..b3e73b5 +--- /dev/null ++++ b/testsuite/libffi.call/va_3.c +@@ -0,0 +1,154 @@ ++/* Area: ffi_call ++ Purpose: Test function with multiple fixed args and variable argument list. ++ Limitations: none. ++ PR: none. ++ Originator: ARM Ltd., Oracle */ ++ ++/* { dg-do run } */ ++/* { dg-output "" { xfail avr32*-*-* m68k-*-* } } */ ++ ++#include "ffitest.h" ++#include ++ ++/* ++ * This is a modified version of va_2.c that has fixed arguments with "small" types that ++ * are not allowed as variable arguments, but they should be still allowed as fixed args. ++ */ ++ ++static int ++test_fn (char a1, float a2, int n, ...) ++{ ++ va_list ap; ++ unsigned char uc; ++ signed char sc; ++ unsigned short us; ++ signed short ss; ++ unsigned int ui; ++ signed int si; ++ unsigned long ul; ++ signed long sl; ++ float f; ++ double d; ++ ++ va_start (ap, n); ++ ++ uc = va_arg (ap, unsigned); ++ sc = va_arg (ap, signed); ++ ++ us = va_arg (ap, unsigned); ++ ss = va_arg (ap, signed); ++ ++ ui = va_arg (ap, unsigned int); ++ si = va_arg (ap, signed int); ++ ++ ul = va_arg (ap, unsigned long); ++ sl = va_arg (ap, signed long); ++ ++ f = va_arg (ap, double); /* C standard promotes float->double ++ when anonymous */ ++ d = va_arg (ap, double); ++ ++ printf ("%d %f uc=%u sc=%d %u %d %u %d %lu %ld %f %f\n", ++ a1, a2, ++ uc, sc, ++ us, ss, ++ ui, si, ++ ul, sl, ++ f, d); ++ ++ va_end (ap); ++ ++ CHECK(a1 == 1); ++ CHECK((int)a2 == 2); ++ CHECK(uc == 9); ++ CHECK(sc == 10); ++ CHECK(us == 11); ++ CHECK(ss == 12); ++ CHECK(ui == 13); ++ CHECK(si == 14); ++ CHECK(ul == 15); ++ CHECK(sl == 16); ++ CHECK((int)f == 2); ++ CHECK((int)d == 3); ++ ++ return n + 1; ++} ++ ++int ++main (void) ++{ ++ ffi_cif cif; ++ void* args[14]; ++ ffi_type* arg_types[14]; ++ ++ char a1; ++ float a2; ++ int n; ++ ffi_arg res; ++ ++ unsigned int uc; ++ signed int sc; ++ unsigned int us; ++ signed int ss; ++ unsigned int ui; ++ signed int si; ++ unsigned long ul; ++ signed long sl; ++ double d1; ++ double f1; ++ ++ arg_types[0] = &ffi_type_schar; ++ arg_types[1] = &ffi_type_float; ++ arg_types[2] = &ffi_type_sint; ++ arg_types[3] = &ffi_type_uint; ++ arg_types[4] = &ffi_type_sint; ++ arg_types[5] = &ffi_type_uint; ++ arg_types[6] = &ffi_type_sint; ++ arg_types[7] = &ffi_type_uint; ++ arg_types[8] = &ffi_type_sint; ++ arg_types[9] = &ffi_type_ulong; ++ arg_types[10] = &ffi_type_slong; ++ arg_types[11] = &ffi_type_double; ++ arg_types[12] = &ffi_type_double; ++ arg_types[13] = NULL; ++ ++ CHECK(ffi_prep_cif_var(&cif, FFI_DEFAULT_ABI, 3, 13, &ffi_type_sint, arg_types) == FFI_OK); ++ ++ a1 = 1; ++ a2 = 2.0f; ++ n = 41; ++ ++ uc = 9; ++ sc = 10; ++ us = 11; ++ ss = 12; ++ ui = 13; ++ si = 14; ++ ul = 15; ++ sl = 16; ++ f1 = 2.12; ++ d1 = 3.13; ++ ++ args[0] = &a1; ++ args[1] = &a2; ++ args[2] = &n; ++ args[3] = &uc; ++ args[4] = ≻ ++ args[5] = &us; ++ args[6] = &ss; ++ args[7] = &ui; ++ args[8] = &si; ++ args[9] = &ul; ++ args[10] = &sl; ++ args[11] = &f1; ++ args[12] = &d1; ++ args[13] = NULL; ++ ++ ffi_call(&cif, FFI_FN(test_fn), &res, args); ++ /* { dg-output "1 2.000000 uc=9 sc=10 11 12 13 14 15 16 2.120000 3.130000" } */ ++ printf("res: %d\n", (int) res); ++ /* { dg-output "\nres: 42" } */ ++ CHECK(res == 42); ++ ++ return 0; ++} +-- +2.23.0 + \ No newline at end of file diff --git a/backport-x86-64-Always-double-jump-table-slot-size-for-CET-71.patch b/backport-x86-64-Always-double-jump-table-slot-size-for-CET-71.patch new file mode 100644 index 0000000..14b08cd --- /dev/null +++ b/backport-x86-64-Always-double-jump-table-slot-size-for-CET-71.patch @@ -0,0 +1,54 @@ +From 3ac265d5c0e038e324bae29131dbc4bacb4935ea Mon Sep 17 00:00:00 2001 +From: hjl-tools +Date: Sun, 15 May 2022 18:43:56 -0700 +Subject: [PATCH] x86-64: Always double jump table slot size for CET (#710) + (#711) + +When CET is enabled, double jump table slot size to add 4 bytes of ENDBR64 +for CET. Since CET enabled clang doesn't have the LLVM assembler bug: + +https://bugs.llvm.org/show_bug.cgi?id=21501 + +fixed by + +commit 04d39260d64e08b8bfb3844109ad43d4055b2e8d +Author: Rafael Espindola +Date: Wed Nov 4 23:50:29 2015 +0000 + + Simplify .org processing and make it a bit more powerful. + +we can use .org to allocate jump table slot size to 16 bytes. + +Conflict:NA +Reference:https://github.com/libffi/libffi/commit/3ac265d5c0e038e324bae29131dbc4bacb4935ea +--- + src/x86/unix64.S | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/src/x86/unix64.S b/src/x86/unix64.S +index 8cf3a23..d9c5bd4 100644 +--- a/src/x86/unix64.S ++++ b/src/x86/unix64.S +@@ -39,14 +39,13 @@ + actual table. The entry points into the table are all 8 bytes. + The use of ORG asserts that we're at the correct location. */ + /* ??? The clang assembler doesn't handle .org with symbolic expressions. */ +-#if defined(__clang__) || defined(__APPLE__) || (defined (__sun__) && defined(__svr4__)) ++#ifdef __CET__ ++/* Double slot size to 16 byte to add 4 bytes of ENDBR64. */ ++# define E(BASE, X) .balign 8; .org BASE + X * 16 ++#elif defined(__clang__) || defined(__APPLE__) || (defined (__sun__) && defined(__svr4__)) + # define E(BASE, X) .balign 8 + #else +-# ifdef __CET__ +-# define E(BASE, X) .balign 8; .org BASE + X * 16 +-# else +-# define E(BASE, X) .balign 8; .org BASE + X * 8 +-# endif ++# define E(BASE, X) .balign 8; .org BASE + X * 8 + #endif + + /* ffi_call_unix64 (void *args, unsigned long bytes, unsigned flags, +-- +2.23.0 + \ No newline at end of file diff --git a/libffi.spec b/libffi.spec index 8b4d741..8f8b7a4 100644 --- a/libffi.spec +++ b/libffi.spec @@ -1,6 +1,6 @@ Name: libffi Version: 3.4.2 -Release: 2 +Release: 2.h2 Summary: A Portable Foreign Function Interface Library License: MIT URL: http://sourceware.org/libffi @@ -8,6 +8,9 @@ Source0: https://github.com/libffi/libffi/releases/download/v%{version}/%{name}- Source1: ffi-multilib.h Source2: ffitarget-multilib.h +Patch6000: backport-x86-64-Always-double-jump-table-slot-size-for-CET-71.patch +Patch6001: backport-Fix-check-for-invalid-varargs-arguments-707.patch + BuildRequires: gcc gcc-c++ dejagnu %description @@ -49,7 +52,7 @@ BuildArch: noarch The help package contains man files. %prep -%autosetup -n %{name}-%{version} +%autosetup -p1 -n %{name}-%{version} %build %configure \ @@ -93,6 +96,12 @@ fi %{_infodir}/libffi.info.gz %changelog +* Mon Jul 25 2022 chenziyang - 3.4.2-2.h2 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:backport patches from upstream + * Tue Mar 15 2022 panxiaohe - 3.4.2-2 - delete useless old version dynamic library -- Gitee