Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 29 Aug 2017 22:06:52 -0400
From: Rich Felker <>
Subject: Re: open issues

Updated lists after reviewing the list and pushing the changes that
were easy to make/merge:

Still pending due to nontrivial patch to review and/or need for

- getenv/setenv/putenv ub
- mbsnrtowcs and mbsnrtowcs confuses byte and wchar counts
- oob reads in memmem (and signed << ub)
- fix nftw when called with paths ending in slash

Pending due to waiting for updated patch incorporating feedback
already given or resolving merge conflicts or similar:

- handle whitespace before %% in scanf
- make dlsym and reloc time lookup consistent
- newly created thread may run with signals blocked
  < sergei> there seems to be a race condition in pthread_create.c between lines 134 and 298
  < sergei> if line 298 is executed before 134 (assuming syscall returned 0), startlock will be overwritten with zero, the condition will be evaluated to false and __restore_sigs will not be executed
  < sergei> the newly created thread will run with all signals blocked
  < sergei> i have a patch that fixes the issue for me:
- missed underflow in fma
  new fma, depends on a_clz_64

Pending due to need for additional analysis to determine exactly
what/where the bug is:

- mips64 utime issue?
  "tar binary can't fix the modification/access times on any extracted symbolic links,"

Pending due to open question about desired behavior:

- getservbyport(_r) should not report numeric ports
- mmap should not return EPERM when it means ENOMEM
- GLOB_PERIOD is inconsistent with glibc
- ldso ctor dependency ordering and recursive dlopen fix

Pending due to dependency of fix on larger change:

- use-after-free in __unlock of pthread struct

Pending due to need to minor mechanical review:

- fix syscall number differences compared to linux uapi

Pending due to missing patch:

- align arm hwcap.h with glibc (nsz)

Punting til later due to lack of serious/any outward symptoms and lack
of any practical way to fix:

- scanf, wrong types in va_arg

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.