[Bug 1016349] Re: htons() returns wrong type on non-{i386, amd64} platforms
Adam Conrad
adconrad at 0c3.net
Wed Nov 14 22:48:09 UTC 2012
This bug was fixed in the package eglibc - 2.15-0ubuntu10.3
---------------
eglibc (2.15-0ubuntu10.3) precise; urgency=low
* Backport fixes for dbl-64 and ldbl-128 issues (LP: #1000498)
* Backport another FMA support patch from glibc master branch.
eglibc (2.15-0ubuntu10.2) precise-security; urgency=low
* SECURITY UPDATE: stack buffer overflow in vfprintf handling
(LP: #1031301)
- debian/patches/any/CVE-2012-3406.patch: switch to malloc when
array grows too large to handle via alloca extension
- CVE-2012-3406
* SECURITY UPDATE: stdlib strtod integer/buffer overflows
- debian/patches/any/CVE-2012-3480.patch: rearrange calculations
and modify types to void integer overflows
- CVE-2012-3480
eglibc (2.15-0ubuntu10.1) precise; urgency=low
* Backport fix from 2.16 to fix htons() conversion errors on non-x86
architectures, by correctly casting to uint16_t (LP: #1016349)
* Restore missing AT_EMPTY_PATH definition in fnctl.h (LP: #1010069)
* Backport FMA4/AVX detection from glibc 2.16 (LP: #956051, #979003)
* Backport fixups to AVX-using code to match the detection backport.
* Backport fix from 2.16 for sscanf/realloc deadlock (LP: #1028038)
* Backport for bogus FPE on underflow for exp(double) (LP: #1007457)
-- Adam Conrad <adconrad at ubuntu.com> Wed, 03 Oct 2012 15:58:02 -0600
** Changed in: eglibc (Ubuntu Precise)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3406
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3480
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1016349
Title:
htons() returns wrong type on non-{i386,amd64} platforms
Status in Embedded GLIBC:
Fix Released
Status in “eglibc” package in Ubuntu:
Fix Released
Status in “eglibc” source package in Precise:
Fix Released
Status in “glibc” package in Fedora:
Unknown
Bug description:
[Impact]
htons() on non x86 platforms is missing a cast to uint16_t which causes FTBFS of mosh on armel and armhf.
[Development Fix]
This has been fixed in eglibc in Quantal.
[Stable Fix]
A fix can be backported from the Quantal development version into Precise.
[Test Case]
See https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1016349/comments/2
On how to reproduce with a C program.
[Regression Potential]
This patch affects some of the generic byteswaping code in eglibc. The fix for x86 arches was already completed years ago, and this patch fixes is for other arches.
--
The definition of htons() on platforms other than i386 and amd64 is
missing a cast to uint16_t, which caused this FTBFS of mosh on armel
and armhf:
https://launchpad.net/ubuntu/+source/mosh/1.2.1-1ubuntu1/+build/3582950
network.cc:76:28: error: narrowing conversion of '({...})' from 'unsigned int' to 'uint16_t {aka short unsigned int}' inside { } is ill-formed in C++11 [-Werror=narrowing]
network.cc:76:50: error: narrowing conversion of '({...})' from 'unsigned int' to 'uint16_t {aka short unsigned int}' inside { } is ill-formed in C++11 [-Werror=narrowing]
(We didn’t see this before because this warning is new in GCC 4.7.)
This was fixed for glibc 2.16 in
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2174c6dd8555f654c30df2f8f3321b69e0f736f8
To manage notifications about this bug go to:
https://bugs.launchpad.net/eglibc/+bug/1016349/+subscriptions
More information about the foundations-bugs
mailing list