!195 backport upstream patches to fix some memory leak and double free bugs

From: @liqingqing_1229
Reviewed-by: @wangbin224
Signed-off-by: @wangbin224

Linux-Fix-fcntl-ioctl-prctl-redirects-for-_TIME_BITS.patch

@@ -0,0 +1,72 @@
+From c87fcacc50505d550f1bb038382bcc7ea73a5926 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Fri, 6 Aug 2021 09:51:38 +0200
+Subject: [PATCH] Linux: Fix fcntl, ioctl, prctl redirects for _TIME_BITS=64
+ (bug 28182)
+
+__REDIRECT and __THROW are not compatible with C++ due to the ordering of the
+__asm__ alias and the throw specifier. __REDIRECT_NTH has to be used
+instead.
+
+Fixes commit 8a40aff86ba5f64a3a84883e539cb67b ("io: Add time64 alias
+for fcntl"), commit 82c395d91ea4f69120d453aeec398e30 ("misc: Add
+time64 alias for ioctl"), commit b39ffab860cd743a82c91946619f1b8158
+("Linux: Add time64 alias for prctl").
+
+Reviewed-by: Carlos O'Donell <carlos@redhat.com>
+---
+ io/fcntl.h                          | 8 ++++----
+ misc/sys/ioctl.h                    | 4 ++--
+ sysdeps/unix/sysv/linux/sys/prctl.h | 2 +-
+ 3 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/io/fcntl.h b/io/fcntl.h
+index 8917a73..1c96f98 100644
+--- a/io/fcntl.h
++++ b/io/fcntl.h
+@@ -187,10 +187,10 @@ extern int fcntl64 (int __fd, int __cmd, ...);
+ # endif
+ #else /* __USE_TIME_BITS64 */
+ # ifdef __REDIRECT
+-extern int __REDIRECT (fcntl, (int __fd, int __request, ...),
+-		       __fcntl_time64)  __THROW;
+-extern int __REDIRECT (fcntl64, (int __fd, int __request, ...),
+-		       __fcntl_time64)  __THROW;
++extern int __REDIRECT_NTH (fcntl, (int __fd, int __request, ...),
++			   __fcntl_time64);
++extern int __REDIRECT_NTH (fcntl64, (int __fd, int __request, ...),
++			   __fcntl_time64);
+ # else
+ extern int __fcntl_time64 (int __fd, int __request, ...) __THROW;
+ #  define fcntl64 __fcntl_time64
+diff --git a/misc/sys/ioctl.h b/misc/sys/ioctl.h
+index 6884d99..9945c1e 100644
+--- a/misc/sys/ioctl.h
++++ b/misc/sys/ioctl.h
+@@ -42,8 +42,8 @@ __BEGIN_DECLS
+ extern int ioctl (int __fd, unsigned long int __request, ...) __THROW;
+ #else
+ # ifdef __REDIRECT
+-extern int __REDIRECT (ioctl, (int __fd, unsigned long int __request, ...),
+-		       __ioctl_time64) __THROW;
++extern int __REDIRECT_NTH (ioctl, (int __fd, unsigned long int __request, ...),
++			   __ioctl_time64);
+ # else
+ extern int __ioctl_time64 (int __fd, unsigned long int __request, ...) __THROW;
+ #  define ioctl __ioctl_time64
+diff --git a/sysdeps/unix/sysv/linux/sys/prctl.h b/sysdeps/unix/sysv/linux/sys/prctl.h
+index db88938..f0e0d2f 100644
+--- a/sysdeps/unix/sysv/linux/sys/prctl.h
++++ b/sysdeps/unix/sysv/linux/sys/prctl.h
+@@ -42,7 +42,7 @@ __BEGIN_DECLS
+ extern int prctl (int __option, ...) __THROW;
+ #else
+ # ifdef __REDIRECT
+-extern int __REDIRECT (prctl, (int __option, ...), __prctl_time64) __THROW;
++extern int __REDIRECT_NTH (prctl, (int __option, ...), __prctl_time64);
+ # else
+ extern int __prctl_time64 (int __option,d ...) __THROW;
+ #  define ioctl __prctl_time64
+-- 
+1.8.3.1
+

copy_and_spawn_sgid-Avoid-double-calls-to-close.patch

@@ -0,0 +1,28 @@
+From 45caed9d67a00af917d8b5b88d4b5eb1225b7aef Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Date: Tue, 3 Aug 2021 21:10:53 +0530
+Subject: [PATCH] copy_and_spawn_sgid: Avoid double calls to close()
+
+If close() on infd and outfd succeeded, reset the fd numbers so that
+we don't attempt to close them again.
+
+Reviewed-by: Arjun Shankar <arjun@redhat.com>
+---
+ support/support_capture_subprocess.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/support/support_capture_subprocess.c b/support/support_capture_subprocess.c
+index 27bfd19..0bacf6d 100644
+--- a/support/support_capture_subprocess.c
++++ b/support/support_capture_subprocess.c
+@@ -170,6 +170,7 @@ copy_and_spawn_sgid (char *child_id, gid_t gid)
+      support_subprogram because we only want the program exit status, not the
+      contents.  */
+   ret = 0;
++  infd = outfd = -1;
+ 
+   char * const args[] = {execname, child_id, NULL};
+ 
+-- 
+1.8.3.1
+

gaiconf_init-Avoid-double-free-in-label-and-preceden.patch

@@ -0,0 +1,36 @@
+From 77a34079d8f3d63b61543bf3af93043f8674e4c4 Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Date: Tue, 3 Aug 2021 21:11:03 +0530
+Subject: [PATCH] gaiconf_init: Avoid double-free in label and precedence lists
+
+labellist and precedencelist could get freed a second time if there
+are allocation failures, so set them to NULL to avoid a double-free.
+
+Reviewed-by: Arjun Shankar <arjun@redhat.com>
+---
+ sysdeps/posix/getaddrinfo.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
+index 838a68f..43dfc67 100644
+--- a/sysdeps/posix/getaddrinfo.c
++++ b/sysdeps/posix/getaddrinfo.c
+@@ -2008,6 +2008,7 @@ gaiconf_init (void)
+ 	      l = l->next;
+ 	    }
+ 	  free_prefixlist (labellist);
++	  labellist = NULL;
+ 
+ 	  /* Sort the entries so that the most specific ones are at
+ 	     the beginning.  */
+@@ -2046,6 +2047,7 @@ gaiconf_init (void)
+ 	      l = l->next;
+ 	    }
+ 	  free_prefixlist (precedencelist);
++	  precedencelist = NULL;
+ 
+ 	  /* Sort the entries so that the most specific ones are at
+ 	     the beginning.  */
+-- 
+1.8.3.1
+

gconv_parseconfdir-Fix-memory-leak.patch

@@ -0,0 +1,37 @@
+From 5f9b78fe35d08739b6da1e5b356786d41116c108 Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Date: Tue, 3 Aug 2021 21:10:20 +0530
+Subject: [PATCH] gconv_parseconfdir: Fix memory leak
+
+The allocated `conf` would leak if we have to skip over the file due
+to the underlying filesystem not supporting dt_type.
+
+Reviewed-by: Arjun Shankar <arjun@redhat.com>
+---
+ iconv/gconv_parseconfdir.h | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/iconv/gconv_parseconfdir.h b/iconv/gconv_parseconfdir.h
+index a4153e5..2f06268 100644
+--- a/iconv/gconv_parseconfdir.h
++++ b/iconv/gconv_parseconfdir.h
+@@ -153,12 +153,11 @@ gconv_parseconfdir (const char *dir, size_t dir_len)
+ 	      struct stat64 st;
+ 	      if (asprintf (&conf, "%s/%s", buf, ent->d_name) < 0)
+ 		continue;
+-	      if (ent->d_type == DT_UNKNOWN
+-		  && (lstat64 (conf, &st) == -1
+-		      || !S_ISREG (st.st_mode)))
+-		continue;
+ 
+-	      found |= read_conf_file (conf, dir, dir_len);
++	      if (ent->d_type != DT_UNKNOWN
++		  || (lstat64 (conf, &st) != -1 && S_ISREG (st.st_mode)))
++		found |= read_conf_file (conf, dir, dir_len);
++
+ 	      free (conf);
+ 	    }
+ 	}
+-- 
+1.8.3.1
+

gethosts-Remove-unused-argument-_type.patch

@@ -0,0 +1,44 @@
+From b17e842a60819098d2a203ecc8b8371b7e1d6c65 Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Date: Wed, 4 Aug 2021 02:21:01 +0530
+Subject: [PATCH] gethosts: Remove unused argument _type
+
+The generated code is unchanged.
+---
+ sysdeps/posix/getaddrinfo.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
+index 43dfc67..9f1cde2 100644
+--- a/sysdeps/posix/getaddrinfo.c
++++ b/sysdeps/posix/getaddrinfo.c
+@@ -239,7 +239,7 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req,
+   return true;
+ }
+ 
+-#define gethosts(_family, _type) \
++#define gethosts(_family) \
+  {									      \
+   struct hostent th;							      \
+   char *localcanon = NULL;						      \
+@@ -829,7 +829,7 @@ gaih_inet (const char *name, const struct gaih_service *service,
+ 		      if (req->ai_family == AF_INET6
+ 			  || req->ai_family == AF_UNSPEC)
+ 			{
+-			  gethosts (AF_INET6, struct in6_addr);
++			  gethosts (AF_INET6);
+ 			  no_inet6_data = no_data;
+ 			  inet6_status = status;
+ 			}
+@@ -841,7 +841,7 @@ gaih_inet (const char *name, const struct gaih_service *service,
+ 				 know we are not going to need them.  */
+ 			      && ((req->ai_flags & AI_ALL) || !got_ipv6)))
+ 			{
+-			  gethosts (AF_INET, struct in_addr);
++			  gethosts (AF_INET);
+ 
+ 			  if (req->ai_family == AF_INET)
+ 			    {
+-- 
+1.8.3.1
+

glibc.spec

@@ -63,7 +63,7 @@
 ##############################################################################
 Name: 	 	glibc
 Version: 	2.34
-Release: 	3
+Release: 	4
 Summary: 	The GNU libc libraries
 License:	%{all_license}
 URL: 		http://www.gnu.org/software/glibc/
@@ -81,6 +81,15 @@ Patch0: glibc-1070416.patch
 Patch1: glibc-c-utf8-locale.patch
 Patch2: backport-CVE-2021-38604-0001-librt-add-test-bug-28213.patch
 Patch3: backport-CVE-2021-38604-0002-librt-fix-NULL-pointer-dereference-bug-28213.patch
+Patch4: copy_and_spawn_sgid-Avoid-double-calls-to-close.patch
+Patch5: gaiconf_init-Avoid-double-free-in-label-and-preceden.patch
+Patch6: gconv_parseconfdir-Fix-memory-leak.patch
+Patch7: gethosts-Remove-unused-argument-_type.patch
+Patch8: iconv_charmap-Close-output-file-when-done.patch
+Patch9: ldconfig-avoid-leak-on-empty-paths-in-config-file.patch
+Patch10: Linux-Fix-fcntl-ioctl-prctl-redirects-for-_TIME_BITS.patch
+Patch11: nis-Fix-leak-on-realloc-failure-in-nis_getnames-BZ-2.patch
+Patch12: rt-Set-the-correct-message-queue-for-tst-mqueue10.patch
 
 #Patch9000: turn-REP_STOSB_THRESHOLD-from-2k-to-1M.patch
 Patch9001: delete-no-hard-link-to-avoid-all_language-package-to.patch 
@@ -1172,6 +1181,9 @@ fi
 %doc hesiod/README.hesiod
 
 %changelog
+* Fri Sep 17 2021 Qingqing Li<liqingqing3@huawei.com> - 2.34-4
+- backport upstream patches to fix some memory leak and double free bugs
+
 * Tue Sep 14 2021 Yang Yanchao<yangyanchao6@huawei.com> - 2.34-3
 - add --enable-static-pie in aarch64
 

iconv_charmap-Close-output-file-when-done.patch

@@ -0,0 +1,26 @@
+From 1e0e6d656db9dfa12ef7eb67976385d3deb0d4ff Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Date: Tue, 3 Aug 2021 21:10:29 +0530
+Subject: [PATCH] iconv_charmap: Close output file when done
+
+Reviewed-by: Arjun Shankar <arjun@redhat.com>
+---
+ iconv/iconv_charmap.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/iconv/iconv_charmap.c b/iconv/iconv_charmap.c
+index e2d53fe..a8b6b56 100644
+--- a/iconv/iconv_charmap.c
++++ b/iconv/iconv_charmap.c
+@@ -234,6 +234,8 @@ charmap_conversion (const char *from_code, struct charmap_t *from_charmap,
+     while (++remaining < argc);
+ 
+   /* All done.  */
++  if (output != stdout)
++    fclose (output);
+   free_table (cvtbl);
+   return status;
+ }
+-- 
+1.8.3.1
+

ldconfig-avoid-leak-on-empty-paths-in-config-file.patch

@@ -0,0 +1,30 @@
+From b0234d79e7d82475d1666f25326ec045c045b3ed Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Date: Tue, 3 Aug 2021 21:10:10 +0530
+Subject: [PATCH] ldconfig: avoid leak on empty paths in config file
+
+Reviewed-by: Arjun Shankar <arjun@redhat.com>
+---
+ elf/ldconfig.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/elf/ldconfig.c b/elf/ldconfig.c
+index 1037e8d..b889363 100644
+--- a/elf/ldconfig.c
++++ b/elf/ldconfig.c
+@@ -503,7 +503,11 @@ add_dir_1 (const char *line, const char *from_file, int from_line)
+     entry->path[--i] = '\0';
+ 
+   if (i == 0)
+-    return;
++    {
++      free (entry->path);
++      free (entry);
++      return;
++    }
+ 
+   char *path = entry->path;
+   if (opt_chroot != NULL)
+-- 
+1.8.3.1
+

nis-Fix-leak-on-realloc-failure-in-nis_getnames-BZ-2.patch

@@ -0,0 +1,46 @@
+From 60698263122b7c54ded3f70a466176e17a529480 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Wed, 28 Jul 2021 14:23:32 -0400
+Subject: [PATCH] nis: Fix leak on realloc failure in nis_getnames [BZ #28150]
+
+If pos >= count but realloc fails, tmp will not have been placed in
+getnames[pos] yet, and so will not be freed in free_null.  Detected
+by Coverity.
+
+Also remove misleading comment from nis_getnames(), since it actually
+did properly release getnames when out of memory.
+
+Tested-by: Carlos O'Donell <carlos@redhat.com>
+---
+ nis/nis_subr.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/nis/nis_subr.c b/nis/nis_subr.c
+index dd0e300..6784fc3 100644
+--- a/nis/nis_subr.c
++++ b/nis/nis_subr.c
+@@ -103,9 +103,6 @@ count_dots (const_nis_name str)
+   return count;
+ }
+ 
+-/* If we run out of memory, we don't give already allocated memory
+-   free. The overhead for bringing getnames back in a safe state to
+-   free it is to big. */
+ nis_name *
+ nis_getnames (const_nis_name name)
+ {
+@@ -271,7 +268,10 @@ nis_getnames (const_nis_name name)
+ 	      nis_name *newp = realloc (getnames,
+ 					(count + 1) * sizeof (char *));
+ 	      if (__glibc_unlikely (newp == NULL))
+-		goto free_null;
++		{
++		  free (tmp);
++		  goto free_null;
++		}
+ 	      getnames = newp;
+ 	    }
+ 	  getnames[pos] = tmp;
+-- 
+1.8.3.1
+

rt-Set-the-correct-message-queue-for-tst-mqueue10.patch

@@ -0,0 +1,35 @@
+From 3d9a539ee66165148b2b9e08b46e03a5f58f65d2 Mon Sep 17 00:00:00 2001
+From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
+Date: Wed, 4 Aug 2021 17:14:46 -0300
+Subject: [PATCH] rt: Set the correct message queue for tst-mqueue10
+
+Checked on x86_64-linux-gnu.
+---
+ rt/tst-mqueue10.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/rt/tst-mqueue10.c b/rt/tst-mqueue10.c
+index 1879580..0bf64d7 100644
+--- a/rt/tst-mqueue10.c
++++ b/rt/tst-mqueue10.c
+@@ -25,7 +25,7 @@
+ #include <support/temp_file.h>
+ #include <unistd.h>
+ 
+-static char name[sizeof "/tst-mqueue2-" + INT_BUFSIZE_BOUND (pid_t)];
++static char name[sizeof "/tst-mqueue10-" + INT_BUFSIZE_BOUND (pid_t)];
+ 
+ static void
+ do_cleanup (void)
+@@ -37,7 +37,7 @@ do_cleanup (void)
+ static int
+ do_test (void)
+ {
+-  snprintf (name, sizeof (name), "/tst-mqueue2-%u", getpid ());
++  snprintf (name, sizeof (name), "/tst-mqueue10-%u", getpid ());
+ 
+   char msg[8] = { 0x55 };
+ 
+-- 
+1.8.3.1
+