backport patches from upstream

backport-Fix-check-for-invalid-varargs-arguments-707.patch

@@ -0,0 +1,197 @@
+From de95947ae5db07e4589bb16bab30b6c8ba2b3106 Mon Sep 17 00:00:00 2001
+From: Roland Schatz <roland.schatz@oracle.com>
+Date: Tue, 24 May 2022 03:04:43 +0200
+Subject: [PATCH] Fix check for invalid varargs arguments. (#707)
+ 
+Conflict:NA
+Reference:https://github.com/libffi/libffi/commit/de95947ae5db07e4589bb16bab30b6c8ba2b3106
+---
+ src/prep_cif.c               |   3 +-
+ testsuite/libffi.call/va_3.c | 154 +++++++++++++++++++++++++++++++++++
+ 2 files changed, 156 insertions(+), 1 deletion(-)
+ create mode 100644 testsuite/libffi.call/va_3.c
+ 
+diff --git a/src/prep_cif.c b/src/prep_cif.c
+index c1832b1..2d0f252 100644
+--- a/src/prep_cif.c
++++ b/src/prep_cif.c
+@@ -1,6 +1,7 @@
+ /* -----------------------------------------------------------------------
+    prep_cif.c - Copyright (c) 2011, 2012, 2021  Anthony Green
+                 Copyright (c) 1996, 1998, 2007  Red Hat, Inc.
++                Copyright (c) 2022 Oracle and/or its affiliates.
+ 
+    Permission is hereby granted, free of charge, to any person obtaining
+    a copy of this software and associated documentation files (the
+@@ -240,7 +241,7 @@ ffi_status ffi_prep_cif_var(ffi_cif *cif,
+   if (rc != FFI_OK)
+     return rc;
+ 
+-  for (i = 1; i < ntotalargs; i++)
++  for (i = nfixedargs; i < ntotalargs; i++)
+     {
+       ffi_type *arg_type = atypes[i];
+       if (arg_type == &ffi_type_float
+diff --git a/testsuite/libffi.call/va_3.c b/testsuite/libffi.call/va_3.c
+new file mode 100644
+index 0000000..b3e73b5
+--- /dev/null
++++ b/testsuite/libffi.call/va_3.c
+@@ -0,0 +1,154 @@
++/* Area:		ffi_call
++   Purpose:		Test function with multiple fixed args and variable argument list.
++   Limitations:	none.
++   PR:			none.
++   Originator:	        ARM Ltd., Oracle */
++
++/* { dg-do run } */
++/* { dg-output "" { xfail avr32*-*-* m68k-*-* } } */
++
++#include "ffitest.h"
++#include <stdarg.h>
++
++/*
++ * This is a modified version of va_2.c that has fixed arguments with "small" types that
++ * are not allowed as variable arguments, but they should be still allowed as fixed args.
++ */
++
++static int
++test_fn (char a1, float a2, int n, ...)
++{
++  va_list ap;
++  unsigned char uc;
++  signed char sc;
++  unsigned short us;
++  signed short ss;
++  unsigned int ui;
++  signed int si;
++  unsigned long ul;
++  signed long sl;
++  float f;
++  double d;
++
++  va_start (ap, n);
++
++  uc = va_arg (ap, unsigned);
++  sc = va_arg (ap, signed);
++
++  us = va_arg (ap, unsigned);
++  ss = va_arg (ap, signed);
++
++  ui = va_arg (ap, unsigned int);
++  si = va_arg (ap, signed int);
++
++  ul = va_arg (ap, unsigned long);
++  sl = va_arg (ap, signed long);
++
++  f = va_arg (ap, double);	/* C standard promotes float->double
++				   when anonymous */
++  d = va_arg (ap, double);
++
++  printf ("%d %f uc=%u sc=%d %u %d %u %d %lu %ld %f %f\n",
++	  a1, a2,
++	  uc, sc,
++	  us, ss,
++	  ui, si,
++	  ul, sl,
++	  f, d);
++
++  va_end (ap);
++
++  CHECK(a1 == 1);
++  CHECK((int)a2 == 2);
++  CHECK(uc == 9);
++  CHECK(sc == 10);
++  CHECK(us == 11);
++  CHECK(ss == 12);
++  CHECK(ui == 13);
++  CHECK(si == 14);
++  CHECK(ul == 15);
++  CHECK(sl == 16);
++  CHECK((int)f == 2);
++  CHECK((int)d == 3);
++
++  return n + 1;
++}
++
++int
++main (void)
++{
++  ffi_cif cif;
++  void* args[14];
++  ffi_type* arg_types[14];
++
++  char a1;
++  float a2;
++  int n;
++  ffi_arg res;
++
++  unsigned int uc;
++  signed int sc;
++  unsigned int us;
++  signed int ss;
++  unsigned int ui;
++  signed int si;
++  unsigned long ul;
++  signed long sl;
++  double d1;
++  double f1;
++
++  arg_types[0] = &ffi_type_schar;
++  arg_types[1] = &ffi_type_float;
++  arg_types[2] = &ffi_type_sint;
++  arg_types[3] = &ffi_type_uint;
++  arg_types[4] = &ffi_type_sint;
++  arg_types[5] = &ffi_type_uint;
++  arg_types[6] = &ffi_type_sint;
++  arg_types[7] = &ffi_type_uint;
++  arg_types[8] = &ffi_type_sint;
++  arg_types[9] = &ffi_type_ulong;
++  arg_types[10] = &ffi_type_slong;
++  arg_types[11] = &ffi_type_double;
++  arg_types[12] = &ffi_type_double;
++  arg_types[13] = NULL;
++
++  CHECK(ffi_prep_cif_var(&cif, FFI_DEFAULT_ABI, 3, 13, &ffi_type_sint, arg_types) == FFI_OK);
++
++  a1 = 1;
++  a2 = 2.0f;
++  n = 41;
++
++  uc = 9;
++  sc = 10;
++  us = 11;
++  ss = 12;
++  ui = 13;
++  si = 14;
++  ul = 15;
++  sl = 16;
++  f1 = 2.12;
++  d1 = 3.13;
++
++  args[0] = &a1;
++  args[1] = &a2;
++  args[2] = &n;
++  args[3] = &uc;
++  args[4] = &sc;
++  args[5] = &us;
++  args[6] = &ss;
++  args[7] = &ui;
++  args[8] = &si;
++  args[9] = &ul;
++  args[10] = &sl;
++  args[11] = &f1;
++  args[12] = &d1;
++  args[13] = NULL;
++
++  ffi_call(&cif, FFI_FN(test_fn), &res, args);
++  /* { dg-output "1 2.000000 uc=9 sc=10 11 12 13 14 15 16 2.120000 3.130000" } */
++  printf("res: %d\n", (int) res);
++  /* { dg-output "\nres: 42" } */
++  CHECK(res == 42);
++
++  return 0;
++}
+-- 
+2.23.0
+ 

backport-x86-64-Always-double-jump-table-slot-size-for-CET-71.patch

@@ -0,0 +1,54 @@
+From 3ac265d5c0e038e324bae29131dbc4bacb4935ea Mon Sep 17 00:00:00 2001
+From: hjl-tools <hjl.tools@gmail.com>
+Date: Sun, 15 May 2022 18:43:56 -0700
+Subject: [PATCH] x86-64: Always double jump table slot size for CET (#710)
+ (#711)
+ 
+When CET is enabled, double jump table slot size to add 4 bytes of ENDBR64
+for CET.  Since CET enabled clang doesn't have the LLVM assembler bug:
+ 
+https://bugs.llvm.org/show_bug.cgi?id=21501
+ 
+fixed by
+ 
+commit 04d39260d64e08b8bfb3844109ad43d4055b2e8d
+Author: Rafael Espindola <rafael.espindola@gmail.com>
+Date:   Wed Nov 4 23:50:29 2015 +0000
+ 
+    Simplify .org processing and make it a bit more powerful.
+ 
+we can use .org to allocate jump table slot size to 16 bytes.
+ 
+Conflict:NA
+Reference:https://github.com/libffi/libffi/commit/3ac265d5c0e038e324bae29131dbc4bacb4935ea
+---
+ src/x86/unix64.S | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+ 
+diff --git a/src/x86/unix64.S b/src/x86/unix64.S
+index 8cf3a23..d9c5bd4 100644
+--- a/src/x86/unix64.S
++++ b/src/x86/unix64.S
+@@ -39,14 +39,13 @@
+    actual table.  The entry points into the table are all 8 bytes.
+    The use of ORG asserts that we're at the correct location.  */
+ /* ??? The clang assembler doesn't handle .org with symbolic expressions.  */
+-#if defined(__clang__) || defined(__APPLE__) || (defined (__sun__) && defined(__svr4__))
++#ifdef __CET__
++/* Double slot size to 16 byte to add 4 bytes of ENDBR64.  */
++# define E(BASE, X)	.balign 8; .org BASE + X * 16
++#elif defined(__clang__) || defined(__APPLE__) || (defined (__sun__) && defined(__svr4__))
+ # define E(BASE, X)	.balign 8
+ #else
+-# ifdef __CET__
+-#  define E(BASE, X)	.balign 8; .org BASE + X * 16
+-# else
+-#  define E(BASE, X)	.balign 8; .org BASE + X * 8
+-# endif
++# define E(BASE, X)	.balign 8; .org BASE + X * 8
+ #endif
+ 
+ /* ffi_call_unix64 (void *args, unsigned long bytes, unsigned flags,
+-- 
+2.23.0
+ 

libffi.spec

@@ -1,6 +1,6 @@
 Name:		libffi
 Version:	3.4.2
-Release:	2
+Release:	2.h2
 Summary:	A Portable Foreign Function Interface Library
 License:	MIT
 URL:		http://sourceware.org/libffi
@@ -8,6 +8,9 @@ Source0:	https://github.com/libffi/libffi/releases/download/v%{version}/%{name}-
 Source1:	ffi-multilib.h
 Source2:	ffitarget-multilib.h
 
+Patch6000:	backport-x86-64-Always-double-jump-table-slot-size-for-CET-71.patch
+Patch6001:	backport-Fix-check-for-invalid-varargs-arguments-707.patch
+ 
 BuildRequires:	gcc gcc-c++ dejagnu
 
 %description
@@ -49,7 +52,7 @@ BuildArch:      noarch
 The help package contains man files.
 
 %prep
-%autosetup -n %{name}-%{version}
+%autosetup -p1 -n %{name}-%{version}
 
 %build
 %configure \
@@ -93,6 +96,12 @@ fi
 %{_infodir}/libffi.info.gz
 
 %changelog
+* Mon Jul 25 2022 chenziyang<chenziyang4@huawei.com> - 3.4.2-2.h2
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:backport patches from upstream
+ 
 * Tue Mar 15 2022 panxiaohe<panxh.life@foxmail.com> - 3.4.2-2
 - delete useless old version dynamic library