linux: __get_nprocs_sched: do not feed CPU_COUNT_S with garbage [BZ #28850]

Pass the actual number of bytes returned by the kernel.

Fixes: 33099d72e41c ("linux: Simplify get_nprocs")
Reviewed-by: Dmitry V. Levin <ldv@altlinux.org>
(cherry picked from commit 97ba273b505763325efd802dc3a9562dbba79579)

diff --git a/NEWS b/NEWS
index 5b2e757e35c2df0c3dd78876409a3fbda86271fc..6637a2e0c1995015913ffc412335f4aeaca1c023 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -59,6 +59,7 @@ The following bugs are resolved with this release:
   [28769] CVE-2021-3999: Off-by-one buffer overflow/underflow in getcwd()
   [28770] CVE-2021-3998: Unexpected return value from realpath() for too long results
   [28784] x86: crash in 32bit memset-sse2.s when the cache size can not be determined
+  [28850] linux: __get_nprocs_sched reads uninitialized memory from the stack
 
 \f
 Version 2.34

diff --git a/sysdeps/unix/sysv/linux/getsysstats.c b/sysdeps/unix/sysv/linux/getsysstats.c
index 7fc6521942e87293ac0a6f26282be1cc071f6fd5..7babd947aa902e7736a3fa99395a5fa09be420c2 100644 (file)
--- a/sysdeps/unix/sysv/linux/getsysstats.c
+++ b/sysdeps/unix/sysv/linux/getsysstats.c
@@ -45,7 +45,7 @@ __get_nprocs_sched (void)
   int r = INTERNAL_SYSCALL_CALL (sched_getaffinity, 0, cpu_bits_size,
                                 cpu_bits);
   if (r > 0)
-    return CPU_COUNT_S (cpu_bits_size, (cpu_set_t*) cpu_bits);
+    return CPU_COUNT_S (r, (cpu_set_t*) cpu_bits);
   else if (r == -EINVAL)
     /* The input buffer is still not enough to store the number of cpus.  This
        is an arbitrary values assuming such systems should be rare and there