This is an automated email from the git hooks/post-receive script.
nickm pushed a commit to branch main in repository tor.
commit 531275b0f36b39fb6a5c6aaab47e26993ce6fa91 Author: Pierre Bourdon delroth@gmail.com AuthorDate: Sat Apr 30 11:52:59 2022 +0200
sandbox: fix openat filtering on AArch64
New glibc versions not sign-extending 32 bit negative constants seems to not be a thing on AArch64. I suspect that this might not be the only architecture where the sign-extensions is happening, and the correct fix might be instead to use a proper 32 bit comparison for the first openat parameter. For now, band-aid fix this so the sandbox can work again on AArch64. --- src/lib/sandbox/sandbox.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c index e87edd8e21..4681d4795a 100644 --- a/src/lib/sandbox/sandbox.c +++ b/src/lib/sandbox/sandbox.c @@ -518,7 +518,12 @@ libc_uses_openat_for_opendir(void) static int libc_negative_constant_needs_cast(void) { +#if defined(__aarch64__) && defined(__LP64__) + /* Existing glibc versions always sign-extend to 64 bits on AArch64. */ + return 0; +#else return is_libc_at_least(2, 27); +#endif }
/** Allow a single file to be opened. If <b>use_openat</b> is true,