AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-11-21 12:30:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

libio: Ensure output buffer for wchars (bug #28828)

Browse Source 
The _IO_wfile_overflow does not check if the write pointer for wide
data is valid before access, different than _IO_file_overflow.  This
leads to crash on some cases, as described by bug 28828.

The minimal sequence to produce the crash was:

  #include <stdio.h>
  #include <wchar.h>
  int main (int ac, char **av)
  {
    setvbuf (stdout, NULL, _IOLBF, 0);
    fgetwc (stdin);
    fputwc (10, stdout); /*CRASH HERE!*/
    return 0;
  }

The "fgetwc(stdin);" is necessary since it triggers the bug by setting
the flag _IO_CURRENTLY_PUTTING on stdout indirectly (file wfileops.c,
function _IO_wfile_underflow, line 213).

Signed-off-by: Jose Bollo <jobol@nonadev.net>
This commit is contained in:
José Bollo 2022-03-08 09:58:16 +01:00 committed by Adhemerval Zanella
parent 2da6e43916
commit edc696a73a
4 changed files with 36 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libio/Makefile
View File

@ -66,7 +66,7 @@ tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc tst_putwc \
tst-fwrite-error tst-ftell-partial-wide tst-ftell-active-handler \ tst-fwrite-error tst-ftell-partial-wide tst-ftell-active-handler \
tst-ftell-append tst-fputws tst-bz22415 tst-fgetc-after-eof \ tst-ftell-append tst-fputws tst-bz22415 tst-fgetc-after-eof \
tst-sprintf-ub tst-sprintf-chk-ub tst-bz24051 tst-bz24153 \ tst-sprintf-ub tst-sprintf-chk-ub tst-bz24051 tst-bz24153 \
tst-wfile-sync tst-wfile-sync tst-bz28828
tests-internal = tst-vtables tst-vtables-interposed tests-internal = tst-vtables tst-vtables-interposed

32
libio/tst-bz28828.c Normal file
View File

@ -0,0 +1,32 @@
/* Unit test for BZ#28828.
Copyright (C) 2022 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
#include <support/xstdio.h>
#include <support/check.h>
#include <wchar.h>
static int
do_test (void)
{
setvbuf (stdout, NULL, _IOLBF, 0);
fgetwc (stdin);
fputwc (10, stdout); /* It should not crash here. */
return 0;
}
#include <support/test-driver.c>

1
libio/tst-bz28828.input Normal file
View File

@ -0,0 +1 @@
hello

3
libio/wfileops.c
View File

@ -412,7 +412,8 @@ _IO_wfile_overflow (FILE *f, wint_t wch)
return WEOF; return WEOF;
} }
/* If currently reading or no buffer allocated. */ /* If currently reading or no buffer allocated. */
if ((f->_flags & _IO_CURRENTLY_PUTTING) == 0) if ((f->_flags & _IO_CURRENTLY_PUTTING) == 0
|| f->_wide_data->_IO_write_base == NULL)
{ {
/* Allocate a buffer if needed. */ /* Allocate a buffer if needed. */
if (f->_wide_data->_IO_write_base == 0) if (f->_wide_data->_IO_write_base == 0)