mirror of
https://sourceware.org/git/glibc.git
synced 2024-12-12 14:20:13 +00:00
Fix crash in _IO_wfile_sync (bug 20568)
When computing the length of the converted part of the stdio buffer, use
the number of consumed wide characters, not the (negative) distance to the
end of the wide buffer.
(cherry picked from commit 32ff397533
)
This commit is contained in:
parent
1961e5c729
commit
f9c3c12f33
10
ChangeLog
10
ChangeLog
@ -1,3 +1,13 @@
|
||||
2019-05-15 Andreas Schwab <schwab@suse.de>
|
||||
|
||||
[BZ #20568]
|
||||
* libio/wfileops.c (_IO_wfile_sync): Correct last argument to
|
||||
__codecvt_do_length.
|
||||
* libio/Makefile (tests): Add tst-wfile-sync.
|
||||
($(objpfx)tst-wfile-sync.out): Depend on $(gen-locales).
|
||||
* libio/tst-wfile-sync.c: New file.
|
||||
* libio/tst-wfile-sync.input: New file.
|
||||
|
||||
2019-04-23 Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
||||
|
||||
[BZ #18035]
|
||||
|
1
NEWS
1
NEWS
@ -65,6 +65,7 @@ The following bugs are resolved with this release:
|
||||
[18018] Additional $ORIGIN handling issues (CVE-2011-0536)
|
||||
[18035] Fix pldd hang
|
||||
[20419] files with large allocated notes crash in open_verify
|
||||
[20568] Fix crash in _IO_wfile_sync
|
||||
[21269] i386 sigaction sa_restorer handling is wrong
|
||||
[21812] getifaddrs: Don't return ifa entries with NULL names
|
||||
[21942] _dl_dst_substitute incorrectly handles $ORIGIN: with AT_SECURE=1
|
||||
|
@ -63,7 +63,7 @@ tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc tst_putwc \
|
||||
bug-memstream1 bug-wmemstream1 \
|
||||
tst-setvbuf1 tst-popen1 tst-fgetwc bug-wsetpos tst-fseek \
|
||||
tst-fwrite-error tst-ftell-partial-wide tst-ftell-active-handler \
|
||||
tst-ftell-append tst-fputws tst-bz22415
|
||||
tst-ftell-append tst-fputws tst-bz22415 tst-wfile-sync
|
||||
|
||||
tests-internal = tst-vtables tst-vtables-interposed
|
||||
|
||||
@ -206,6 +206,7 @@ $(objpfx)tst-ungetwc1.out: $(gen-locales)
|
||||
$(objpfx)tst-ungetwc2.out: $(gen-locales)
|
||||
$(objpfx)tst-widetext.out: $(gen-locales)
|
||||
$(objpfx)tst_wprintf2.out: $(gen-locales)
|
||||
$(objpfx)tst-wfile-sync.out: $(gen-locales)
|
||||
endif
|
||||
|
||||
$(objpfx)test-freopen.out: test-freopen.sh $(objpfx)test-freopen
|
||||
|
39
libio/tst-wfile-sync.c
Normal file
39
libio/tst-wfile-sync.c
Normal file
@ -0,0 +1,39 @@
|
||||
/* Test that _IO_wfile_sync does not crash (bug 20568).
|
||||
Copyright (C) 2019 Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
The GNU C Library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with the GNU C Library; if not, see
|
||||
<http://www.gnu.org/licenses/>. */
|
||||
|
||||
#include <locale.h>
|
||||
#include <stdio.h>
|
||||
#include <wchar.h>
|
||||
#include <support/check.h>
|
||||
#include <support/xunistd.h>
|
||||
|
||||
static int
|
||||
do_test (void)
|
||||
{
|
||||
TEST_VERIFY_EXIT (setlocale (LC_ALL, "de_DE.UTF-8") != NULL);
|
||||
/* Fill the stdio buffer and advance the read pointer. */
|
||||
TEST_VERIFY_EXIT (fgetwc (stdin) != WEOF);
|
||||
/* This calls _IO_wfile_sync, it should not crash. */
|
||||
TEST_VERIFY_EXIT (setvbuf (stdin, NULL, _IONBF, 0) == 0);
|
||||
/* Verify that the external file offset has been synchronized. */
|
||||
TEST_COMPARE (xlseek (0, 0, SEEK_CUR), 1);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#include <support/test-driver.c>
|
1
libio/tst-wfile-sync.input
Normal file
1
libio/tst-wfile-sync.input
Normal file
@ -0,0 +1 @@
|
||||
This is a test of _IO_wfile_sync.
|
@ -509,11 +509,12 @@ _IO_wfile_sync (_IO_FILE *fp)
|
||||
generate the wide characters up to the current reading
|
||||
position. */
|
||||
int nread;
|
||||
|
||||
size_t wnread = (fp->_wide_data->_IO_read_ptr
|
||||
- fp->_wide_data->_IO_read_base);
|
||||
fp->_wide_data->_IO_state = fp->_wide_data->_IO_last_state;
|
||||
nread = (*cv->__codecvt_do_length) (cv, &fp->_wide_data->_IO_state,
|
||||
fp->_IO_read_base,
|
||||
fp->_IO_read_end, delta);
|
||||
fp->_IO_read_end, wnread);
|
||||
fp->_IO_read_ptr = fp->_IO_read_base + nread;
|
||||
delta = -(fp->_IO_read_end - fp->_IO_read_base - nread);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user