This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/11319] dprintf doesn't handle errors properly
- From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 05 Dec 2018 20:55:32 +0000
- Subject: [Bug libc/11319] dprintf doesn't handle errors properly
- Auto-submitted: auto-generated
- References: <bug-11319-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=11319
--- Comment #3 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 35caceb145ff23340edcd67dd813bfd95f1ff6e6 (commit)
via 4e2f43f842ef5e253cc23383645adbaa03cedb86 (commit)
via 124fc732c15ef37b7ee9db25b1e9f9b20c799623 (commit)
via 698fb75b9ff5ae454a1344b5f9fafa0ca367c555 (commit)
via d91798b31ac79914c234c4da7f7e7396bde2d85c (commit)
via b87eb3f8feb826ac48463f598fc10476055bee5a (commit)
via 349718d4d7841df46bcc36df9bc2baef4c40d6f5 (commit)
from 72b8692d7e640eb85ea0fb7de6d5e797512691c1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=35caceb145ff23340edcd67dd813bfd95f1ff6e6
commit 35caceb145ff23340edcd67dd813bfd95f1ff6e6
Author: Zack Weinberg <zackw@panix.com>
Date: Wed Mar 7 14:32:04 2018 -0500
Use PRINTF_LDBL_IS_DBL instead of __ldbl_is_dbl.
After all that prep work, nldbl-compat.c can now use PRINTF_LDBL_IS_DBL
instead of __no_long_double to control the behavior of printf-like
functions; this is the last thing we needed __no_long_double for, so it
can go away entirely.
Tested for powerpc and powerpc64le.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4e2f43f842ef5e253cc23383645adbaa03cedb86
commit 4e2f43f842ef5e253cc23383645adbaa03cedb86
Author: Zack Weinberg <zackw@panix.com>
Date: Wed Mar 7 14:32:03 2018 -0500
Use PRINTF_FORTIFY instead of _IO_FLAGS2_FORTIFY (bug 11319)
The _chk variants of all of the printf functions become much simpler.
This is the last thing that we needed _IO_acquire_lock_clear_flags2
for, so it can go as well. I took the opportunity to make the headers
included and the names of all local variables consistent across all the
affected files.
Since we ultimately want to get rid of __no_long_double as well, it
must be possible to get all of the nontrivial effects of the _chk
functions by calling the _internal functions with appropriate flags.
For most of the __(v)xprintf_chk functions, this is covered by
PRINTF_FORTIFY plus some up-front argument checks that can be
duplicated. However, __(v)sprintf_chk installs a custom jump table so
that it can crash instead of overflowing the output buffer. This
functionality is moved to __vsprintf_internal, which now has a
'maxlen' argument like __vsnprintf_internal; to get the unsafe
behavior of ordinary (v)sprintf, pass -1 for that argument.
obstack_printf_chk and obstack_vprintf_chk are no longer in the same
file.
As a side-effect of the unification of both fortified and non-fortified
vdprintf initialization, this patch fixes bug 11319 for __dprintf_chk
and __vdprintf_chk, which was previously fixed only for dprintf and
vdprintf by the commit
commit 7ca890b88e6ab7624afb1742a9fffb37ad5b3fc3
Author: Ulrich Drepper <drepper@redhat.com>
Date: Wed Feb 24 16:07:57 2010 -0800
Fix reporting of I/O errors in *dprintf functions.
This patch adds a test case to avoid regressions.
Tested for powerpc and powerpc64le.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=124fc732c15ef37b7ee9db25b1e9f9b20c799623
commit 124fc732c15ef37b7ee9db25b1e9f9b20c799623
Author: Zack Weinberg <zackw@panix.com>
Date: Wed Mar 7 14:32:02 2018 -0500
Add __vsyslog_internal, with same flags as __v*printf_internal.
__nldbl___vsyslog_chk will ultimately want to pass PRINTF_LDBL_IS_DBL
down to __vfprintf_internal *as well as* possibly setting PRINTF_FORTIFY.
To make that possible, we need a __vsyslog_internal that takes the
same flags as printf. The code in misc/syslog.c does also get a
little simpler.
Tested for powerpc and powerpc64le.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=698fb75b9ff5ae454a1344b5f9fafa0ca367c555
commit 698fb75b9ff5ae454a1344b5f9fafa0ca367c555
Author: Zack Weinberg <zackw@panix.com>
Date: Wed Mar 7 14:32:01 2018 -0500
Add __v*printf_internal with flags arguments
There are a lot more printf variants than there are scanf variants,
and the code for setting up and tearing down their custom FILE
variants around the call to __vf(w)printf is more complicated and
variable. Therefore, I have added _internal versions of all the
v*printf variants, rather than introducing helper routines so that
they can all directly call __vf(w)printf_internal, as was done with
scanf.
As with the scanf changes, in this patch the _internal functions still
look at the environmental mode bits and all callers pass 0 for the
flags parameter.
Several of the affected public functions had _IO_ name aliases that
were not exported (but, in one case, appeared in libio.h anyway);
I was originally planning to leave them as aliases to avoid having
to touch internal callers, but it turns out ldbl_*_alias only work
for exported symbols, so they've all been removed instead. It also
turns out there were hardly any internal callers. _IO_vsprintf and
_IO_vfprintf *are* exported, so those two stick around.
Summary for the changes to each of the affected symbols:
_IO_vfprintf, _IO_vsprintf:
All internal calls removed, thus the internal declarations, as well
as uses of libc_hidden_proto and libc_hidden_def, were also removed.
The external symbol is now exposed via uses of ldbl_strong_alias
to __vfprintf_internal and __vsprintf_internal, respectively.
_IO_vasprintf, _IO_vdprintf, _IO_vsnprintf,
_IO_vfwprintf, _IO_vswprintf,
_IO_obstack_vprintf, _IO_obstack_printf:
All internal calls removed, thus declaration in internal headers
were also removed. They were never exported, so there are no
aliases tying them to the internal functions. I.e.: entirely gone.
__vsnprintf:
Internal calls were always preceded by macros such as
#define __vsnprintf _IO_vsnprintf, and
#define __vsnprintf vsnprintf
The macros were removed and their uses replaced with calls to the
new internal function __vsnprintf_internal. Since there were no
internal calls, the internal declaration was also removed. The
external symbol is preserved with ldbl_weak_alias to ___vsnprintf.
__vfwprintf:
All internal calls converted into calls to __vfwprintf_internal,
thus the internal declaration was removed. The function is now a
wrapper that calls __vfwprintf_internal. The external symbol is
preserved.
__vswprintf:
Similarly, but no external symbol.
__vasprintf, __vdprintf, __vfprintf, __vsprintf:
New internal wrappers. Not exported.
vasprintf, vdprintf, vfprintf, vsprintf, vsnprintf,
vfwprintf, vswprintf,
obstack_vprintf, obstack_printf:
These functions used to be aliases to the respective _IO_* function,
they are now aliases to their respective __* functions.
Tested for powerpc and powerpc64le.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d91798b31ac79914c234c4da7f7e7396bde2d85c
commit d91798b31ac79914c234c4da7f7e7396bde2d85c
Author: Zack Weinberg <zackw@panix.com>
Date: Wed Mar 7 14:32:00 2018 -0500
Use SCANF_LDBL_IS_DBL instead of __ldbl_is_dbl.
Change the callers of __vfscanf_internal and __vfwscanf_internal that
want to treat 'long double' as another name for 'double' (all of which
happen to be in sysdeps/ieee754/ldbl-opt/nldbl-compat.c) to communicate
this via the new flags argument, instead of the per-thread variable
__no_long_double and its __ldbl_is_dbl wrapper macro.
Tested for powerpc and powerpc64le.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b87eb3f8feb826ac48463f598fc10476055bee5a
commit b87eb3f8feb826ac48463f598fc10476055bee5a
Author: Zack Weinberg <zackw@panix.com>
Date: Wed Mar 7 14:31:59 2018 -0500
Use SCANF_ISOC99_A instead of _IO_FLAGS2_SCANF_STD.
Change the callers of __vfscanf_internal and __vfwscanf_internal that
want C99-compliant behavior to communicate this via the new flags
argument, rather than setting bits on the FILE object. This also
means these functions do not need to do their own locking.
Tested for powerpc and powerpc64le.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=349718d4d7841df46bcc36df9bc2baef4c40d6f5
commit 349718d4d7841df46bcc36df9bc2baef4c40d6f5
Author: Zack Weinberg <zackw@panix.com>
Date: Wed Mar 7 14:31:58 2018 -0500
Add __vfscanf_internal and __vfwscanf_internal with flags arguments.
There are two flags currently defined: SCANF_LDBL_IS_DBL is the mode
used by __nldbl_ scanf variants, and SCANF_ISOC99_A is the mode used
by __isoc99_ scanf variants. In this patch, the new functions honor
these flag bits if they're set, but they still also look at the
corresponding bits of environmental state, and callers all pass zero.
The new functions do *not* have the "errp" argument possessed by
_IO_vfscanf and _IO_vfwscanf. All internal callers passed NULL for
that argument. External callers could theoretically exist, so I
preserved wrappers, but they are flagged as compat symbols and they
don't preserve the three-way distinction among types of errors that
was formerly exposed. These functions probably should have been in
the list of deprecated _IO_ symbols in 2.27 NEWS -- they're not just
aliases for vfscanf and vfwscanf.
(It was necessary to introduce ldbl_compat_symbol for _IO_vfscanf.
Please check that part of the patch very carefully, I am still not
confident I understand all of the details of ldbl-opt.)
This patch also introduces helper inlines in libio/strfile.h that
encapsulate the process of initializing an _IO_strfile object for
reading. This allows us to call __vfscanf_internal directly from
sscanf, and __vfwscanf_internal directly from swscanf, without
duplicating the initialization code. (Previously, they called their
v-counterparts, but that won't work if we want to control *both* C99
mode and ldbl-is-dbl mode using the flags argument to__vfscanf_internal.)
It's still a little awkward, especially for wide strfiles, but it's
much better than what we had.
Tested for powerpc and powerpc64le.
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 349 ++++
argp/argp-fmtstream.c | 3 +-
argp/argp-help.c | 4 +-
argp/argp-namefrob.h | 2 -
debug/Makefile | 2 +-
debug/asprintf_chk.c | 20 +-
debug/dprintf_chk.c | 20 +-
debug/fprintf_chk.c | 20 +-
debug/fwprintf_chk.c | 20 +-
debug/obprintf_chk.c | 96 +-
debug/printf_chk.c | 20 +-
debug/snprintf_chk.c | 24 +-
debug/sprintf_chk.c | 25 +-
debug/swprintf_chk.c | 27 +-
debug/vasprintf_chk.c | 68 +-
debug/vdprintf_chk.c | 37 +-
debug/vfprintf_chk.c | 21 +-
debug/vfwprintf_chk.c | 21 +-
debug/vobprintf_chk.c | 31 +
debug/vprintf_chk.c | 20 +-
debug/vsnprintf_chk.c | 46 +-
debug/vsprintf_chk.c | 69 +-
debug/vswprintf_chk.c | 51 +-
debug/vwprintf_chk.c | 21 +-
debug/wprintf_chk.c | 21 +-
hurd/vpprintf.c | 2 +-
include/stdio.h | 8 -
include/sys/syslog.h | 19 +-
include/wchar.h | 12 -
libio/fwprintf.c | 2 +-
libio/iolibio.h | 8 -
libio/iovdprintf.c | 13 +-
libio/iovsprintf.c | 66 +-
libio/iovsscanf.c | 12 +-
libio/iovswscanf.c | 14 +-
libio/libio.h | 8 -
libio/libioP.h | 97 +-
libio/obprintf.c | 19 +-
libio/strfile.h | 33 +-
libio/swprintf.c | 2 +-
libio/swscanf.c | 10 +-
libio/vasprintf.c | 20 +-
libio/vscanf.c | 2 +-
libio/vsnprintf.c | 16 +-
libio/vswprintf.c | 16 +-
libio/vwprintf.c | 2 +-
libio/vwscanf.c | 2 +-
libio/wprintf.c | 2 +-
libio/wscanf.c | 2 +-
misc/syslog.c | 36 +-
stdio-common/Makefile | 10 +-
stdio-common/Versions | 3 +
stdio-common/asprintf.c | 6 +-
stdio-common/dprintf.c | 5 +-
stdio-common/fprintf.c | 2 +-
stdio-common/fxprintf.c | 4 +-
stdio-common/iovfscanf.c | 38 +
stdio-common/iovfwscanf.c | 38 +
stdio-common/isoc99_fscanf.c | 7 +-
stdio-common/isoc99_scanf.c | 12 +-
stdio-common/isoc99_sscanf.c | 8 +-
stdio-common/isoc99_vfscanf.c | 9 +-
stdio-common/isoc99_vscanf.c | 9 +-
stdio-common/isoc99_vsscanf.c | 16 +-
stdio-common/printf.c | 3 +-
stdio-common/scanf.c | 2 +-
stdio-common/snprintf.c | 4 +-
stdio-common/sprintf.c | 4 +-
stdio-common/sscanf.c | 12 +-
stdio-common/tst-bz11319-fortify2.c | 1 +
stdio-common/tst-bz11319.c | 49 +
stdio-common/vfprintf-internal.c | 2358 +++++++++++++++++++++++
stdio-common/vfprintf.c | 2351 +-----------------------
stdio-common/vfscanf-internal.c | 3043 ++++++++++++++++++++++++++++++
stdio-common/vfscanf.c | 3042 +-----------------------------
stdio-common/vfwprintf-internal.c | 2 +
stdio-common/vfwprintf.c | 28 +-
stdio-common/vfwscanf-internal.c | 2 +
stdio-common/vfwscanf.c | 28 +-
stdio-common/vprintf.c | 4 +-
stdlib/strfrom-skeleton.c | 2 +-
sysdeps/generic/math_ldbl_opt.h | 5 +-
sysdeps/generic/stdio-lock.h | 7 -
sysdeps/ieee754/ldbl-opt/Makefile | 2 +-
sysdeps/ieee754/ldbl-opt/math_ldbl_opt.h | 13 +-
sysdeps/ieee754/ldbl-opt/nldbl-compat.c | 773 ++++----
sysdeps/nptl/stdio-lock.h | 7 -
wcsmbs/isoc99_fwscanf.c | 7 +-
wcsmbs/isoc99_swscanf.c | 11 +-
wcsmbs/isoc99_vfwscanf.c | 9 +-
wcsmbs/isoc99_vswscanf.c | 15 +-
wcsmbs/isoc99_vwscanf.c | 9 +-
wcsmbs/isoc99_wscanf.c | 7 +-
93 files changed, 6841 insertions(+), 6587 deletions(-)
create mode 100644 debug/vobprintf_chk.c
create mode 100644 stdio-common/iovfscanf.c
create mode 100644 stdio-common/iovfwscanf.c
create mode 100644 stdio-common/tst-bz11319-fortify2.c
create mode 100644 stdio-common/tst-bz11319.c
create mode 100644 stdio-common/vfprintf-internal.c
create mode 100644 stdio-common/vfscanf-internal.c
create mode 100644 stdio-common/vfwprintf-internal.c
create mode 100644 stdio-common/vfwscanf-internal.c
--
You are receiving this mail because:
You are on the CC list for the bug.