Summary: | data type causing overflow in fwrite | ||
---|---|---|---|
Product: | glibc | Reporter: | Maninder Singh <maninder1.s> |
Component: | libc | Assignee: | Not yet assigned to anyone <unassigned> |
Status: | RESOLVED WORKSFORME | ||
Severity: | normal | CC: | akhilesh.k, drepper.fsp, fweimer, maninder1.s |
Priority: | P2 | Flags: | fweimer:
security-
|
Version: | 2.24 | ||
Target Milestone: | --- | ||
Host: | Target: | ||
Build: | Last reconfirmed: | 2017-08-24 00:00:00 |
Description
Maninder Singh
2017-08-23 10:12:41 UTC
I don't think _IO_SYSWRITE will return zero in the failure case. Instead, it will set the _IO_ERR_SEEN flag. (In reply to Florian Weimer from comment #1) > I don't think _IO_SYSWRITE will return zero in the failure case. Instead, > it will set the _IO_ERR_SEEN flag. But as per our checking it is returning -1. 1298 _IO_size_t 1299 _IO_new_file_xsputn (_IO_FILE *f, const void *data, _IO_size_t n) 1300 { ... 1344 s += count; 1345 to_do -= count; 1346 } ==> at this point to_do value was 12395. and at below code position it was increased by 1:- 1371 if (to_do) 1372 to_do -= _IO_default_xsputn (f, s+do_write, to_do); // tod:-12396 1373 } Which means it is increased by 1, which is possible if 1360 if (do_write) 1361 { 1362 count = new_do_write (f, s, do_write); 1363 to_do -= count; new_do_write returns -ve value, which means IO_SYSWRTE returns -ve value. we are not sure about IO_SYSWRTE return value, but man page of write system call says it will return -1 on failure. Please provide a full test case. No details supplied in nearly two months. Closing. |