Bug 10958 - getwc() does not work on popen()ed file streams
Summary: getwc() does not work on popen()ed file streams
Status: RESOLVED FIXED
Alias: None
Product: glibc
Classification: Unclassified
Component: libc (show other bugs)
Version: 2.11
: P2 normal
Target Milestone: ---
Assignee: Ulrich Drepper
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-11-14 11:07 UTC by Petr Baudis
Modified: 2014-07-01 05:24 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Petr Baudis 2009-11-14 11:07:31 UTC
As reported by kkylheku@gmail.com:

$ cat popen_getwc.c
#include <unistd.h>
#include <stdio.h>
#include <wchar.h>

int main(void)
{
  FILE *command = popen("ls", "r");
  wint_t ch = getwc(command);
  pclose(command);
  return ch;
}
$ gcc -Wall popen_getwc.c -o popen_getwc
$ ./popen_getwc
Segmentation fault

The crash is unaffected by whether or not we call setlocale to have LC_CTYPE set
up for multi-byte encodings or not.

(This was originally reported for glibc-2.3.something, but is reproducible for
me on glibc-2.10.1 as well; I'm still to check on 2.11.)

The recipe for workaround is: Create the FILE * command stream with popen. Then
pull out the file descriptor with fileno, duplicate it with dup, and use fdopen
to create a new FILE * descriptor on the duplicate. Then use the new FILE * in
place of the old for I/O operations.  Keep the original handle in order to call
pclose, to collect the process exit status.
Comment 1 Petr Baudis 2009-11-14 19:57:29 UTC
(indeed still crashes on 2.11)
Comment 2 Ulrich Drepper 2009-11-19 18:30:12 UTC
Fixed in git.