This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite
- From: Rich Felker <dalias at libc dot org>
- To: Paul Pluzhnikov <ppluzhnikov at google dot com>
- Cc: GLIBC Devel <libc-alpha at sourceware dot org>
- Date: Mon, 26 Oct 2015 16:06:06 -0400
- Subject: Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite
- Authentication-results: sourceware.org; auth=none
- References: <CALoOobOpSFwNOqD2RbsSQ95+16=xWN=fTpDJZqgPGJPSXCDmEA at mail dot gmail dot com>
On Sun, Oct 25, 2015 at 08:49:30PM -0700, Paul Pluzhnikov wrote:
> Greetings,
>
> Attached patch fixes BZ 19165 by failing fwrite when the byte count is
> impossibly large, and by returning actual count from fread, instead of
> approximation of it. Tested on Linux/x86_64, no new failures.
>
>
> 2015-10-25 Paul Pluzhnikov <ppluzhnikov@google.com>
>
> [BZ #19165]
> * libio/iofread.c (_IO_fread): Return correct count.
> * ibio/iofread_u.c (__fread_unlocked): Likewise.
> * libio/iofwrite.c (_IO_fwrite): Error on overflow.
> * libio/iofwrite_u.c (fwrite_unlocked): Likewise.
>
> --
> Paul Pluzhnikov
> diff --git a/libio/iofread.c b/libio/iofread.c
> index eb69b05..a8ea391 100644
> --- a/libio/iofread.c
> +++ b/libio/iofread.c
> @@ -37,7 +37,7 @@ _IO_fread (void *buf, _IO_size_t size, _IO_size_t count, _IO_FILE *fp)
> _IO_acquire_lock (fp);
> bytes_read = _IO_sgetn (fp, (char *) buf, bytes_requested);
> _IO_release_lock (fp);
> - return bytes_requested == bytes_read ? count : bytes_read / size;
> + return bytes_read / size;
This highly pessimizes short reads/writes, e.g. fwrite(&c,1,1,f), by
introducing a div operation. The obvious intent of the original code
was to avoid this.
Rich