This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v3 6/7] Use PRINTF_FORTIFY instead of _IO_FLAGS2_FORTIFY (bug 11319)
- From: "Gabriel F. T. Gomes" <gabriel at inconstante dot eti dot br>
- To: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>
- Cc: <libc-alpha at sourceware dot org>
- Date: Tue, 4 Dec 2018 14:19:46 -0200
- Subject: Re: [PATCH v3 6/7] Use PRINTF_FORTIFY instead of _IO_FLAGS2_FORTIFY (bug 11319)
- References: <20181115214449.19262-1-gabriel@inconstante.eti.br> <20181115214449.19262-7-gabriel@inconstante.eti.br> <878aa68c-1a30-69d6-ae01-4acd6d80ccaa@linaro.org>
On Thu, 22 Nov 2018, Adhemerval Zanella wrote:
>On 15/11/2018 19:44, Gabriel F. T. Gomes wrote:
>> From: Zack Weinberg <zackw@panix.com>
>
>I don't recall exactly which patch was the one that actually fixes BZ#11319,
>my previous indication was 'Add __v*printf_internal with flags arguments.'.
>Could you recheck it please?
Yes, sure. This patch fixes the bug, because of the following change...
>> int
>> -__vdprintf_chk (int d, int flags, const char *format, va_list arg)
>> +__vdprintf_chk (int d, int flag, const char *format, va_list ap)
>> {
>> - struct _IO_FILE_plus tmpfil;
>> - struct _IO_wide_data wd;
>> - int done;
>> -
>> -#ifdef _IO_MTSAFE_IO
>> - tmpfil.file._lock = NULL;
>> -#endif
>> - _IO_no_init (&tmpfil.file, _IO_USER_LOCK, 0, &wd, &_IO_wfile_jumps);
>> - _IO_JUMPS (&tmpfil) = &_IO_file_jumps;
>> - _IO_new_file_init_internal (&tmpfil);
>> - if (_IO_file_attach (&tmpfil.file, d) == NULL)
>> - {
>> - _IO_un_link (&tmpfil);
>> - return EOF;
>> - }
>> - tmpfil.file._flags |= _IO_DELETE_DONT_CLOSE;
>> -
>> - _IO_mask_flags (&tmpfil.file, _IO_NO_READS,
>> - _IO_NO_READS+_IO_NO_WRITES+_IO_IS_APPENDING);
>> -
>> - /* For flags > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
>> + /* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
>> can only come from read-only format strings. */
>> - if (flags > 0)
>> - tmpfil.file._flags2 |= _IO_FLAGS2_FORTIFY;
>> -
>> - done = __vfprintf_internal (&tmpfil.file, format, arg, 0);
>> -
>> - _IO_FINISH (&tmpfil.file);
>> + unsigned int mode = (flag > 0) ? PRINTF_FORTIFY : 0;
>>
>> - return done;
>> + return __vdprintf_internal (d, format, ap, mode);
Notice that the call to __vfprintf_internal was replaced with a call to
__vdprintf_internal, which has the check for EOF (lines 55 and 56 [1]).
I wrote a test case to check this and I confirm that the problem is
reproducible without this patch, but not with it. (I'll clean the test up
and send to this list... Maybe it should get in to avoid regressions).
[1] https://sourceware.org/git/?p=glibc.git;a=blob;f=libio/iovdprintf.c;h=78a3a2bd159bfc8020d970cecadeaca6e2312a7b;hb=HEAD