[PATCH v4] libio: Ensure output buffer for wchars (bug 28828)
jobol@nonadev.net
jobol@nonadev.net
Tue Mar 8 08:58:16 GMT 2022
From: José Bollo <jobol@nonadev.net>
When fileops.c checks for nullity of the write pointer,
in order to ensure its allocation, before that patch,
wfileops didn't. This was leading to crashes on some cases,
as described by bug 28828.
The minimal sequence to produce the crash was:
#include <stdio.h>
#include <wchar.h>
int main(int ac, char **av)
{
setvbuf(stdout, NULL, _IOLBF, 0);
fgetwc(stdin);
fputwc(10, stdout); /*CRASH HERE!*/
return 0;
}
The line "fgetwc(stdin);" is necessary. It introduces the
bug by setting the flag _IO_CURRENTLY_PUTTING of stdout
indirectly (file wfileops.c, function _IO_wfile_underflow, line 213).
Signed-off-by: Jose Bollo <jobol@nonadev.net>
---
libio/Makefile | 2 +-
libio/tst-bz28828.c | 33 +++++++++++++++++++++++++++++++++
libio/tst-bz28828.input | 1 +
libio/wfileops.c | 3 ++-
4 files changed, 37 insertions(+), 2 deletions(-)
create mode 100644 libio/tst-bz28828.c
create mode 100644 libio/tst-bz28828.input
diff --git a/libio/Makefile b/libio/Makefile
index 0e5f348bea..e97387743f 100644
--- a/libio/Makefile
+++ b/libio/Makefile
@@ -66,7 +66,7 @@ tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc tst_putwc \
tst-fwrite-error tst-ftell-partial-wide tst-ftell-active-handler \
tst-ftell-append tst-fputws tst-bz22415 tst-fgetc-after-eof \
tst-sprintf-ub tst-sprintf-chk-ub tst-bz24051 tst-bz24153 \
- tst-wfile-sync
+ tst-wfile-sync tst-bz28828
tests-internal = tst-vtables tst-vtables-interposed
diff --git a/libio/tst-bz28828.c b/libio/tst-bz28828.c
new file mode 100644
index 0000000000..22a70dd954
--- /dev/null
+++ b/libio/tst-bz28828.c
@@ -0,0 +1,33 @@
+/* Unit test for BZ#28828.
+ Copyright (C) 2022 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <support/xstdio.h>
+#include <support/check.h>
+#include <wchar.h>
+
+static int
+do_test (void)
+{
+ setvbuf(stdout, NULL, _IOLBF, 0);
+ fgetwc(stdin);
+ fputwc(10, stdout); /*SHOUDN'T CRASH HERE!*/
+ return 0;
+}
+
+#include <support/test-driver.c>
+
diff --git a/libio/tst-bz28828.input b/libio/tst-bz28828.input
new file mode 100644
index 0000000000..ce01362503
--- /dev/null
+++ b/libio/tst-bz28828.input
@@ -0,0 +1 @@
+hello
diff --git a/libio/wfileops.c b/libio/wfileops.c
index fb9d45b677..b59a98881f 100644
--- a/libio/wfileops.c
+++ b/libio/wfileops.c
@@ -412,7 +412,8 @@ _IO_wfile_overflow (FILE *f, wint_t wch)
return WEOF;
}
/* If currently reading or no buffer allocated. */
- if ((f->_flags & _IO_CURRENTLY_PUTTING) == 0)
+ if ((f->_flags & _IO_CURRENTLY_PUTTING) == 0
+ || f->_wide_data->_IO_write_base == NULL)
{
/* Allocate a buffer if needed. */
if (f->_wide_data->_IO_write_base == 0)
--
2.34.1
More information about the Libc-alpha
mailing list