From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <glibc-bugs-return-19744-listarch-glibc-bugs=sources.redhat.com@sourceware.org>
Received: (qmail 26236 invoked by alias); 11 Oct 2013 17:09:54 -0000
Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <glibc-bugs.sourceware.org>
List-Subscribe: <mailto:glibc-bugs-subscribe@sourceware.org>
List-Post: <mailto:glibc-bugs@sourceware.org>
List-Help: <mailto:glibc-bugs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: glibc-bugs-owner@sourceware.org
Received: (qmail 25943 invoked by uid 48); 11 Oct 2013 17:09:51 -0000
From: "siddhesh at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug stdio/15362] fwrite() may read beyond end of specified buffer
Date: Fri, 11 Oct 2013 17:09:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: stdio
X-Bugzilla-Version: 2.17
X-Bugzilla-Keywords:
X-Bugzilla-Severity: critical
X-Bugzilla-Who: siddhesh at redhat dot com
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: bug_status resolution
Message-ID: <bug-15362-131-ZWfyoZplBp@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-15362-131@http.sourceware.org/bugzilla/>
References: <bug-15362-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2013-10/txt/msg00103.txt.bz2

https://sourceware.org/bugzilla/show_bug.cgi?id=15362

Siddhesh Poyarekar <siddhesh at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #2 from Siddhesh Poyarekar <siddhesh at redhat dot com> ---
Fixed in master:

commit 3d110c7c6e6549bd4124fce49cdc672f9e449799
Author: Eric Biggers <ebiggers3@gmail.com>
Date:   Fri Oct 11 22:29:38 2013 +0530

    Fix fwrite() reading beyond end of buffer in error path

    Partially revert commits 2b766585f9b4ffabeef2f36200c275976b93f2c7 and
    de2fd463b1c0310d75084b6d774fb974075a4ad9, which were intended to fix
BZ#11741
    but caused another, likely worse bug, namely that fwrite() and fputs()
could,
    in an error path, read data beyond the end of the specified buffer, and
    potentially even write this data to the file.

    Fix BZ#11741 properly by checking the return value from _IO_padn() in
    stdio-common/vfprintf.c.

-- 
You are receiving this mail because:
You are on the CC list for the bug.