[Bug stdio/18549] New: fmemopen getc allows segfault at EOF

[Bug stdio/18549] New: fmemopen getc allows segfault at EOF

[quae at daurnimator dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=18549

            Bug ID: 18549
           Summary: fmemopen getc allows segfault at EOF
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: stdio
          Assignee: unassigned at sourceware dot org
          Reporter: quae at daurnimator dot com
  Target Milestone: ---

If you "getc" through an fmemopen'd FILE*, fwrite seems to be able to write
past EOF; which will cause a segfault on fclose.


#define _GNU_SOURCE

#include <stdio.h> /* fmemopen */

int main() {
        FILE *f = fmemopen(NULL, 100, "w+b");
        if (!f) return (perror("fmemopen"), 1);
        /* read until EOF */
        int c;
        while ((c = getc(f)) != EOF) { }
        /* write something */
        printf("Write %d bytes.\n", fwrite("asd", 3, 1, f));
        /* fclose segfaults for me */
        fclose(f);
        return 0;
}

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug stdio/18549] fmemopen getc allows segfault at EOF

[quae at daurnimator dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=18549

daurnimator <quae at daurnimator dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |quae at daurnimator dot com

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug stdio/18549] fmemopen getc allows segfault at EOF

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=18549

--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  7c2ce714d4e853aadbec13b920576fdfada520f1 (commit)
      from  cc08749b2d1c68284b25b157fbbe1ff219495cae (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7c2ce714d4e853aadbec13b920576fdfada520f1

commit 7c2ce714d4e853aadbec13b920576fdfada520f1
Author: Andreas Schwab <schwab@suse.de>
Date:   Thu Jun 25 11:53:06 2015 +0200

    Fix buffer overflow for writes to memory buffer stream (bug 18549)

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog             |    6 ++++++
 NEWS                  |    3 ++-
 libio/fmemopen.c      |    2 +-
 libio/test-fmemopen.c |   13 +++++++++++--
 4 files changed, 20 insertions(+), 4 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug stdio/18549] fmemopen getc allows segfault at EOF

[schwab@linux-m68k.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=18549

Andreas Schwab <schwab@linux-m68k.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED
   Target Milestone|---                         |2.22

--- Comment #2 from Andreas Schwab <schwab@linux-m68k.org> ---
Fixed for 2.22.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug stdio/18549] fmemopen getc allows segfault at EOF

[quae at daurnimator dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=18549

--- Comment #3 from daurnimator <quae at daurnimator dot com> ---
Thanks!

Quickest turn around I've had on one of my glibc bugs :P

-- 
You are receiving this mail because:
You are on the CC list for the bug.