[Bug manual/2074] _IO_new_file_xsputn() in fileops.c not checking for EOF

[Bug manual/2074] _IO_new_file_xsputn() in fileops.c not checking for EOF

[aj at suse dot de]

http://sourceware.org/bugzilla/show_bug.cgi?id=2074

Andreas Jaeger <aj at suse dot de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
                 CC|                            |aj at suse dot de
         Resolution|                            |FIXED

--- Comment #12 from Andreas Jaeger <aj at suse dot de> 2012-04-12 19:05:39 UTC ---
The patch to the manual and also a corresponding change to libio.h has been put
into git now.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug manual/2074] _IO_new_file_xsputn() in fileops.c not checking for EOF

[aj at suse dot de]

http://sourceware.org/bugzilla/show_bug.cgi?id=2074

--- Comment #13 from Andreas Jaeger <aj at suse dot de> 2012-04-12 19:09:46 UTC ---
I also filed Bug 13975 - fopencookie interface surprising.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug manual/2074] _IO_new_file_xsputn() in fileops.c not checking for EOF

[mtk.manpages at gmail dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=2074

Michael Kerrisk <mtk.manpages at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mtk.manpages at gmail dot
                   |                            |com

--- Comment #14 from Michael Kerrisk <mtk.manpages at gmail dot com> 2012-04-30 01:11:15 UTC ---
(In reply to comment #11)
> Created attachment 4777 [details]
> proposed patch
> 
> Ok to commit?

I've committed a corresponding change to the fopencookie(3) man page.

@@ -158,7 +158,8 @@ As its function result, the
 .I write
 function should return the number of bytes copied from
 .IR buf ,
-or \-1 on error.
+or 0 on error.
+(The function must not return a negative value.)
 The
 .I write
 function should update the stream offset appropriately.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug manual/2074] _IO_new_file_xsputn() in fileops.c not checking for EOF

[jackie.rosen at hushmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=2074

Jackie Rosen <jackie.rosen at hushmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jackie.rosen at hushmail dot com

--- Comment #15 from Jackie Rosen <jackie.rosen at hushmail dot com> ---
*** Bug 260998 has been marked as a duplicate of this bug. ***
Seen from the domain http://volichat.com
Page where seen: http://volichat.com/adult-chat-rooms
Marked for reference. Resolved as fixed @bugzilla.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug manual/2074] _IO_new_file_xsputn() in fileops.c not checking for EOF

[schwab at sourceware dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=2074

Andreas Schwab <schwab at sourceware dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|jackie.rosen at hushmail dot com   |

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug manual/2074] _IO_new_file_xsputn() in fileops.c not checking for EOF

[fweimer at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=2074

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |security-

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/2074] New: _IO_new_file_xsputn() in fileops.c not checking for EOF

[jfardo at laurelnetworks dot com]

In glibc 2.3.4, the function new_do_write() in libio/fileops.c returns an 
unsigned
value (an _IO_size_t). If the underlying write system call in new_do_write()
returns EOF (-1), new_do_write() will return 0xffffffff rather than -1.

The function IO_new_file_xsputn() in libio/fileops.c appears to have
2 problems if the call to new_do_write() returns 0xffffffff. Here's
the specific snippet of code from IO_new_file_xsputn():
      if (do_write)
        {
          count = new_do_write (f, s, do_write);
          to_do -= count;
          if (count < do_write)
            return n - to_do;
        }
      /* Now write out the remainder.  Normally, this will fit in the
	 buffer, but it's somewhat messier for line-buffered files,
	 so we let _IO_default_xsputn handle the general case. */
      if (to_do)
	to_do -= INTUSE(_IO_default_xsputn) (f, s+do_write, to_do);
    }
  return n - to_do;


If new_do_write() returns 0xffffffff, 'to_do' will actually
be incremented by 1. Also, since 'count' is an unsigned quantity,
the if statement 'if (count < do_write)' will evaluate to false,
and the code will incorrectly fall through to the call to
IO_default_xsputn().

-- 
           Summary: _IO_new_file_xsputn() in fileops.c not checking for EOF
           Product: glibc
           Version: 2.3.4
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: drepper at redhat dot com
        ReportedBy: jfardo at laurelnetworks dot com
                CC: glibc-bugs at sources dot redhat dot com
 GCC build triplet: i686-pc-linux-gnu
  GCC host triplet: i686-pc-linux-gnu
GCC target triplet: i686-pc-linux-gnu


http://sourceware.org/bugzilla/show_bug.cgi?id=2074

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug manual/2074] _IO_new_file_xsputn() in fileops.c not checking for EOF

[pasky at suse dot cz]

------- Additional Comments From pasky at suse dot cz  2010-05-10 23:46 -------
Then this is a documentation bug - 12.21.3.2 Custom Stream Hook Functions says:

   You should define the function to write data to the cookie as:

     ssize_t WRITER (void *COOKIE, const char *BUFFER, size_t SIZE)

   This is very similar to the `write' function; see *note I/O
Primitives::.  Your function should transfer up to SIZE bytes from the
buffer, and return the number of bytes written.  You can return a value
of `-1' to indicate an error.

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
          Component|libc                        |manual
         Resolution|INVALID                     |


http://sourceware.org/bugzilla/show_bug.cgi?id=2074

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug manual/2074] _IO_new_file_xsputn() in fileops.c not checking for EOF

[pasky at suse dot cz]

------- Additional Comments From pasky at suse dot cz  2010-05-11 00:51 -------
Created an attachment (id=4777)
 --> (http://sourceware.org/bugzilla/attachment.cgi?id=4777&action=view)
proposed patch

Ok to commit?

-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=2074

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.