Re: [PATCH] libio: Ensure output buffer for wchars (bug 28828)

[Adhemerval Zanella <adhemerval.zanella@linaro.org>]

On 14/02/2022 17:23, José Bollo wrote:
> From: "jobol@nonadev.net" <jobol@nonadev.net>
> 
> When fileops.c checks for nullity of the write pointer,
> in order to ensure its allocation, before that patch,
> wfileops didn't. This was leading to crashes on some cases,
> as described by bug 28828.
> 
> The minimal sequence to produce the crash was:
> 
>     #include <stdio.h>
>     #include <wchar.h>
>     int main(int ac, char **av)
>     {
>             setvbuf(stdout, NULL, _IOLBF, 0);
>             fgetwc(stdin);
>             fputwc(10, stdout); /*CRASH HERE!*/
>             return 0;
>     }
> 
> The line "fgetwc(stdin);" is necessary. It introduces the
> bug by setting the flag _IO_CURRENTLY_PUTTING of stdout
> indirectly (file wfileops.c, function _IO_wfile_underflow, line 213).
> 
> Signed-off-by: Jose Bollo <jobol@nonadev.net>
> ---
>  libio/Makefile      |  2 +-
>  libio/tst-bz28828.c | 10 ++++++++++
>  libio/wfileops.c    |  5 +++--
>  3 files changed, 14 insertions(+), 3 deletions(-)
>  create mode 100644 libio/tst-bz28828.c
> 
> diff --git a/libio/Makefile b/libio/Makefile
> index 0e5f348bea..e97387743f 100644
> --- a/libio/Makefile
> +++ b/libio/Makefile
> @@ -66,7 +66,7 @@ tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc tst_putwc   \
>  	tst-fwrite-error tst-ftell-partial-wide tst-ftell-active-handler \
>  	tst-ftell-append tst-fputws tst-bz22415 tst-fgetc-after-eof \
>  	tst-sprintf-ub tst-sprintf-chk-ub tst-bz24051 tst-bz24153 \
> -	tst-wfile-sync
> +	tst-wfile-sync tst-bz28828
>  
>  tests-internal = tst-vtables tst-vtables-interposed
>  
> diff --git a/libio/tst-bz28828.c b/libio/tst-bz28828.c
> new file mode 100644
> index 0000000000..f5849d2ca6
> --- /dev/null
> +++ b/libio/tst-bz28828.c
> @@ -0,0 +1,10 @@
> +#include <stdio.h>
> +#include <wchar.h>
> +int main(int ac, char **av)
> +{
> +	setvbuf(stdout, NULL, _IOLBF, 0);
> +	fgetwc(stdin);
> +	fputwc(10, stdout); /*SHOUDN'T CRASH HERE!*/
> +	return 0;
> +}
> +

Sorry but this test is unacceptable, it blocks the make check indefinitely
(triggering a failure) and does not use libsupport.  This fix requires a
proper testcase, there multiple ways to do, so please check an already
test on libio.  

> diff --git a/libio/wfileops.c b/libio/wfileops.c
> index fb9d45b677..aa94a22983 100644
> --- a/libio/wfileops.c
> +++ b/libio/wfileops.c
> @@ -412,10 +412,11 @@ _IO_wfile_overflow (FILE *f, wint_t wch)
>        return WEOF;
>      }
>    /* If currently reading or no buffer allocated. */
> -  if ((f->_flags & _IO_CURRENTLY_PUTTING) == 0)
> +  if ((f->_flags & _IO_CURRENTLY_PUTTING) == 0
> +      || f->_wide_data->_IO_write_base == NULL)
>      {

It seems ok, the _IOFBF buffer type has a specific case for buf being
null where it ended up calling _IO_DOALLOCATE (which _IOLBF does not).

>        /* Allocate a buffer if needed. */
> -      if (f->_wide_data->_IO_write_base == 0)
> +      if (f->_wide_data->_IO_write_base == NULL)

I would prefer to avoid make style change on a bug fix. 

>  	{
>  	  _IO_wdoallocbuf (f);
>  	  _IO_free_wbackup_area (f);