From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oo1-xc2b.google.com (mail-oo1-xc2b.google.com [IPv6:2607:f8b0:4864:20::c2b]) by sourceware.org (Postfix) with ESMTPS id E1AEE3858408 for ; Mon, 21 Feb 2022 19:14:58 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org E1AEE3858408 Received: by mail-oo1-xc2b.google.com with SMTP id j7-20020a4ad6c7000000b0031c690e4123so5320193oot.11 for ; Mon, 21 Feb 2022 11:14:58 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:references:from:in-reply-to :content-transfer-encoding; bh=L1xQ6O2JZQiiAeOyt7zai64Gx8yDeBrf3wrGLKcsPAU=; b=CElktahD6b291C68IA1o3lkPUYG9UUWLHvozd25Ro3wu8nQc9NsHRxRU4E6PLnP/DN dHAt8xIfrQmibeXb5Bs2vxr3uoZSCLa3C/Yk1XQdFSaC/Em7+mwounxiaanKzQtG9fki DwupqVW0kFTurikqVNV7kw2vR73G9kjVUZMkwBA0o6bYnRdUHWNfQQaI1zIg72+sHsl1 ZqnIj9rlMftaTw5+MY0qwEE34pFQPXdHVth1js5TC/6DVn9pr0YMxxEjEeAX9CTZbDsd 3QPmLBfyO3Fmxn9E4P1e3i0ta4VO9rUoSPD8UP9qhy1ZfISyKg+/Que4JHQe6yUT8mXi nrKA== X-Gm-Message-State: AOAM530LEZFy0blMeXI13Wd/bFcJ0gmS7F/dDmYhA7o9+/g5yJO+qGZh ahRl54BEDNm3EMiqsbA0/NaAYpr9E5/RAQ== X-Google-Smtp-Source: ABdhPJzwOZYz6GUYYScgp43SXJazum2htIYbe0fESL1LVixv8IXkqqgiixc/zOeNOiAxb/pdD64MkA== X-Received: by 2002:a05:6870:b97:b0:d2:a49d:6194 with SMTP id lg23-20020a0568700b9700b000d2a49d6194mr180430oab.151.1645470898233; Mon, 21 Feb 2022 11:14:58 -0800 (PST) Received: from ?IPV6:2804:431:c7ca:cb36:ae42:babb:bfa3:4f13? ([2804:431:c7ca:cb36:ae42:babb:bfa3:4f13]) by smtp.gmail.com with ESMTPSA id e20sm243632oiy.30.2022.02.21.11.14.56 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 21 Feb 2022 11:14:57 -0800 (PST) Message-ID: <89639a82-614f-6fb8-2e8c-0d503bab6d6c@linaro.org> Date: Mon, 21 Feb 2022 16:14:55 -0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1 Subject: Re: [PATCH] libio: Ensure output buffer for wchars (bug 28828) Content-Language: en-US To: =?UTF-8?Q?Jos=c3=a9_Bollo?= , libc-alpha@sourceware.org References: <20220214202352.7784-1-jobol@nonadev.net> From: Adhemerval Zanella In-Reply-To: <20220214202352.7784-1-jobol@nonadev.net> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-12.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Feb 2022 19:15:01 -0000 On 14/02/2022 17:23, José Bollo wrote: > From: "jobol@nonadev.net" > > When fileops.c checks for nullity of the write pointer, > in order to ensure its allocation, before that patch, > wfileops didn't. This was leading to crashes on some cases, > as described by bug 28828. > > The minimal sequence to produce the crash was: > > #include > #include > int main(int ac, char **av) > { > setvbuf(stdout, NULL, _IOLBF, 0); > fgetwc(stdin); > fputwc(10, stdout); /*CRASH HERE!*/ > return 0; > } > > The line "fgetwc(stdin);" is necessary. It introduces the > bug by setting the flag _IO_CURRENTLY_PUTTING of stdout > indirectly (file wfileops.c, function _IO_wfile_underflow, line 213). > > Signed-off-by: Jose Bollo > --- > libio/Makefile | 2 +- > libio/tst-bz28828.c | 10 ++++++++++ > libio/wfileops.c | 5 +++-- > 3 files changed, 14 insertions(+), 3 deletions(-) > create mode 100644 libio/tst-bz28828.c > > diff --git a/libio/Makefile b/libio/Makefile > index 0e5f348bea..e97387743f 100644 > --- a/libio/Makefile > +++ b/libio/Makefile > @@ -66,7 +66,7 @@ tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc tst_putwc \ > tst-fwrite-error tst-ftell-partial-wide tst-ftell-active-handler \ > tst-ftell-append tst-fputws tst-bz22415 tst-fgetc-after-eof \ > tst-sprintf-ub tst-sprintf-chk-ub tst-bz24051 tst-bz24153 \ > - tst-wfile-sync > + tst-wfile-sync tst-bz28828 > > tests-internal = tst-vtables tst-vtables-interposed > > diff --git a/libio/tst-bz28828.c b/libio/tst-bz28828.c > new file mode 100644 > index 0000000000..f5849d2ca6 > --- /dev/null > +++ b/libio/tst-bz28828.c > @@ -0,0 +1,10 @@ > +#include > +#include > +int main(int ac, char **av) > +{ > + setvbuf(stdout, NULL, _IOLBF, 0); > + fgetwc(stdin); > + fputwc(10, stdout); /*SHOUDN'T CRASH HERE!*/ > + return 0; > +} > + Sorry but this test is unacceptable, it blocks the make check indefinitely (triggering a failure) and does not use libsupport. This fix requires a proper testcase, there multiple ways to do, so please check an already test on libio. > diff --git a/libio/wfileops.c b/libio/wfileops.c > index fb9d45b677..aa94a22983 100644 > --- a/libio/wfileops.c > +++ b/libio/wfileops.c > @@ -412,10 +412,11 @@ _IO_wfile_overflow (FILE *f, wint_t wch) > return WEOF; > } > /* If currently reading or no buffer allocated. */ > - if ((f->_flags & _IO_CURRENTLY_PUTTING) == 0) > + if ((f->_flags & _IO_CURRENTLY_PUTTING) == 0 > + || f->_wide_data->_IO_write_base == NULL) > { It seems ok, the _IOFBF buffer type has a specific case for buf being null where it ended up calling _IO_DOALLOCATE (which _IOLBF does not). > /* Allocate a buffer if needed. */ > - if (f->_wide_data->_IO_write_base == 0) > + if (f->_wide_data->_IO_write_base == NULL) I would prefer to avoid make style change on a bug fix. > { > _IO_wdoallocbuf (f); > _IO_free_wbackup_area (f);