From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 18360 invoked by alias); 31 Aug 2010 10:29:16 -0000 Received: (qmail 18154 invoked by uid 22791); 31 Aug 2010 10:29:15 -0000 X-SWARE-Spam-Status: No, hits=-5.5 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,SARE_SUB_PCT_LETTER,SPF_HELO_PASS,TW_VF,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Tue, 31 Aug 2010 10:29:09 +0000 Received: from int-mx03.intmail.prod.int.phx2.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o7VAT8lq007938 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 31 Aug 2010 06:29:08 -0400 Received: from hase.home (ovpn01.gateway.prod.ext.phx2.redhat.com [10.5.9.1]) by int-mx03.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id o7VAT6xn021675 for ; Tue, 31 Aug 2010 06:29:07 -0400 From: Andreas Schwab To: libc-hacker@sourceware.org Subject: [PATCH] Don't parse %s format argument as multibyte string X-Yow: "DARK SHADOWS" is on!! Hey, I think the VAMPIRE forgot his UMBRELLA!! Date: Tue, 31 Aug 2010 10:29:00 -0000 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Mailing-List: contact libc-hacker-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-hacker-owner@sourceware.org X-SW-Source: 2010-08/txt/msg00009.txt.bz2 The argument for the %s format is to be treated as an array of bytes. Andreas. 2010-08-31 Andreas Schwab [BZ #6530] * stdio-common/vfprintf.c (process_string_arg): Revert 2000-07-22 change. --- stdio-common/vfprintf.c | 40 ++++------------------------------------ 1 files changed, 4 insertions(+), 36 deletions(-) diff --git a/stdio-common/vfprintf.c b/stdio-common/vfprintf.c index 6e0e85c..bd2609e 100644 --- a/stdio-common/vfprintf.c +++ b/stdio-common/vfprintf.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1991-2008, 2009 Free Software Foundation, Inc. +/* Copyright (C) 1991-2008, 2009, 2010 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -1160,41 +1160,9 @@ vfprintf (FILE *s, const CHAR_T *format, va_list ap) else if (!is_long && spec != L_('S')) \ { \ if (prec != -1) \ - { \ - /* Search for the end of the string, but don't search past \ - the length (in bytes) specified by the precision. Also \ - don't use incomplete characters. */ \ - if (_NL_CURRENT_WORD (LC_CTYPE, _NL_CTYPE_MB_CUR_MAX) == 1) \ - len = __strnlen (string, prec); \ - else \ - { \ - /* In case we have a multibyte character set the \ - situation is more complicated. We must not copy \ - bytes at the end which form an incomplete character. */\ - size_t ignore_size = (unsigned) prec > 1024 ? 1024 : prec;\ - wchar_t ignore[ignore_size]; \ - const char *str2 = string; \ - const char *strend = string + prec; \ - if (strend < string) \ - strend = (const char *) UINTPTR_MAX; \ - \ - mbstate_t ps; \ - memset (&ps, '\0', sizeof (ps)); \ - \ - while (str2 != NULL && str2 < strend) \ - if (__mbsnrtowcs (ignore, &str2, strend - str2, \ - ignore_size, &ps) == (size_t) -1) \ - { \ - done = -1; \ - goto all_done; \ - } \ - \ - if (str2 == NULL) \ - len = strlen (string); \ - else \ - len = str2 - string - (ps.__count & 7); \ - } \ - } \ + /* Search for the end of the string, but don't search past \ + the length (in bytes) specified by the precision. */ \ + len = __strnlen (string, prec); \ else \ len = strlen (string); \ } \ -- 1.7.2.2 -- Andreas Schwab, schwab@redhat.com GPG Key fingerprint = D4E8 DBE3 3813 BB5D FA84 5EC7 45C6 250E 6F00 984E "And now for something completely different."