From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id E62123858D37 for ; Thu, 9 Nov 2023 12:49:44 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E62123858D37 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org E62123858D37 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1699534186; cv=none; b=laz7fVMf/I1Vb7cknP5VgDQkrRGqOZYFG7c/H8dNkivPsr1wSzCS7zVLPmMosQLHQbcCeLFbXSDerqHNtbMdXv2jamCTnL9j6ahNtAnqbrQJqxB7GE4w7v810oVqOMQCv2K3pi/nA1k1SlL4lSavqIuB5pNqZs4xu3aeb2Xa1GI= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1699534186; c=relaxed/simple; bh=c3zHD1baDhoHMjUMyDXb81zTsPt7NfwKTMz9tAf+En4=; h=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version; b=PpL4/Nzr93SGkhjCLqkA+f2MvztZl9164SasGAuqFAWW29R/RBmlD+V5j8WlhKDZXDZqy6I6MUuILGRWzEmKUwNiwFF71XRDWWA2HxgJdPFlljd3AWpdMX1xRxWPBAgV9I3IqFDrrkHbREjjtIDjgl1dSiRDuJMsVu3wHA9lkE4= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1699534184; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references; bh=r2L3DR+PH3Eh1z0gm1tCS0Ud97VuXrnIgwF1uULxLXY=; b=ad6Mr2HKCtIqrzI0T4ZmFHP1+3UX4UBT6Af1yizCHsh8M+LGmt8LsCntImJts5lQdTXx05 6FBEr9szki9KRAXnJ8YP3K4DNpE5p+uf1Y5JBAkutNKS6NF5rfUJBJbTpZw5Hr9H0j3gp1 +0yqVQI+oBdu4MJfwAPIFlzZNQ/97ek= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-352-BUYeIuYlNq-FMnRfNe-gog-1; Thu, 09 Nov 2023 07:49:43 -0500 X-MC-Unique: BUYeIuYlNq-FMnRfNe-gog-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D445A3C1ACCE for ; Thu, 9 Nov 2023 12:49:42 +0000 (UTC) Received: from calimero.vinschen.de (unknown [10.39.192.157]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B2D631C060AE for ; Thu, 9 Nov 2023 12:49:42 +0000 (UTC) Received: by calimero.vinschen.de (Postfix, from userid 500) id 596F0A80888; Thu, 9 Nov 2023 13:49:41 +0100 (CET) Date: Thu, 9 Nov 2023 13:49:41 +0100 From: Corinna Vinschen To: newlib@sourceware.org Subject: Re: [PATCH v5] newlib: libc: Fix crash on fprintf to a wide-oriented stream. Message-ID: Reply-To: newlib@sourceware.org Mail-Followup-To: newlib@sourceware.org References: <20231108214813.1569-1-takashi.yano@nifty.ne.jp> <20231109192624.8fd1d42b4123b444b095f81f@nifty.ne.jp> MIME-Version: 1.0 In-Reply-To: <20231109192624.8fd1d42b4123b444b095f81f@nifty.ne.jp> X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.7 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Disposition: inline X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Nov 9 19:26, Takashi Yano wrote: > On Thu, 9 Nov 2023 11:08:03 +0100 > Corinna Vinschen wrote: > > On Nov 9 06:48, Takashi Yano wrote: > > > Previously, fprintf() on a wide-oriented stream crashes or outputs > > > garbage. This is because a narrow char string which can be odd bytes > > > in length is cast into a wide char string which should be even > > > bytes in length in __sprint_r/__sfputs_r based on the __SWID flag. > > > As a result, if the length is odd bytes, the reading buffer runs over > > > the buffer length, which causes a crash. If the length is even bytes, > > > garbage is printed. > > > > > > With this patch, any output to the stream which is set to different > > > orientation fails with error just like glibc. Note that it behaves > > > differently from other libc implementations such as BSD, musl and > > > Solaris. > > > > > > Reviewed-by: Corinna Vinschen > > > Signed-off-by: Takashi Yano > > > --- > > > newlib/libc/stdio/fgetwc.c | 6 ++++-- > > > newlib/libc/stdio/fgetwc_u.c | 3 ++- > > > newlib/libc/stdio/fgetws.c | 3 ++- > > > newlib/libc/stdio/fputs.c | 9 ++++++--- > > > newlib/libc/stdio/fputwc.c | 6 ++++-- > > > newlib/libc/stdio/fputwc_u.c | 3 ++- > > > newlib/libc/stdio/fputws.c | 6 ++++-- > > > newlib/libc/stdio/fread.c | 7 ++++++- > > > newlib/libc/stdio/fwrite.c | 9 +++++++-- > > > newlib/libc/stdio/local.h | 31 +++++++++++++++++-------------- > > > newlib/libc/stdio/putc.c | 4 ++++ > > > newlib/libc/stdio/puts.c | 9 ++++++--- > > > newlib/libc/stdio/refill.c | 3 ++- > > > newlib/libc/stdio/ungetc.c | 6 +++++- > > > newlib/libc/stdio/ungetwc.c | 5 +++-- > > > newlib/libc/stdio/vfprintf.c | 5 ++++- > > > newlib/libc/stdio/vfscanf.c | 6 +++++- > > > newlib/libc/stdio/vfwprintf.c | 5 ++++- > > > newlib/libc/stdio/vfwscanf.c | 6 +++++- > > > 19 files changed, 92 insertions(+), 40 deletions(-) > > > > Looks good, please push. > > Thanks. Should this also be applied to cygwin-3_4-branch? Tricky question. It's a bugfix, yeah, but a bugfix for an undefined situation. And it's also a behavioral change. So, from my POV we shouldn't backport it. But if you have another POV, we can discuss it. It occured to me that you didn't mention where the testcase is coming from. Was that a real-world problem? If so, where and in which circumstances? Corinna