libio: freopen of default streams crashes in old programs [BZ #24632]
Commit Message
As seen with very old i386 GCC binaries.
2019-06-03 Florian Weimer <fweimer@redhat.com>
[BZ #24632]
* libio/libioP.h (_IO_JUMPS_FUNC_UPDATE): New macro.
* libio/freopen.c (freopen): Use it.
Comments
* Florian Weimer:
> As seen with very old i386 GCC binaries.
>
> 2019-06-03 Florian Weimer <fweimer@redhat.com>
>
> [BZ #24632]
> * libio/libioP.h (_IO_JUMPS_FUNC_UPDATE): New macro.
> * libio/freopen.c (freopen): Use it.
>
> diff --git a/libio/freopen.c b/libio/freopen.c
> index 17b00258cd..82e39f5028 100644
> --- a/libio/freopen.c
> +++ b/libio/freopen.c
> @@ -62,7 +62,7 @@ freopen (const char *filename, const char *mode, FILE *fp)
> to the old libio may be passed into shared C library and wind
> up here. */
> _IO_old_file_close_it (fp);
> - _IO_JUMPS_FILE_plus (fp) = &_IO_old_file_jumps;
> + _IO_JUMPS_FUNC_UPDATE (fp, &_IO_old_file_jumps);
> result = _IO_old_file_fopen (fp, gfilename, mode);
> }
> else
> diff --git a/libio/libioP.h b/libio/libioP.h
> index 66afaa8968..f17c6e68e4 100644
> --- a/libio/libioP.h
> +++ b/libio/libioP.h
> @@ -108,9 +108,14 @@
> (IO_validate_vtable \
> (*(struct _IO_jump_t **) ((void *) &_IO_JUMPS_FILE_plus (THIS) \
> + (THIS)->_vtable_offset)))
> +# define _IO_JUMPS_FUNC_UPDATE(THIS, VTABLE) \
> + (*(const struct _IO_jump_t **) ((void *) &_IO_JUMPS_FILE_plus (THIS) \
> + + (THIS)->_vtable_offset) = (VTABLE))
> # define _IO_vtable_offset(THIS) (THIS)->_vtable_offset
> #else
> # define _IO_JUMPS_FUNC(THIS) (IO_validate_vtable (_IO_JUMPS_FILE_plus (THIS)))
> +# define _IO_JUMPS_FUNC_UPDATE(THIS, VTABLE) \
> + (_IO_JUMPS_FILE_plus (THIS) = (VTABLE))
> # define _IO_vtable_offset(THIS) 0
> #endif
> #define _IO_WIDE_JUMPS_FUNC(THIS) _IO_WIDE_JUMPS(THIS)
Ping?
Thanks,
Florian
On Jun 03 2019, Florian Weimer <fweimer@redhat.com> wrote:
> [BZ #24632]
> * libio/libioP.h (_IO_JUMPS_FUNC_UPDATE): New macro.
> * libio/freopen.c (freopen): Use it.
Ok.
> diff --git a/libio/libioP.h b/libio/libioP.h
> index 66afaa8968..f17c6e68e4 100644
> --- a/libio/libioP.h
> +++ b/libio/libioP.h
> @@ -108,9 +108,14 @@
> (IO_validate_vtable \
> (*(struct _IO_jump_t **) ((void *) &_IO_JUMPS_FILE_plus (THIS) \
> + (THIS)->_vtable_offset)))
> +# define _IO_JUMPS_FUNC_UPDATE(THIS, VTABLE) \
> + (*(const struct _IO_jump_t **) ((void *) &_IO_JUMPS_FILE_plus (THIS) \
> + + (THIS)->_vtable_offset) = (VTABLE))
Misaligned line.
Andreas.
* Andreas Schwab:
> On Jun 03 2019, Florian Weimer <fweimer@redhat.com> wrote:
>
>> [BZ #24632]
>> * libio/libioP.h (_IO_JUMPS_FUNC_UPDATE): New macro.
>> * libio/freopen.c (freopen): Use it.
>
> Ok.
Thanks.
>> diff --git a/libio/libioP.h b/libio/libioP.h
>> index 66afaa8968..f17c6e68e4 100644
>> --- a/libio/libioP.h
>> +++ b/libio/libioP.h
>> @@ -108,9 +108,14 @@
>> (IO_validate_vtable \
>> (*(struct _IO_jump_t **) ((void *) &_IO_JUMPS_FILE_plus (THIS) \
>> + (THIS)->_vtable_offset)))
>> +# define _IO_JUMPS_FUNC_UPDATE(THIS, VTABLE) \
>> + (*(const struct _IO_jump_t **) ((void *) &_IO_JUMPS_FILE_plus (THIS) \
>> + + (THIS)->_vtable_offset) = (VTABLE))
Ah, fixed.
Florian
@@ -62,7 +62,7 @@ freopen (const char *filename, const char *mode, FILE *fp)
to the old libio may be passed into shared C library and wind
up here. */
_IO_old_file_close_it (fp);
- _IO_JUMPS_FILE_plus (fp) = &_IO_old_file_jumps;
+ _IO_JUMPS_FUNC_UPDATE (fp, &_IO_old_file_jumps);
result = _IO_old_file_fopen (fp, gfilename, mode);
}
else
@@ -108,9 +108,14 @@
(IO_validate_vtable \
(*(struct _IO_jump_t **) ((void *) &_IO_JUMPS_FILE_plus (THIS) \
+ (THIS)->_vtable_offset)))
+# define _IO_JUMPS_FUNC_UPDATE(THIS, VTABLE) \
+ (*(const struct _IO_jump_t **) ((void *) &_IO_JUMPS_FILE_plus (THIS) \
+ + (THIS)->_vtable_offset) = (VTABLE))
# define _IO_vtable_offset(THIS) (THIS)->_vtable_offset
#else
# define _IO_JUMPS_FUNC(THIS) (IO_validate_vtable (_IO_JUMPS_FILE_plus (THIS)))
+# define _IO_JUMPS_FUNC_UPDATE(THIS, VTABLE) \
+ (_IO_JUMPS_FILE_plus (THIS) = (VTABLE))
# define _IO_vtable_offset(THIS) 0
#endif
#define _IO_WIDE_JUMPS_FUNC(THIS) _IO_WIDE_JUMPS(THIS)