libio: Ensure output buffer for wchars (bug 28828)
Checks
Commit Message
When fileops.c checks for nullity of the write pointer,
in order to ensure its allocation, before that patch,
wfileops didn't. This was leading to crashes on some cases,
as described by bug 28828.
The minimal sequence to produce the crash was:
#include <stdio.h>
#include <wchar.h>
int main(int ac, char **av)
{
setvbuf(stdout, NULL, _IOLBF, 0);
fgetwc(stdin);
fputwc(10, stdout); /*CRASH HERE!*/
return 0;
}
The line "fgetwc(stdin);" is necessary. It introduces the
bug by setting the flag _IO_CURRENTLY_PUTTING of stdout
indirectly (file wfileops.c, function _IO_wfile_underflow, line 213).
Signed-off-by: Jose Bollo <jobol@nonadev.net>
---
libio/wfileops.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
Comments
On 13/02/2022 16:52, jobol@nonadev.net wrote:
> When fileops.c checks for nullity of the write pointer,
> in order to ensure its allocation, before that patch,
> wfileops didn't. This was leading to crashes on some cases,
> as described by bug 28828.
>
> The minimal sequence to produce the crash was:
>
> #include <stdio.h>
> #include <wchar.h>
> int main(int ac, char **av)
> {
> setvbuf(stdout, NULL, _IOLBF, 0);
> fgetwc(stdin);
> fputwc(10, stdout); /*CRASH HERE!*/
> return 0;
> }
>
> The line "fgetwc(stdin);" is necessary. It introduces the
> bug by setting the flag _IO_CURRENTLY_PUTTING of stdout
> indirectly (file wfileops.c, function _IO_wfile_underflow, line 213).
>
> Signed-off-by: Jose Bollo <jobol@nonadev.net>
Patch looks ok, but git-pw fails to apply it:
$ git-pw patch apply 51088
Applying: libio: Ensure output buffer for wchars (bug 28828)
error: patch failed: libio/wfileops.c:412
error: libio/wfileops.c: patch does not apply
error: Did you hand edit your patch?
Could you resend it?
Also, could you also provide a regression testcase for this fix?
> ---
> libio/wfileops.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/libio/wfileops.c b/libio/wfileops.c
> index fb9d45b677..aa94a22983 100644
> --- a/libio/wfileops.c
> +++ b/libio/wfileops.c
> @@ -412,10 +412,11 @@ _IO_wfile_overflow (FILE *f, wint_t wch)
> return WEOF;
> }
> /* If currently reading or no buffer allocated. */
> - if ((f->_flags & _IO_CURRENTLY_PUTTING) == 0)
> + if ((f->_flags & _IO_CURRENTLY_PUTTING) == 0
> + || f->_wide_data->_IO_write_base == NULL)
> {
> /* Allocate a buffer if needed. */
> - if (f->_wide_data->_IO_write_base == 0)
> + if (f->_wide_data->_IO_write_base == NULL)
> {
> _IO_wdoallocbuf (f);
> _IO_free_wbackup_area (f);
On Mon, 14 Feb 2022 11:15:46 -0300
Adhemerval Zanella <adhemerval.zanella@linaro.org> wrote:
> On 13/02/2022 16:52, jobol@nonadev.net wrote:
> > When fileops.c checks for nullity of the write pointer,
> > in order to ensure its allocation, before that patch,
> > wfileops didn't. This was leading to crashes on some cases,
> > as described by bug 28828.
> >
> > The minimal sequence to produce the crash was:
> >
> > #include <stdio.h>
> > #include <wchar.h>
> > int main(int ac, char **av)
> > {
> > setvbuf(stdout, NULL, _IOLBF, 0);
> > fgetwc(stdin);
> > fputwc(10, stdout); /*CRASH HERE!*/
> > return 0;
> > }
> >
> > The line "fgetwc(stdin);" is necessary. It introduces the
> > bug by setting the flag _IO_CURRENTLY_PUTTING of stdout
> > indirectly (file wfileops.c, function _IO_wfile_underflow, line
> > 213).
> >
> > Signed-off-by: Jose Bollo <jobol@nonadev.net>
>
> Patch looks ok, but git-pw fails to apply it:
>
> $ git-pw patch apply 51088
> Applying: libio: Ensure output buffer for wchars (bug 28828)
> error: patch failed: libio/wfileops.c:412
> error: libio/wfileops.c: patch does not apply
> error: Did you hand edit your patch?
I copied the ouput of [git format-patch], following as much as possible
https://sourceware.org/glibc/wiki/Contribution%20checklist but didn't
used [git send-email]. I don't have the command [git pw] that you are
using. I can see that [git apply] produce the same issue but [git am]
perfectly works.
> Could you resend it?
I can try but maybe you have a hint avoiding me to do the same...
> Also, could you also provide a regression testcase for this fix?
Why not. Where? a libio/bug-XXX.c ?
> > ---
> > libio/wfileops.c | 5 +++--
> > 1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/libio/wfileops.c b/libio/wfileops.c
> > index fb9d45b677..aa94a22983 100644
> > --- a/libio/wfileops.c
> > +++ b/libio/wfileops.c
> > @@ -412,10 +412,11 @@ _IO_wfile_overflow (FILE *f, wint_t wch)
> > return WEOF;
> > }
> > /* If currently reading or no buffer allocated. */
> > - if ((f->_flags & _IO_CURRENTLY_PUTTING) == 0)
> > + if ((f->_flags & _IO_CURRENTLY_PUTTING) == 0
> > + || f->_wide_data->_IO_write_base == NULL)
> > {
> > /* Allocate a buffer if needed. */
> > - if (f->_wide_data->_IO_write_base == 0)
> > + if (f->_wide_data->_IO_write_base == NULL)
> > {
> > _IO_wdoallocbuf (f);
> > _IO_free_wbackup_area (f);
On 14/02/2022 15:10, José Bollo wrote:
> On Mon, 14 Feb 2022 11:15:46 -0300
> Adhemerval Zanella <adhemerval.zanella@linaro.org> wrote:
>
>> On 13/02/2022 16:52, jobol@nonadev.net wrote:
>>> When fileops.c checks for nullity of the write pointer,
>>> in order to ensure its allocation, before that patch,
>>> wfileops didn't. This was leading to crashes on some cases,
>>> as described by bug 28828.
>>>
>>> The minimal sequence to produce the crash was:
>>>
>>> #include <stdio.h>
>>> #include <wchar.h>
>>> int main(int ac, char **av)
>>> {
>>> setvbuf(stdout, NULL, _IOLBF, 0);
>>> fgetwc(stdin);
>>> fputwc(10, stdout); /*CRASH HERE!*/
>>> return 0;
>>> }
>>>
>>> The line "fgetwc(stdin);" is necessary. It introduces the
>>> bug by setting the flag _IO_CURRENTLY_PUTTING of stdout
>>> indirectly (file wfileops.c, function _IO_wfile_underflow, line
>>> 213).
>>>
>>> Signed-off-by: Jose Bollo <jobol@nonadev.net>
>>
>> Patch looks ok, but git-pw fails to apply it:
>>
>> $ git-pw patch apply 51088
>> Applying: libio: Ensure output buffer for wchars (bug 28828)
>> error: patch failed: libio/wfileops.c:412
>> error: libio/wfileops.c: patch does not apply
>> error: Did you hand edit your patch?
>
> I copied the ouput of [git format-patch], following as much as possible
> https://sourceware.org/glibc/wiki/Contribution%20checklist but didn't
> used [git send-email]. I don't have the command [git pw] that you are
> using. I can see that [git apply] produce the same issue but [git am]
> perfectly works.
The main problem is even without using git-pw it does fail (the buildbot
has throw an issue as well). From the weekly call it seems that your
email client (or the way you have sent the patch) replaces the already
existing tab with whitesapce.
>
>> Could you resend it?
>
> I can try but maybe you have a hint avoiding me to do the same...
>
>> Also, could you also provide a regression testcase for this fix?
>
> Why not. Where? a libio/bug-XXX.c ?
I think it preferable to follow current trend, so libio/tst-bz28828.c.
>
>>> ---
>>> libio/wfileops.c | 5 +++--
>>> 1 file changed, 3 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/libio/wfileops.c b/libio/wfileops.c
>>> index fb9d45b677..aa94a22983 100644
>>> --- a/libio/wfileops.c
>>> +++ b/libio/wfileops.c
>>> @@ -412,10 +412,11 @@ _IO_wfile_overflow (FILE *f, wint_t wch)
>>> return WEOF;
>>> }
>>> /* If currently reading or no buffer allocated. */
>>> - if ((f->_flags & _IO_CURRENTLY_PUTTING) == 0)
>>> + if ((f->_flags & _IO_CURRENTLY_PUTTING) == 0
>>> + || f->_wide_data->_IO_write_base == NULL)
>>> {
>>> /* Allocate a buffer if needed. */
>>> - if (f->_wide_data->_IO_write_base == 0)
>>> + if (f->_wide_data->_IO_write_base == NULL)
>>> {
>>> _IO_wdoallocbuf (f);
>>> _IO_free_wbackup_area (f);
>
@@ -412,10 +412,11 @@ _IO_wfile_overflow (FILE *f, wint_t wch)
return WEOF;
}
/* If currently reading or no buffer allocated. */
- if ((f->_flags & _IO_CURRENTLY_PUTTING) == 0)
+ if ((f->_flags & _IO_CURRENTLY_PUTTING) == 0
+ || f->_wide_data->_IO_write_base == NULL)
{
/* Allocate a buffer if needed. */
- if (f->_wide_data->_IO_write_base == 0)
+ if (f->_wide_data->_IO_write_base == NULL)
{
_IO_wdoallocbuf (f);
_IO_free_wbackup_area (f);