Fix buffer overflow for writes to memory buffer stream (bug 18549)
Commit Message
Tested on x86_64-suse-linux.
Andreas.
[BZ #18549]
* libio/fmemopen.c (fmemopen_write): Fix bounds check for ENOSPC.
* libio/test-fmemopen.c (do_test): Add test for it.
---
libio/fmemopen.c | 2 +-
libio/test-fmemopen.c | 13 +++++++++++--
2 files changed, 12 insertions(+), 3 deletions(-)
Comments
On Thu, Jun 25, 2015 at 02:23:29PM +0200, Andreas Schwab wrote:
> Tested on x86_64-suse-linux.
>
> Andreas.
>
> [BZ #18549]
> * libio/fmemopen.c (fmemopen_write): Fix bounds check for ENOSPC.
> * libio/test-fmemopen.c (do_test): Add test for it.
looks ok.
On 25-06-2015 10:26, Ondřej Bílka wrote:
> On Thu, Jun 25, 2015 at 02:23:29PM +0200, Andreas Schwab wrote:
>> Tested on x86_64-suse-linux.
>>
>> Andreas.
>>
>> [BZ #18549]
>> * libio/fmemopen.c (fmemopen_write): Fix bounds check for ENOSPC.
>> * libio/test-fmemopen.c (do_test): Add test for it.
>
> looks ok.
>
Nothing against this patch, but my new fmemopen implementation had this
case handled since the first version I sent to review...
On Thu, Jun 25, 2015 at 11:42:29AM -0300, Adhemerval Zanella wrote:
>
>
> On 25-06-2015 10:26, Ondřej Bílka wrote:
> > On Thu, Jun 25, 2015 at 02:23:29PM +0200, Andreas Schwab wrote:
> >> Tested on x86_64-suse-linux.
> >>
> >> Andreas.
> >>
> >> [BZ #18549]
> >> * libio/fmemopen.c (fmemopen_write): Fix bounds check for ENOSPC.
> >> * libio/test-fmemopen.c (do_test): Add test for it.
> >
> > looks ok.
> >
>
> Nothing against this patch, but my new fmemopen implementation had this
> case handled since the first version I sent to review...
Mine could too. I don't recall if my fmemopen patches had that fixed
that or not.
@@ -124,7 +124,7 @@ fmemopen_write (void *cookie, const char *b, size_t s)
if (c->pos + s + addnullc > c->size)
{
- if ((size_t) (c->pos + addnullc) == c->size)
+ if ((size_t) (c->pos + addnullc) >= c->size)
{
__set_errno (ENOSPC);
return 0;
@@ -21,21 +21,30 @@ static char buffer[] = "foobar";
#include <stdio.h>
#include <string.h>
+#include <errno.h>
static int
do_test (void)
{
int ch;
FILE *stream;
+ int ret = 0;
- stream = fmemopen (buffer, strlen (buffer), "r");
+ stream = fmemopen (buffer, strlen (buffer), "r+");
while ((ch = fgetc (stream)) != EOF)
printf ("Got %c\n", ch);
+ fputc ('1', stream);
+ if (fflush (stream) != EOF || errno != ENOSPC)
+ {
+ printf ("fflush didn't fail with ENOSPC\n");
+ ret = 1;
+ }
+
fclose (stream);
- return 0;
+ return ret;
}
#define TEST_FUNCTION do_test ()