From patchwork Tue Jul 2 12:07:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Maciej W. Rozycki" X-Patchwork-Id: 93222 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id C8FF73882076 for ; Tue, 2 Jul 2024 12:07:51 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 99D293861878 for ; Tue, 2 Jul 2024 12:07:20 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 99D293861878 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 99D293861878 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1719922051; cv=none; b=AOEVleQR7Dwxzs2Ih8yOh4LjO5AfCnwXlWIKuRxR4bvb4+76VUpfx0BByeRJyXcPw+EqFORDApaPmOcqp39fAFbADVTK4WMMpEJKvvht/yKaQudHQWiEys06vi3ED3JS9strnk9XIOrP/DsB3JpIpIeaDX5UDqlTavWr/HlNC/o= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1719922051; c=relaxed/simple; bh=Ez2IhdjCN32zEeKemMyWcYAXh64xWVcIPsQGIb5jxJY=; h=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version; b=x4Gmz2ud5tlaY/rOZVJxEAgu69rHmQGlKdquvEuG+6ifyVZj7kfTr8H8/JTDg5WtfRAANHfyAz8K8dstqY/D+7EwqDPUgV9+h+H0aJeR60EhnQzGQaFHvV0h0ODO6ZgyoWYuburS03Ei/c3Kdr8xWHoFVMco+XaHD7ti34ICLgY= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1719922040; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=4n1vvhHbE5T6jc1Q1IXVRCw9bm9IdFTspz2EINCm7NM=; b=VbLx2gd0bjlPQbEkIWWh7xP7O1hhPmF9lgPLs/uRQjKEnF4DCfljwbJXHkkfY7C6cKxNiq 4//0L/Fxz3yNC4WwKpa45uxWfBb9gp1TsItswbJKA0dn5b9g5+ctDUCvUZrP7enErQ3YYs 4sl1wTePqUiQecG6Jp5maAnMXovuOfw= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-571-SBbdVnxMMxWyve1xfW8fYQ-1; Tue, 02 Jul 2024 08:07:18 -0400 X-MC-Unique: SBbdVnxMMxWyve1xfW8fYQ-1 Received: by mail-ed1-f71.google.com with SMTP id 4fb4d7f45d1cf-57d0524060dso1028766a12.2 for ; Tue, 02 Jul 2024 05:07:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719922036; x=1720526836; h=mime-version:message-id:subject:to:from:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=4n1vvhHbE5T6jc1Q1IXVRCw9bm9IdFTspz2EINCm7NM=; b=Iww0oyCuGDYCJwuhilxqdaQyJzgCKtEw03fDu8v8ZGEHym/FLDmbirYmDKm8/l53xp DSgE6Ww1Bk6NE27Ukh/KrGqkTghkZ1hD5+hBmTXWvZ57OpO6yLz98CZLOzvIbvyjpazS oUpuMWhkNri0v6jUvIEcV6oeK2mmISBxF/w7Vds35fykj+9SsrrxBvXqr8Y+FiZ/KbFn gcagTF5TQGEkQNWmImN/Slmc24dJs3UoWUJ0n2kL7zhAnBtWjLTAjY53lUei45opo92T JFaLMZWzaq5++Deq3pd+5NPln3GZPmPcr0DXOtNPAUqSwJpTHPTcbaJiToyoBHzDzBBB 5p4Q== X-Gm-Message-State: AOJu0YxC7KB9IFCNAiNlahXP7l8wCocNXjFVCmMf+ain9pByO9wvJO67 jMzpc/bwrbJUlYFv1lCIZ0l+/PQNUlFphYGfCirLnsYYj7at9bDkT4nhlN7Z45VwfzPOfFioeLN r4tAkBKXoQwtTxdY30cO63xWSlN5hV+8be6EFnI1EBHUC+taNgXtFWR7t3Js61U3GPmqR8tUwwa LJHUogCA4BKp/kM4aBlZMGzKH1lVQJx7mz+9BFxg== X-Received: by 2002:a05:6402:1ec3:b0:584:a6f8:c0c5 with SMTP id 4fb4d7f45d1cf-5879be9ac58mr6981077a12.0.1719922036251; Tue, 02 Jul 2024 05:07:16 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEam4z2VOJOd/Ifl+ydfcDw/n2Z0uR2JvpYbGh0vous3xzlscsaKnKf3D8ENuaFuDkNyF/z4Q== X-Received: by 2002:a05:6402:1ec3:b0:584:a6f8:c0c5 with SMTP id 4fb4d7f45d1cf-5879be9ac58mr6981041a12.0.1719922035528; Tue, 02 Jul 2024 05:07:15 -0700 (PDT) Received: from tpp.orcam.me.uk (tpp.orcam.me.uk. [81.187.245.177]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5861381604asm5557335a12.45.2024.07.02.05.07.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 02 Jul 2024 05:07:15 -0700 (PDT) Date: Tue, 2 Jul 2024 13:07:14 +0100 (BST) From: "Maciej W. Rozycki" To: libc-alpha@sourceware.org Subject: [PATCH v2] stdio-common: Add test for vfscanf with matches longer than INT_MAX [BZ #27650] Message-ID: <54811be2-18d4-10ca-ec1f-d4b06aeb203f@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, KAM_ASCII_DIVIDERS, KAM_SHORT, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org Complement commit b03e4d7bd25b ("stdio: fix vfscanf with matches longer than INT_MAX (bug 27650)") and add a test case for the issue, inspired by the reproducer provided with the bug report. This has been verified to succeed as from the commit referred and fail beforehand. As the test requires 2GiB of data to be passed around its performance has been evaluated using a choice of systems and the execution time determined to be respectively in the range of 9s for POWER9@2.166GHz, 24s for FU740@1.2GHz, and 40s for 74Kf@950MHz. As this is on the verge of and beyond the default timeout it has been increased by the factor of 8. Regardless, following recent practice the test has been added to the standard rather than extended set. --- Hi, This has been verified with the `powerpc64le-linux-gnu' (IBM POWER9) native target and then the same host and the `riscv64-linux-gnu' (SiFive FU740) and `mips-linux-gnu' (o32 ABI) (MIPS 74Kf) targets. This is so as to assess performance requirements for the test case. I now have a working test environment with a 21064A@266MHz Alpha machine in my lab, so as a matter of interest as to performance I have tried this test with that system as well. It has turned out to require ~4m30s to complete, so setting TIMEOUTFACTOR=2 is required, not unreasonably for a 30 years old system. However the test also failed towards the end, with: tst-scanf-bz27650: fscanf: input failure, at 2147483648: Cannot allocate memory be it with v1 or with code updated for `fopencookie' and parts around `fscanf' unchanged. Having re-read the relevant parts of the ISO C and POSIX specifications I have figured out that `fscanf' is one of the functions that returns a result that is not indicative of an error and is allowed to set `errno' arbitrarily even in the absence of an error both at a time: "The value of errno may be set to nonzero by a library function call whether or not there is an error, provided the use of errno is not documented in the description of the function in this document." and POSIX further clarifies for `fscanf': "If a read error occurs, the error indicator for the stream shall be set." Indeed returning -1 in `io_read' makes `fscanf' return 0 here and set the error indicator. I have therefore updated error handling for `fscanf', by explicitly checking for the error condition of the stream and if it is clear, then ignoring `errno'. With the fix in place the `alpha-linux-gnu' target now passes the test too. I have re-verified that this updated test case still triggers a failure with commit b03e4d7bd25b reverted. Any questions, comments or concerns? Otherwise OK to apply? Maciej Changes from v1: - Reimplement in terms of `fopencookie', eliminating the need for a subprocess and associated handling. - Update execution times reported in the change description, slightly reduced accordingly. - Correct error handling for `fscanf'. - Fix a typo s/MAX_INT/INT_MAX/ in comments. --- stdio-common/Makefile | 2 stdio-common/tst-scanf-bz27650.c | 92 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 94 insertions(+) glibc-tst-scanf-bz27650.diff Index: glibc/stdio-common/Makefile =================================================================== --- glibc.orig/stdio-common/Makefile +++ glibc/stdio-common/Makefile @@ -244,6 +244,7 @@ tests := \ tst-scanf-binary-c23 \ tst-scanf-binary-gnu11 \ tst-scanf-binary-gnu89 \ + tst-scanf-bz27650 \ tst-scanf-intn \ tst-scanf-round \ tst-scanf-to_inpunct \ @@ -314,6 +315,7 @@ generated += \ tst-printf-fp-free.mtrace \ tst-printf-fp-leak-mem.out \ tst-printf-fp-leak.mtrace \ + tst-scanf-bz27650.mtrace \ tst-vfprintf-width-prec-mem.out \ tst-vfprintf-width-prec.mtrace \ # generated Index: glibc/stdio-common/tst-scanf-bz27650.c =================================================================== --- /dev/null +++ glibc/stdio-common/tst-scanf-bz27650.c @@ -0,0 +1,92 @@ +/* Test for BZ #27650, formatted input matching beyond INT_MAX. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include + +/* Produce a stream of more than INT_MAX characters via buffer BUF of + size SIZE according to bookkeeping in COOKIE and then return EOF. */ + +static ssize_t +io_read (void *cookie, char *buf, size_t size) +{ + unsigned int *written = cookie; + unsigned int w = *written; + + if (w > INT_MAX) + return 0; + + memset (buf, 'a', size); + *written = w + size; + return size; +} + +/* Consume a stream of more than INT_MAX characters from an artificial + input stream of which none is the new line character. The call to + fscanf is supposed to complete upon the EOF condition of input, + however in the presence of BZ #27650 it will terminate prematurely + with characters still outstanding in input. Diagnose the condition + and return status accordingly. */ + +int +do_test (void) +{ + static cookie_io_functions_t io_funcs = { .read = io_read }; + unsigned int written = 0; + FILE *in; + int v, e; + + mtrace (); + + in = fopencookie (&written, "r", io_funcs); + if (in == NULL) + error (EXIT_FAILURE, errno, "fopencookie"); + + v = fscanf (in, "%*[^\n]"); + e = ferror (in); + if (v == EOF || e != 0) + error (EXIT_FAILURE, e ? errno : 0, + "fscanf: input failure, at %u", written); + + if (!feof (in)) + { + v = fgetc (in); + if (v == EOF) + error (EXIT_FAILURE, errno, "fgetc: input failure"); + else if (v == '\n') + error (EXIT_FAILURE, 0, "unexpected new line character received"); + else + error (EXIT_FAILURE, 0, + "character received after end of file expected: \\x%02x", v); + } + + return EXIT_SUCCESS; +} + +#define TIMEOUT (DEFAULT_TIMEOUT * 8) +#include