SHA256
1
0
forked from pool/glibc
glibc/printf-overrun.patch
Stephan Kulow 233126ce15 Accepting request 175893 from Base:System
- big5-hkscs-update.patch.bz2: Update BIG5-HKSCS charmap to HKSCS-2008
- digits-dots.patch: Fix parsing of numeric hosts in gethostbyname_r
- nss-database.patch: Properly cache the result from looking up the nss
  database config
- strptime-W-week.patch: Properly handle %W in strptime
- printf-overrun.patch: Revert problematic fixes for [BZ #11741]
- glibc-aarch64-lib64.patch: Replace with upstream version
- arm-ld-so-cache.patch: ARM: Support loading unmarked objects from cache
- rtlddir.patch: Add support for rtld directory different from slib
  directory
- regexp-overrun.patch: Fix buffer overrun in regexp matcher
  (CVE-2013-0242, bnc#801246)
- getaddrinfo-overflow.patch: Fix stack overflow in getaddrinfo with many
  results (CVE-2013-1914, bnc#813121)

- big5-hkscs-update.patch.bz2: Update BIG5-HKSCS charmap to HKSCS-2008
- digits-dots.patch: Fix parsing of numeric hosts in gethostbyname_r
- nss-database.patch: Properly cache the result from looking up the nss
  database config
- strptime-W-week.patch: Properly handle %W in strptime
- printf-overrun.patch: Revert problematic fixes for [BZ #11741]
- glibc-aarch64-lib64.patch: Replace with upstream version
- arm-ld-so-cache.patch: ARM: Support loading unmarked objects from cache
- rtlddir.patch: Add support for rtld directory different from slib
  directory
- regexp-overrun.patch: Fix buffer overrun in regexp matcher
  (CVE-2013-0242, bnc#801246)
- getaddrinfo-overflow.patch: Fix stack overflow in getaddrinfo with many
  results (CVE-2013-1914, bnc#813121) (forwarded request 175892 from Andreas_Schwab)

OBS-URL: https://build.opensuse.org/request/show/175893
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/glibc?expand=0&rev=144
2013-05-17 06:26:04 +00:00

180 lines
6.1 KiB
Diff

From 1aa92494e55792b568663b5aad81a58fad35490d Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers3@gmail.com>
Date: Thu, 18 Apr 2013 17:46:08 +0200
Subject: [PATCH] PR15362
[BZ #15362]
* libio/fileops.c: Revert problematic fixes for [BZ #11741]
* libio/iofwrite.c: Likewise.
* libio/iofwrite_u.c: Likewise.
* libio/iopadn.c: Likewise.
* libio/iowpadn.c: Likewise.
* stdio-common/vfprintf.c: Fix [BZ #11741] properly by checking whether
_IO_padn() returned the full count written.
---
libio/fileops.c | 21 +++++++++------------
libio/iofwrite.c | 10 +++++-----
libio/iofwrite_u.c | 10 +++++-----
libio/iopadn.c | 2 +-
libio/iowpadn.c | 2 +-
stdio-common/vfprintf.c | 12 ++++++------
6 files changed, 27 insertions(+), 30 deletions(-)
diff --git a/libio/fileops.c b/libio/fileops.c
index 61b61b3..90d5e88 100644
--- a/libio/fileops.c
+++ b/libio/fileops.c
@@ -1245,13 +1245,12 @@ _IO_new_file_write (f, data, n)
_IO_ssize_t n;
{
_IO_ssize_t to_do = n;
- _IO_ssize_t count = 0;
while (to_do > 0)
{
- count = (__builtin_expect (f->_flags2
- & _IO_FLAGS2_NOTCANCEL, 0)
- ? write_not_cancel (f->_fileno, data, to_do)
- : write (f->_fileno, data, to_do));
+ _IO_ssize_t count = (__builtin_expect (f->_flags2
+ & _IO_FLAGS2_NOTCANCEL, 0)
+ ? write_not_cancel (f->_fileno, data, to_do)
+ : write (f->_fileno, data, to_do));
if (count < 0)
{
f->_flags |= _IO_ERR_SEEN;
@@ -1263,7 +1262,7 @@ _IO_new_file_write (f, data, n)
n -= to_do;
if (f->_offset >= 0)
f->_offset += n;
- return count < 0 ? count : n;
+ return n;
}
_IO_size_t
@@ -1323,13 +1322,11 @@ _IO_new_file_xsputn (f, data, n)
_IO_size_t block_size, do_write;
/* Next flush the (full) buffer. */
if (_IO_OVERFLOW (f, EOF) == EOF)
- /* If nothing else has to be written or nothing has been written, we
- must not signal the caller that the call was even partially
- successful. */
- return (to_do == 0 || to_do == n) ? EOF : n - to_do;
+ /* If nothing else has to be written we must not signal the
+ caller that everything has been written. */
+ return to_do == 0 ? EOF : n - to_do;
- /* Try to maintain alignment: write a whole number of blocks.
- dont_write is what gets left over. */
+ /* Try to maintain alignment: write a whole number of blocks. */
block_size = f->_IO_buf_end - f->_IO_buf_base;
do_write = to_do - (block_size >= 128 ? to_do % block_size : 0);
diff --git a/libio/iofwrite.c b/libio/iofwrite.c
index 81596a6..66542ea 100644
--- a/libio/iofwrite.c
+++ b/libio/iofwrite.c
@@ -42,12 +42,12 @@ _IO_fwrite (buf, size, count, fp)
if (_IO_vtable_offset (fp) != 0 || _IO_fwide (fp, -1) == -1)
written = _IO_sputn (fp, (const char *) buf, request);
_IO_release_lock (fp);
- /* We are guaranteed to have written all of the input, none of it, or
- some of it. */
- if (written == request)
+ /* We have written all of the input in case the return value indicates
+ this or EOF is returned. The latter is a special case where we
+ simply did not manage to flush the buffer. But the data is in the
+ buffer and therefore written as far as fwrite is concerned. */
+ if (written == request || written == EOF)
return count;
- else if (written == EOF)
- return 0;
else
return written / size;
}
diff --git a/libio/iofwrite_u.c b/libio/iofwrite_u.c
index 4a9d6ca..18dc6d0 100644
--- a/libio/iofwrite_u.c
+++ b/libio/iofwrite_u.c
@@ -44,12 +44,12 @@ fwrite_unlocked (buf, size, count, fp)
if (_IO_fwide (fp, -1) == -1)
{
written = _IO_sputn (fp, (const char *) buf, request);
- /* We are guaranteed to have written all of the input, none of it, or
- some of it. */
- if (written == request)
+ /* We have written all of the input in case the return value indicates
+ this or EOF is returned. The latter is a special case where we
+ simply did not manage to flush the buffer. But the data is in the
+ buffer and therefore written as far as fwrite is concerned. */
+ if (written == request || written == EOF)
return count;
- else if (written == EOF)
- return 0;
}
return written / size;
diff --git a/libio/iopadn.c b/libio/iopadn.c
index cc93c0f..5ebbcf4 100644
--- a/libio/iopadn.c
+++ b/libio/iopadn.c
@@ -59,7 +59,7 @@ _IO_padn (fp, pad, count)
w = _IO_sputn (fp, padptr, PADSIZE);
written += w;
if (w != PADSIZE)
- return w == EOF ? w : written;
+ return written;
}
if (i > 0)
diff --git a/libio/iowpadn.c b/libio/iowpadn.c
index d94db71..5600f37 100644
--- a/libio/iowpadn.c
+++ b/libio/iowpadn.c
@@ -65,7 +65,7 @@ _IO_wpadn (fp, pad, count)
w = _IO_sputn (fp, (char *) padptr, PADSIZE);
written += w;
if (w != PADSIZE)
- return w == EOF ? w : written;
+ return written;
}
if (i > 0)
diff --git a/stdio-common/vfprintf.c b/stdio-common/vfprintf.c
index c8bcf5a..61d9dc2 100644
--- a/stdio-common/vfprintf.c
+++ b/stdio-common/vfprintf.c
@@ -90,13 +90,13 @@
do { \
if (width > 0) \
{ \
- unsigned int d = _IO_padn (s, (Padchar), width); \
- if (__builtin_expect (d == EOF, 0)) \
+ _IO_ssize_t written = _IO_padn (s, (Padchar), width); \
+ if (__builtin_expect (written != width, 0)) \
{ \
done = -1; \
goto all_done; \
} \
- done_add (d); \
+ done_add (written); \
} \
} while (0)
# define PUTC(C, F) _IO_putc_unlocked (C, F)
@@ -119,13 +119,13 @@
do { \
if (width > 0) \
{ \
- unsigned int d = _IO_wpadn (s, (Padchar), width); \
- if (__builtin_expect (d == EOF, 0)) \
+ _IO_ssize_t written = _IO_wpadn (s, (Padchar), width); \
+ if (__builtin_expect (written != width, 0)) \
{ \
done = -1; \
goto all_done; \
} \
- done_add (d); \
+ done_add (written); \
} \
} while (0)
# define PUTC(C, F) _IO_putwc_unlocked (C, F)