diff options
author | Ondrej Bilka <neleai@seznam.cz> | 2013-05-24 08:34:10 +0200 |
---|---|---|
committer | Ondrej Bilka <neleai@seznam.cz> | 2013-05-24 08:34:10 +0200 |
commit | bae143d2702e5ca1265c55b06072afba01bfc07a (patch) | |
tree | 6c46604eb6e68b48cc0b767d37bfc0034867d0bf | |
parent | d4ea44a04b931ead64788f61a65697b8cd158b81 (diff) | |
download | glibc-bae143d2702e5ca1265c55b06072afba01bfc07a.tar glibc-bae143d2702e5ca1265c55b06072afba01bfc07a.tar.gz glibc-bae143d2702e5ca1265c55b06072afba01bfc07a.tar.bz2 glibc-bae143d2702e5ca1265c55b06072afba01bfc07a.zip |
Initialize wide struct info.
Fixes 15381.
Using wide character function is on byte oriented memstream is undefined
behaviour. This behaviour was masked by not initializing wide struct
info. We now initialize it to cause a predictable crash.
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | NEWS | 6 | ||||
-rw-r--r-- | libio/genops.c | 4 |
3 files changed, 12 insertions, 3 deletions
@@ -1,3 +1,8 @@ +2013-05-24 Ondřej Bílka <neleai@seznam.cz> + + [BZ #15381] + * libio/genops.c (_IO_no_init): Initialize wide struct info. + 2013-05-23 Edjunior Machado <emachado@linux.vnet.ibm.com> [BZ #14894] @@ -16,9 +16,9 @@ Version 2.18 15007, 15014, 15020, 15023, 15036, 15054, 15055, 15062, 15078, 15084, 15085, 15086, 15160, 15214, 15221, 15232, 15234, 15283, 15285, 15287, 15304, 15305, 15307, 15309, 15327, 15330, 15335, 15336, 15337, 15339, - 15342, 15346, 15359, 15361, 15366, 15380, 15394, 15395, 15405, 15406, - 15409, 15416, 15418, 15419, 15423, 15424, 15426, 15429, 15441, 15442, - 15448, 15480, 15485, 15488, 15490, 15493, 15497, 15506. + 15342, 15346, 15359, 15361, 15366, 15380, 15381, 15394, 15395, 15405, + 15406, 15409, 15416, 15418, 15419, 15423, 15424, 15426, 15429, 15441, + 15442, 15448, 15480, 15485, 15488, 15490, 15493, 15497, 15506. * CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla #15078). diff --git a/libio/genops.c b/libio/genops.c index 390d8d24b5..e5c5d5cafe 100644 --- a/libio/genops.c +++ b/libio/genops.c @@ -661,6 +661,10 @@ _IO_no_init (fp, flags, orientation, wd, jmp) fp->_wide_data->_wide_vtable = jmp; } + else + /* Cause predictable crash when a wide function is called on a byte + stream. */ + fp->_wide_data = (struct _IO_wide_data *) -1L; #endif fp->_freeres_list = NULL; } |