glibc.git - Mirror of https://sourceware.org/git/glibc.git

diff options

author	José Bollo <jobol@nonadev.net>	2022-03-08 09:58:16 +0100
committer	Adhemerval Zanella <adhemerval.zanella@linaro.org>	2022-03-08 14:25:32 -0300
commit	edc696a73a7cb07b1aa68792a845a98d036ee7eb (patch)
tree	1702a42530d36697bfdb4f9dbe1426b306e47f88 /misc
parent	2da6e439164c54bac4d5fd1320e32f8e16c1a6be (diff)
download	glibc-edc696a73a7cb07b1aa68792a845a98d036ee7eb.tar glibc-edc696a73a7cb07b1aa68792a845a98d036ee7eb.tar.gz glibc-edc696a73a7cb07b1aa68792a845a98d036ee7eb.tar.bz2 glibc-edc696a73a7cb07b1aa68792a845a98d036ee7eb.zip

libio: Ensure output buffer for wchars (bug #28828)

The _IO_wfile_overflow does not check if the write pointer for wide data is valid before access, different than _IO_file_overflow. This leads to crash on some cases, as described by bug 28828. The minimal sequence to produce the crash was: #include <stdio.h> #include <wchar.h> int main (int ac, char **av) { setvbuf (stdout, NULL, _IOLBF, 0); fgetwc (stdin); fputwc (10, stdout); /*CRASH HERE!*/ return 0; } The "fgetwc(stdin);" is necessary since it triggers the bug by setting the flag _IO_CURRENTLY_PUTTING on stdout indirectly (file wfileops.c, function _IO_wfile_underflow, line 213). Signed-off-by: Jose Bollo <jobol@nonadev.net>

Diffstat (limited to 'misc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: