From bae143d2702e5ca1265c55b06072afba01bfc07a Mon Sep 17 00:00:00 2001 From: Ondrej Bilka Date: Fri, 24 May 2013 08:34:10 +0200 Subject: Initialize wide struct info. Fixes 15381. Using wide character function is on byte oriented memstream is undefined behaviour. This behaviour was masked by not initializing wide struct info. We now initialize it to cause a predictable crash. --- ChangeLog | 5 +++++ NEWS | 6 +++--- libio/genops.c | 4 ++++ 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index a0387bddb6..8fe6c2a527 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2013-05-24 Ondřej Bílka + + [BZ #15381] + * libio/genops.c (_IO_no_init): Initialize wide struct info. + 2013-05-23 Edjunior Machado [BZ #14894] diff --git a/NEWS b/NEWS index 152e7a4caa..1d0d4f21ed 100644 --- a/NEWS +++ b/NEWS @@ -16,9 +16,9 @@ Version 2.18 15007, 15014, 15020, 15023, 15036, 15054, 15055, 15062, 15078, 15084, 15085, 15086, 15160, 15214, 15221, 15232, 15234, 15283, 15285, 15287, 15304, 15305, 15307, 15309, 15327, 15330, 15335, 15336, 15337, 15339, - 15342, 15346, 15359, 15361, 15366, 15380, 15394, 15395, 15405, 15406, - 15409, 15416, 15418, 15419, 15423, 15424, 15426, 15429, 15441, 15442, - 15448, 15480, 15485, 15488, 15490, 15493, 15497, 15506. + 15342, 15346, 15359, 15361, 15366, 15380, 15381, 15394, 15395, 15405, + 15406, 15409, 15416, 15418, 15419, 15423, 15424, 15426, 15429, 15441, + 15442, 15448, 15480, 15485, 15488, 15490, 15493, 15497, 15506. * CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla #15078). diff --git a/libio/genops.c b/libio/genops.c index 390d8d24b5..e5c5d5cafe 100644 --- a/libio/genops.c +++ b/libio/genops.c @@ -661,6 +661,10 @@ _IO_no_init (fp, flags, orientation, wd, jmp) fp->_wide_data->_wide_vtable = jmp; } + else + /* Cause predictable crash when a wide function is called on a byte + stream. */ + fp->_wide_data = (struct _IO_wide_data *) -1L; #endif fp->_freeres_list = NULL; } -- cgit v1.2.3