From cc683f7ed4a5bd8ce2c9b715581de727b04eb599 Mon Sep 17 00:00:00 2001 From: Adhemerval Zanella Date: Wed, 22 Nov 2017 18:33:15 -0200 Subject: libio: Free backup area when it not required (BZ#22415) Some libio operations fail to correctly free the backup area (created by _IO_{w}default_pbackfail on unget{w}c) resulting in either invalid buffer free operations or memory leaks. For instance, on the example provided by BZ#22415 a following fputc after a fseek to rewind the stream issues an invalid free on the buffer. It is because although _IO_file_overflow correctly (from fputc) correctly calls _IO_free_backup_area, the _IO_new_file_seekoff (called by fseek) updates the FILE internal pointers without first free the backup area (resulting in invalid values in the internal pointers). The wide version also shows an issue, but instead of accessing invalid pointers it leaks the backup memory on fseek/fputwc operation. Checked on x86_64-linux-gnu and i686-linux-gnu. * libio/Makefile (tests): Add tst-bz22415. (tst-bz22415-ENV): New rule. (generated): Add tst-bz22415.mtrace and tst-bz22415.check. (tests-special): Add tst-bz22415-mem.out. ($(objpfx)tst-bz22415-mem.out): New rule. * libio/fileops.c (_IO_new_file_seekoff): Call _IO_free_backup_area in case of a successful seek operation. * libio/wfileops.c (_IO_wfile_seekoff): Likewise. (_IO_wfile_overflow): Call _IO_free_wbackup_area in case a write buffer is required. * libio/tst-bz22415.c: New test. --- libio/Makefile | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'libio/Makefile') diff --git a/libio/Makefile b/libio/Makefile index 29b1993635..c75e0d8e50 100644 --- a/libio/Makefile +++ b/libio/Makefile @@ -62,7 +62,7 @@ tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc tst_putwc \ bug-memstream1 bug-wmemstream1 \ tst-setvbuf1 tst-popen1 tst-fgetwc bug-wsetpos tst-fseek \ tst-fwrite-error tst-ftell-partial-wide tst-ftell-active-handler \ - tst-ftell-append tst-fputws + tst-ftell-append tst-fputws tst-bz22415 ifeq (yes,$(build-shared)) # Add test-fopenloc only if shared library is enabled since it depends on # shared localedata objects. @@ -151,9 +151,11 @@ tst_wprintf2-ARGS = "Some Text" test-fmemopen-ENV = MALLOC_TRACE=$(objpfx)test-fmemopen.mtrace tst-fopenloc-ENV = MALLOC_TRACE=$(objpfx)tst-fopenloc.mtrace +tst-bz22415-ENV = MALLOC_TRACE=$(objpfx)tst-bz22415.mtrace generated += test-fmemopen.mtrace test-fmemopen.check generated += tst-fopenloc.mtrace tst-fopenloc.check +generated += tst-bz22415.mtrace tst-bz22415.check aux := fileops genops stdfiles stdio strops @@ -167,7 +169,8 @@ shared-only-routines = oldiofopen oldiofdopen oldiofclose oldfileops \ oldiofsetpos64 ifeq ($(run-built-tests),yes) -tests-special += $(objpfx)test-freopen.out $(objpfx)test-fmemopen-mem.out +tests-special += $(objpfx)test-freopen.out $(objpfx)test-fmemopen-mem.out \ + $(objpfx)tst-bz22415-mem.out ifeq (yes,$(build-shared)) # Run tst-fopenloc-cmp.out and tst-openloc-mem.out only if shared # library is enabled since they depend on tst-fopenloc.out. @@ -218,3 +221,7 @@ $(objpfx)test-fmemopen-mem.out: $(objpfx)test-fmemopen.out $(objpfx)tst-fopenloc-mem.out: $(objpfx)tst-fopenloc.out $(common-objpfx)malloc/mtrace $(objpfx)tst-fopenloc.mtrace > $@; \ $(evaluate-test) + +$(objpfx)tst-bz22415-mem.out: $(objpfx)tst-bz22415.out + $(common-objpfx)malloc/mtrace $(objpfx)tst-bz22415.mtrace > $@; \ + $(evaluate-test) -- cgit v1.2.3