about summary refs log tree commit diff
diff options
context:
space:
mode:
authorOndrej Bilka <neleai@seznam.cz>2013-05-24 08:34:10 +0200
committerOndrej Bilka <neleai@seznam.cz>2013-05-24 08:34:10 +0200
commitbae143d2702e5ca1265c55b06072afba01bfc07a (patch)
tree6c46604eb6e68b48cc0b767d37bfc0034867d0bf
parentd4ea44a04b931ead64788f61a65697b8cd158b81 (diff)
downloadglibc-bae143d2702e5ca1265c55b06072afba01bfc07a.tar.gz
glibc-bae143d2702e5ca1265c55b06072afba01bfc07a.tar.xz
glibc-bae143d2702e5ca1265c55b06072afba01bfc07a.zip
Initialize wide struct info.
Fixes 15381.

Using wide character function is on byte oriented memstream is undefined
behaviour.  This behaviour was masked by not initializing wide struct
info. We now initialize it to cause a predictable crash.
-rw-r--r--ChangeLog5
-rw-r--r--NEWS6
-rw-r--r--libio/genops.c4
3 files changed, 12 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index a0387bddb6..8fe6c2a527 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2013-05-24  Ondřej Bílka  <neleai@seznam.cz>
+
+	[BZ #15381]
+	* libio/genops.c (_IO_no_init): Initialize wide struct info.
+
 2013-05-23  Edjunior Machado  <emachado@linux.vnet.ibm.com>
 
 	[BZ #14894]
diff --git a/NEWS b/NEWS
index 152e7a4caa..1d0d4f21ed 100644
--- a/NEWS
+++ b/NEWS
@@ -16,9 +16,9 @@ Version 2.18
   15007, 15014, 15020, 15023, 15036, 15054, 15055, 15062, 15078, 15084,
   15085, 15086, 15160, 15214, 15221, 15232, 15234, 15283, 15285, 15287,
   15304, 15305, 15307, 15309, 15327, 15330, 15335, 15336, 15337, 15339,
-  15342, 15346, 15359, 15361, 15366, 15380, 15394, 15395, 15405, 15406,
-  15409, 15416, 15418, 15419, 15423, 15424, 15426, 15429, 15441, 15442,
-  15448, 15480, 15485, 15488, 15490, 15493, 15497, 15506.
+  15342, 15346, 15359, 15361, 15366, 15380, 15381, 15394, 15395, 15405,
+  15406, 15409, 15416, 15418, 15419, 15423, 15424, 15426, 15429, 15441,
+  15442, 15448, 15480, 15485, 15488, 15490, 15493, 15497, 15506.
 
 * CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla
   #15078).
diff --git a/libio/genops.c b/libio/genops.c
index 390d8d24b5..e5c5d5cafe 100644
--- a/libio/genops.c
+++ b/libio/genops.c
@@ -661,6 +661,10 @@ _IO_no_init (fp, flags, orientation, wd, jmp)
 
       fp->_wide_data->_wide_vtable = jmp;
     }
+  else
+    /* Cause predictable crash when a wide function is called on a byte
+       stream.  */
+    fp->_wide_data = (struct _IO_wide_data *) -1L;
 #endif
   fp->_freeres_list = NULL;
 }