diff options
author | Gabriel F. T. Gomes <gabriel@inconstante.eti.br> | 2018-12-19 18:01:14 -0200 |
---|---|---|
committer | Gabriel F. T. Gomes <gabriel@inconstante.eti.br> | 2019-01-02 13:53:52 -0200 |
commit | 2d9837c1fbf4658f199eae02681f08f040dfe3a8 (patch) | |
tree | c85a00c2b018c9b282145db5fb16f9736dceb98a /libio/libioP.h | |
parent | d5c6df0b0e021c1a3f17a0688cb5eea3f263b149 (diff) | |
download | glibc-2d9837c1fbf4658f199eae02681f08f040dfe3a8.tar.gz glibc-2d9837c1fbf4658f199eae02681f08f040dfe3a8.tar.xz glibc-2d9837c1fbf4658f199eae02681f08f040dfe3a8.zip |
Set behavior of sprintf-like functions with overlapping source and destination
According to ISO C99, passing the same buffer as source and destination to sprintf, snprintf, vsprintf, or vsnprintf has undefined behavior. Until the commit commit 4e2f43f842ef5e253cc23383645adbaa03cedb86 Author: Zack Weinberg <zackw@panix.com> Date: Wed Mar 7 14:32:03 2018 -0500 Use PRINTF_FORTIFY instead of _IO_FLAGS2_FORTIFY (bug 11319) a call to sprintf or vsprintf with overlapping buffers, for instance vsprintf (buf, "%sTEXT", buf), would append `TEXT' into buf, while a call to snprintf or vsnprintf would override the contents of buf. After the aforementioned commit, the behavior of sprintf and vsprintf changed (so that they also override the contents of buf). This patch reverts this behavioral change, because it will likely break applications that rely on the previous behavior, even though it is undefined by ISO C. As noted by Szabolcs Nagy, this is used in SPEC2017 507.cactuBSSN_r/src/PUGH/PughUtils.c: sprintf(mess," Size:"); for (i=0;i<dim+1;i++) { sprintf(mess,"%s %d",mess,pughGH->GFExtras[dim]->nsize[i]); } More important to notice is the fact that the overwriting of the destination buffer is not the only behavior affected by the refactoring. Before the refactoring, sprintf and vsprintf would use _IO_str_jumps, whereas __sprintf_chk and __vsprintf_chk would use _IO_str_chk_jumps. After the refactoring, all use _IO_str_chk_jumps, which would make sprintf and vsprintf report buffer overflows and terminate the program. This patch also reverts this behavior, by installing the appropriate jump table for each *sprintf functions. Apart from reverting the changes, this patch adds a test case that has the old behavior hardcoded, so that regressions are noticed if something else unintentionally changes the behavior. Tested for powerpc64le.
Diffstat (limited to 'libio/libioP.h')
-rw-r--r-- | libio/libioP.h | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/libio/libioP.h b/libio/libioP.h index fc13c8d624..8c75f15167 100644 --- a/libio/libioP.h +++ b/libio/libioP.h @@ -705,9 +705,13 @@ extern int __vswprintf_internal (wchar_t *string, size_t maxlen, PRINTF_FORTIFY, when set to one, indicates that fortification checks are to be performed in input parameters. This is used by the __*printf_chk functions, which are used when _FORTIFY_SOURCE is - defined to 1 or 2. Otherwise, such checks are ignored. */ + defined to 1 or 2. Otherwise, such checks are ignored. + + PRINTF_CHK indicates, to the internal function being called, that the + call is originated from one of the __*printf_chk functions. */ #define PRINTF_LDBL_IS_DBL 0x0001 #define PRINTF_FORTIFY 0x0002 +#define PRINTF_CHK 0x0004 extern size_t _IO_getline (FILE *,char *, size_t, int, int); libc_hidden_proto (_IO_getline) |