diff options
author | Siddhesh Poyarekar <siddhesh@redhat.com> | 2014-02-05 12:49:00 +0530 |
---|---|---|
committer | Siddhesh Poyarekar <siddhesh@redhat.com> | 2014-02-05 12:49:00 +0530 |
commit | df675f9933c5d5461cea9224ed43beddef1a7b3a (patch) | |
tree | 2a8dea7fe4b18c231b834b2c87356cb16cfeb07d /libio/wfileops.c | |
parent | 68159946307adfc95a6e99d1c4af5c3de0c030f9 (diff) | |
download | glibc-df675f9933c5d5461cea9224ed43beddef1a7b3a.tar.gz glibc-df675f9933c5d5461cea9224ed43beddef1a7b3a.tar.xz glibc-df675f9933c5d5461cea9224ed43beddef1a7b3a.zip |
Fix infinite loop in ftell when writing wide char data (BZ #16398)
ftell tries to avoid flushing the buffer when it is in write mode by converting the wide char data and placing it into the binary buffer. If the output buffer space is full and there is data to write, the code reverts to flushing the buffer. This breaks when there is space in the buffer but it is not enough to convert the next character in the wide data buffer, due to which __codecvt_do_out returns a __codecvt_partial status. In this case, ftell keeps running in an infinite loop. The fix here is to detect the __codecvt_partial status in addition to checking if the buffer is full. I have also added a test case that demonstrates the infinite loop.
Diffstat (limited to 'libio/wfileops.c')
-rw-r--r-- | libio/wfileops.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/libio/wfileops.c b/libio/wfileops.c index 87d3cdcf33..877fc1f829 100644 --- a/libio/wfileops.c +++ b/libio/wfileops.c @@ -715,7 +715,7 @@ _IO_wfile_seekoff (fp, offset, dir, mode) - fp->_wide_data->_IO_write_base) / clen; else { - enum __codecvt_result status; + enum __codecvt_result status = __codecvt_ok; delta = (fp->_wide_data->_IO_write_ptr - fp->_wide_data->_IO_write_base); const wchar_t *write_base = fp->_wide_data->_IO_write_base; @@ -728,9 +728,12 @@ _IO_wfile_seekoff (fp, offset, dir, mode) flush buffers for every ftell. */ do { - /* Ugh, no point trying to avoid the flush. Just do it - and go back to how it was with the read mode. */ - if (delta > 0 && new_write_ptr == fp->_IO_buf_end) + /* There is not enough space in the buffer to do the entire + conversion, so there is no point trying to avoid the + buffer flush. Just do it and go back to how it was with + the read mode. */ + if (status == __codecvt_partial + || (delta > 0 && new_write_ptr == fp->_IO_buf_end)) { if (_IO_switch_to_wget_mode (fp)) return WEOF; |