about summary refs log tree commit diff
path: root/libio/wfileops.c
diff options
context:
space:
mode:
authorSiddhesh Poyarekar <siddhesh@redhat.com>2014-02-05 12:49:00 +0530
committerSiddhesh Poyarekar <siddhesh@redhat.com>2014-02-05 12:49:00 +0530
commitdf675f9933c5d5461cea9224ed43beddef1a7b3a (patch)
tree2a8dea7fe4b18c231b834b2c87356cb16cfeb07d /libio/wfileops.c
parent68159946307adfc95a6e99d1c4af5c3de0c030f9 (diff)
downloadglibc-df675f9933c5d5461cea9224ed43beddef1a7b3a.tar.gz
glibc-df675f9933c5d5461cea9224ed43beddef1a7b3a.tar.xz
glibc-df675f9933c5d5461cea9224ed43beddef1a7b3a.zip
Fix infinite loop in ftell when writing wide char data (BZ #16398)
ftell tries to avoid flushing the buffer when it is in write mode by
converting the wide char data and placing it into the binary buffer.
If the output buffer space is full and there is data to write, the
code reverts to flushing the buffer.  This breaks when there is space
in the buffer but it is not enough to convert the next character in
the wide data buffer, due to which __codecvt_do_out returns a
__codecvt_partial status.  In this case, ftell keeps running in an
infinite loop.

The fix here is to detect the __codecvt_partial status in addition to
checking if the buffer is full.  I have also added a test case that
demonstrates the infinite loop.
Diffstat (limited to 'libio/wfileops.c')
-rw-r--r--libio/wfileops.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/libio/wfileops.c b/libio/wfileops.c
index 87d3cdcf33..877fc1f829 100644
--- a/libio/wfileops.c
+++ b/libio/wfileops.c
@@ -715,7 +715,7 @@ _IO_wfile_seekoff (fp, offset, dir, mode)
 		       - fp->_wide_data->_IO_write_base) / clen;
 	  else
 	    {
-	      enum __codecvt_result status;
+	      enum __codecvt_result status = __codecvt_ok;
 	      delta = (fp->_wide_data->_IO_write_ptr
 		       - fp->_wide_data->_IO_write_base);
 	      const wchar_t *write_base = fp->_wide_data->_IO_write_base;
@@ -728,9 +728,12 @@ _IO_wfile_seekoff (fp, offset, dir, mode)
 		 flush buffers for every ftell.  */
 	      do
 		{
-		  /* Ugh, no point trying to avoid the flush.  Just do it
-		     and go back to how it was with the read mode.  */
-		  if (delta > 0 && new_write_ptr == fp->_IO_buf_end)
+		  /* There is not enough space in the buffer to do the entire
+		     conversion, so there is no point trying to avoid the
+		     buffer flush.  Just do it and go back to how it was with
+		     the read mode.  */
+		  if (status == __codecvt_partial
+		      || (delta > 0 && new_write_ptr == fp->_IO_buf_end))
 		    {
 		      if (_IO_switch_to_wget_mode (fp))
 			return WEOF;