diff options
author | José Bollo <jobol@nonadev.net> | 2022-03-08 09:58:16 +0100 |
---|---|---|
committer | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2022-03-08 14:25:32 -0300 |
commit | edc696a73a7cb07b1aa68792a845a98d036ee7eb (patch) | |
tree | 1702a42530d36697bfdb4f9dbe1426b306e47f88 /rt/tst-mqueue10-time64.c | |
parent | 2da6e439164c54bac4d5fd1320e32f8e16c1a6be (diff) | |
download | glibc-edc696a73a7cb07b1aa68792a845a98d036ee7eb.tar.gz glibc-edc696a73a7cb07b1aa68792a845a98d036ee7eb.tar.xz glibc-edc696a73a7cb07b1aa68792a845a98d036ee7eb.zip |
libio: Ensure output buffer for wchars (bug #28828)
The _IO_wfile_overflow does not check if the write pointer for wide data is valid before access, different than _IO_file_overflow. This leads to crash on some cases, as described by bug 28828. The minimal sequence to produce the crash was: #include <stdio.h> #include <wchar.h> int main (int ac, char **av) { setvbuf (stdout, NULL, _IOLBF, 0); fgetwc (stdin); fputwc (10, stdout); /*CRASH HERE!*/ return 0; } The "fgetwc(stdin);" is necessary since it triggers the bug by setting the flag _IO_CURRENTLY_PUTTING on stdout indirectly (file wfileops.c, function _IO_wfile_underflow, line 213). Signed-off-by: Jose Bollo <jobol@nonadev.net>
Diffstat (limited to 'rt/tst-mqueue10-time64.c')
0 files changed, 0 insertions, 0 deletions