summary refs log tree commit diff
path: root/stdio-common
diff options
context:
space:
mode:
authorZack Weinberg <zackw@panix.com>2018-03-07 14:32:03 -0500
committerGabriel F. T. Gomes <gabriel@inconstante.eti.br>2018-12-05 18:15:43 -0200
commit4e2f43f842ef5e253cc23383645adbaa03cedb86 (patch)
treeca359423ba6ed4bb4d5ec247905a6ee13d456864 /stdio-common
parent124fc732c15ef37b7ee9db25b1e9f9b20c799623 (diff)
downloadglibc-4e2f43f842ef5e253cc23383645adbaa03cedb86.tar.gz
glibc-4e2f43f842ef5e253cc23383645adbaa03cedb86.tar.xz
glibc-4e2f43f842ef5e253cc23383645adbaa03cedb86.zip
Use PRINTF_FORTIFY instead of _IO_FLAGS2_FORTIFY (bug 11319)
The _chk variants of all of the printf functions become much simpler.
This is the last thing that we needed _IO_acquire_lock_clear_flags2
for, so it can go as well.  I took the opportunity to make the headers
included and the names of all local variables consistent across all the
affected files.

Since we ultimately want to get rid of __no_long_double as well, it
must be possible to get all of the nontrivial effects of the _chk
functions by calling the _internal functions with appropriate flags.
For most of the __(v)xprintf_chk functions, this is covered by
PRINTF_FORTIFY plus some up-front argument checks that can be
duplicated.  However, __(v)sprintf_chk installs a custom jump table so
that it can crash instead of overflowing the output buffer.  This
functionality is moved to __vsprintf_internal, which now has a
'maxlen' argument like __vsnprintf_internal; to get the unsafe
behavior of ordinary (v)sprintf, pass -1 for that argument.

obstack_printf_chk and obstack_vprintf_chk are no longer in the same
file.

As a side-effect of the unification of both fortified and non-fortified
vdprintf initialization, this patch fixes bug 11319 for __dprintf_chk
and __vdprintf_chk, which was previously fixed only for dprintf and
vdprintf by the commit

commit 7ca890b88e6ab7624afb1742a9fffb37ad5b3fc3
Author: Ulrich Drepper <drepper@redhat.com>
Date:   Wed Feb 24 16:07:57 2010 -0800

    Fix reporting of I/O errors in *dprintf functions.

This patch adds a test case to avoid regressions.

Tested for powerpc and powerpc64le.
Diffstat (limited to 'stdio-common')
-rw-r--r--stdio-common/Makefile6
-rw-r--r--stdio-common/sprintf.c2
-rw-r--r--stdio-common/tst-bz11319-fortify2.c1
-rw-r--r--stdio-common/tst-bz11319.c49
-rw-r--r--stdio-common/vfprintf-internal.c2
5 files changed, 56 insertions, 4 deletions
diff --git a/stdio-common/Makefile b/stdio-common/Makefile
index 84bad1fafe..8978b3fb1f 100644
--- a/stdio-common/Makefile
+++ b/stdio-common/Makefile
@@ -64,7 +64,7 @@ tests := tstscanf test_rdwr test-popen tstgetln test-fseek \
 	 tst-vfprintf-user-type \
 	 tst-vfprintf-mbs-prec \
 	 tst-scanf-round \
-	 tst-renameat2 \
+	 tst-renameat2 tst-bz11319 tst-bz11319-fortify2 \
 
 test-srcs = tst-unbputc tst-printf tst-printfsz-islongdouble
 
@@ -164,6 +164,10 @@ CFLAGS-test_rdwr.c += -DOBJPFX=\"$(objpfx)\"
 # tst-gets.c tests a deprecated function.
 CFLAGS-tst-gets.c += -Wno-deprecated-declarations
 
+# BZ #11319 was first fixed for regular vdprintf, then reopened because
+# the fortified version had the same bug.
+CFLAGS-tst-bz11319-fortify2.c += -D_FORTIFY_SOURCE=2
+
 CPPFLAGS += $(libio-mtsafe)
 
 $(objpfx)tst-setvbuf1.out: /dev/null $(objpfx)tst-setvbuf1
diff --git a/stdio-common/sprintf.c b/stdio-common/sprintf.c
index 77423b292f..447faa4e25 100644
--- a/stdio-common/sprintf.c
+++ b/stdio-common/sprintf.c
@@ -27,7 +27,7 @@ __sprintf (char *s, const char *format, ...)
   int done;
 
   va_start (arg, format);
-  done = __vsprintf_internal (s, format, arg, 0);
+  done = __vsprintf_internal (s, -1, format, arg, 0);
   va_end (arg);
 
   return done;
diff --git a/stdio-common/tst-bz11319-fortify2.c b/stdio-common/tst-bz11319-fortify2.c
new file mode 100644
index 0000000000..a8df9a39bd
--- /dev/null
+++ b/stdio-common/tst-bz11319-fortify2.c
@@ -0,0 +1 @@
+#include <tst-bz11319.c>
diff --git a/stdio-common/tst-bz11319.c b/stdio-common/tst-bz11319.c
new file mode 100644
index 0000000000..f986c39a66
--- /dev/null
+++ b/stdio-common/tst-bz11319.c
@@ -0,0 +1,49 @@
+/* Regression test for bug 11319.
+   Copyright (C) 2018 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#define _GNU_SOURCE 1
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <support/check.h>
+#include <support/temp_file.h>
+#include <support/xunistd.h>
+
+static int
+do_test (void)
+{
+  char *tempfile;
+  int fd;
+
+  /* Create a temporary file and open it in read-only mode.  */
+  TEST_VERIFY_EXIT (create_temp_file ("tst-bz11319", &tempfile));
+  fd = xopen (tempfile, O_RDONLY, 0660);
+
+  /* Try and write to the temporary file to intentionally fail, then
+     check that dprintf (or __dprintf_chk) return EOF.  */
+  TEST_COMPARE (dprintf (fd, "%d", 0), EOF);
+
+  xclose (fd);
+  free (tempfile);
+
+  return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/stdio-common/vfprintf-internal.c b/stdio-common/vfprintf-internal.c
index b0c86e99bd..4cc4261ead 100644
--- a/stdio-common/vfprintf-internal.c
+++ b/stdio-common/vfprintf-internal.c
@@ -1283,8 +1283,6 @@ vfprintf (FILE *s, const CHAR_T *format, va_list ap, unsigned int mode_flags)
   /* Temporarily honor environmental settings.  */
   if (__ldbl_is_dbl)
     mode_flags |= PRINTF_LDBL_IS_DBL;
-  if (s->_flags2 & _IO_FLAGS2_FORTIFY)
-    mode_flags |= PRINTF_FORTIFY;
 
   /* Orient the stream.  */
 #ifdef ORIENT