[BZ #5424, BZ #5428, BZ #5451]

2007-12-08  Ulrich Drepper  <drepper@redhat.com>
	[BZ #5424]
	* stdio-common/vfprintf.c: Do not overflow when adding to done.
	* stdio-common/Makefile (tests): Add bug22.
	* stdio-common/bug22.c: New file.

	[BZ #5451]
	* time/getdate.c: Fix filling in default values.
	* time/bug-getdate1.c: New file.
	* time/Makefile: Add rules to build and run bug-getdate1.

	* iconvdata/ebcdic-is-friss.c: Use 8bit-gap instead of 8bit-generic.
	* iconvdata/ebcdic-es.c: Likewise.
	* iconvdata/ebcdic-es-a.c: Likewise.
	* iconvdata/ebcdic-uk.c: Likewise.
	* iconvdata/iso8859-16.c: Likewise.
	* iconvdata/viscii.c: Likewise.
	* iconvdata/iso8859-9e.c: Likewise.
	* iconvdata/Makefile: Adjust appropriately.

	[BZ #5428]
	* wcsmbs/wchar.h: Unconditionally undefine __need_mbstate and
	__need_wint_t.

	* iconvdata/gconv-modules: Likewise.

3 files changed, 56 insertions, 10 deletions

diff --git a/stdio-common/Makefile b/stdio-common/Makefile
index db622af22b..f9fc9da306 100644
--- a/stdio-common/Makefile
+++ b/stdio-common/Makefile
@@ -57,7 +57,7 @@ tests := tstscanf test_rdwr test-popen tstgetln test-fseek \
 	 tst-perror tst-sprintf tst-rndseek tst-fdopen tst-fphex bug14 bug15 \
 	 tst-popen tst-unlockedio tst-fmemopen2 tst-put-error tst-fgets \
 	 tst-fwrite bug16 bug17 tst-swscanf tst-sprintf2 bug18 bug18a \
-	 bug19 bug19a tst-popen2 scanf13 scanf14 scanf15 bug20 bug21
+	 bug19 bug19a tst-popen2 scanf13 scanf14 scanf15 bug20 bug21 bug22
 
 test-srcs = tst-unbputc tst-printf
 
diff --git a/stdio-common/bug22.c b/stdio-common/bug22.c
new file mode 100644
index 0000000000..2228388b47
--- /dev/null
+++ b/stdio-common/bug22.c
@@ -0,0 +1,32 @@
+/* BZ #5424 */
+#include <stdio.h>
+
+#define N 2147483648
+
+#define STRINGIFY(S) #S
+#define MAKE_STR(S) STRINGIFY(S)
+
+#define SN MAKE_STR(N)
+
+static int
+do_test (void)
+{
+  int ret;
+
+  FILE *fp = fopen ("/dev/null", "w");
+  if (fp == NULL)
+    {
+      puts ("cannot open /dev/null");
+      return 1;
+    }
+
+  ret = fprintf (fp, "%" SN "d%" SN "d", 1, 1);
+
+  printf ("ret = %d\n", ret);
+
+  return ret != -1;
+}
+
+#define TIMEOUT 30
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"
diff --git a/stdio-common/vfprintf.c b/stdio-common/vfprintf.c
index 434ad86b61..d10a5c6a13 100644
--- a/stdio-common/vfprintf.c
+++ b/stdio-common/vfprintf.c
@@ -64,6 +64,19 @@
     } while (0)
 #define UNBUFFERED_P(S) ((S)->_IO_file_flags & _IO_UNBUFFERED)
 
+#define done_add(val) \
+  do {									      \
+    unsigned int _val = val;						      \
+    assert ((unsigned int) done < (unsigned int) INT_MAX);		      \
+    if (__builtin_expect ((unsigned int) INT_MAX - (unsigned int) done	      \
+			  < _val, 0))					      \
+      {									      \
+	done = -1;							      \
+	goto all_done;							      \
+      }									      \
+    done += _val;							      \
+  } while (0)
+
 #ifndef COMPILE_WPRINTF
 # define vfprintf	_IO_vfprintf_internal
 # define CHAR_T		char
@@ -76,7 +89,7 @@
 # define PUT(F, S, N)	_IO_sputn ((F), (S), (N))
 # define PAD(Padchar) \
   if (width > 0)							      \
-    done += INTUSE(_IO_padn) (s, (Padchar), width)
+    done_add (INTUSE(_IO_padn) (s, (Padchar), width))
 # define PUTC(C, F)	_IO_putc_unlocked (C, F)
 # define ORIENT		if (_IO_vtable_offset (s) == 0 && _IO_fwide (s, -1) != -1)\
 			  return -1
@@ -95,7 +108,7 @@
 # define PUT(F, S, N)	_IO_sputn ((F), (S), (N))
 # define PAD(Padchar) \
   if (width > 0)							      \
-    done += _IO_wpadn (s, (Padchar), width)
+    done_add (_IO_wpadn (s, (Padchar), width))
 # define PUTC(C, F)	_IO_putwc_unlocked (C, F)
 # define ORIENT		if (_IO_fwide (s, 1) != 1) return -1
 
@@ -116,20 +129,21 @@
   do									      \
     {									      \
       register const INT_T outc = (Ch);					      \
-      if (PUTC (outc, s) == EOF)					      \
+      if (PUTC (outc, s) == EOF || done == INT_MAX)			      \
 	{								      \
 	  done = -1;							      \
 	  goto all_done;						      \
 	}								      \
-      else								      \
-	++done;								      \
+      ++done;								      \
     }									      \
   while (0)
 
 #define outstring(String, Len)						      \
   do									      \
     {									      \
-      if ((size_t) PUT (s, (String), (Len)) != (size_t) (Len))		      \
+      assert ((size_t) done <= (size_t) INT_MAX);			      \
+      if ((size_t) PUT (s, (String), (Len)) != (size_t) (Len)		      \
+	  || (size_t) INT_MAX - (size_t) done < (size_t) (Len))		      \
 	{								      \
 	  done = -1;							      \
 	  goto all_done;						      \
@@ -811,7 +825,7 @@ vfprintf (FILE *s, const CHAR_T *format, va_list ap)
 	    goto all_done;						      \
 	  }								      \
 									      \
-	done += function_done;						      \
+	done_add (function_done);					      \
       }									      \
       break;								      \
 									      \
@@ -865,7 +879,7 @@ vfprintf (FILE *s, const CHAR_T *format, va_list ap)
 	    goto all_done;						      \
 	  }								      \
 									      \
-	done += function_done;						      \
+	done_add (function_done);					      \
       }									      \
       break;								      \
 									      \
@@ -1893,7 +1907,7 @@ do_positional:
 		  goto all_done;
 		}
 
-	      done += function_done;
+	      done_add (function_done);
 	    }
 	    break;
 	  }