diff options
| author | Rich Felker <dalias@aerifal.cx> | 2018-08-29 23:45:43 -0400 |
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2018-08-29 23:45:43 -0400 |
| commit | f1791f42ef6d22e68dfc1ee45c0a478b156ce46d (patch) | |
| tree | d3b784e175e9b701e2f25213070b4ae7251e21e8 | |
| parent | ddc947eda311331959c73dbc4491afcfe2326346 (diff) | |
| download | musl-f1791f42ef6d22e68dfc1ee45c0a478b156ce46d.tar.gz musl-f1791f42ef6d22e68dfc1ee45c0a478b156ce46d.tar.xz musl-f1791f42ef6d22e68dfc1ee45c0a478b156ce46d.zip | |
re-fix vfprintf temporary buffer logic
commit b5a8b28915aad17b6f49ccacd6d3fef3890844d1 setup the write buffer bound pointers for the temporary buffer manually to fix a buffer overflow issue, but in doing so, caused vfprintf on unbuffered files never to call __towrite, thereby failing to set the stream orientation to byte-oriented, failing to clear any prior read mode, and failing to produce an error when the stream is not writable. revert the inline setup of the bounds pointers and instead zero them, so that the underlying fwrite code will call __towrite to set them up.
| -rw-r--r-- | src/stdio/vfprintf.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/stdio/vfprintf.c b/src/stdio/vfprintf.c index 5e7be717..af069d13 100644 --- a/src/stdio/vfprintf.c +++ b/src/stdio/vfprintf.c @@ -674,9 +674,9 @@ int vfprintf(FILE *restrict f, const char *restrict fmt, va_list ap) if (f->mode < 1) f->flags &= ~F_ERR; if (!f->buf_size) { saved_buf = f->buf; - f->wpos = f->wbase = f->buf = internal_buf; + f->buf = internal_buf; f->buf_size = sizeof internal_buf; - f->wend = internal_buf + sizeof internal_buf; + f->wpos = f->wbase = f->wend = 0; } ret = printf_core(f, fmt, &ap2, nl_arg, nl_type); if (saved_buf) { |