about summary refs log tree commit diff
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2023-03-20 19:07:54 -0400
committerRich Felker <dalias@aerifal.cx>2023-03-21 09:11:17 -0400
commit3a051769c4a91c3a7d1f1310d888faa4abf363e7 (patch)
tree440dfaaaca3c36ade1b998a7585863850358be97
parent0440ed69eac766c712e974358c3e09d63e330f40 (diff)
downloadmusl-3a051769c4a91c3a7d1f1310d888faa4abf363e7.tar.gz
musl-3a051769c4a91c3a7d1f1310d888faa4abf363e7.tar.xz
musl-3a051769c4a91c3a7d1f1310d888faa4abf363e7.zip
fix (normal, narrow) printf erroneously processing %n after output errors
unlike with wide printf variants, encoding errors are not a vector by
which this bug is reachable, and the out() helper function already
ensured that no further output could be written after an output error,
transient or otherwise. however, the %n specifier could still be
processed after an error, yielding a side effect that wrongly implied
output had succeeded.

due to buffering effects, it's still possible for %n to show output as
having "succeeded", but for it never to appear on the underlying file
due to an error at flush time. this change, however, ensures that
processing of %n does not conflict with any error which has already
been seen.
-rw-r--r--src/stdio/vfprintf.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/stdio/vfprintf.c b/src/stdio/vfprintf.c
index 45557951..2dbdb5e2 100644
--- a/src/stdio/vfprintf.c
+++ b/src/stdio/vfprintf.c
@@ -530,6 +530,9 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg,
 
 		if (!f) continue;
 
+		/* Do not process any new directives once in error state. */
+		if (ferror(f)) return -1;
+
 		z = buf + sizeof(buf);
 		prefix = "-+   0X0x";
 		pl = 0;