Initialize wide struct info.

Fixes 15381. Using wide character function is on byte oriented memstream is undefined behaviour. This behaviour was masked by not initializing wide struct info. We now initialize it to cause a predictable crash.
2024-11-27 03:41:23 +08:00 · 2013-05-24 08:34:10 +02:00 · 2013-05-24 08:34:10 +02:00 · bae143d270
commit bae143d270
parent d4ea44a04b
3 changed files with 12 additions and 3 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+2013-05-24  Ondřej Bílka  <neleai@seznam.cz>
+
+	[BZ #15381]
+	* libio/genops.c (_IO_no_init): Initialize wide struct info.
+
 2013-05-23  Edjunior Machado  <emachado@linux.vnet.ibm.com>

 	[BZ #14894]
--- a/6
+++ b/6
@ -16,9 +16,9 @@ Version 2.18
  15007, 15014, 15020, 15023, 15036, 15054, 15055, 15062, 15078, 15084,
  15085, 15086, 15160, 15214, 15221, 15232, 15234, 15283, 15285, 15287,
  15304, 15305, 15307, 15309, 15327, 15330, 15335, 15336, 15337, 15339,
-  15342, 15346, 15359, 15361, 15366, 15380, 15394, 15395, 15405, 15406,
-  15409, 15416, 15418, 15419, 15423, 15424, 15426, 15429, 15441, 15442,
-  15448, 15480, 15485, 15488, 15490, 15493, 15497, 15506.
+  15342, 15346, 15359, 15361, 15366, 15380, 15381, 15394, 15395, 15405,
+  15406, 15409, 15416, 15418, 15419, 15423, 15424, 15426, 15429, 15441,
+  15442, 15448, 15480, 15485, 15488, 15490, 15493, 15497, 15506.

 * CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla
  #15078).
--- a/libio/genops.c
+++ b/libio/genops.c
@ -661,6 +661,10 @@ _IO_no_init (fp, flags, orientation, wd, jmp)

      fp->_wide_data->_wide_vtable = jmp;
    }
+  else
+    /* Cause predictable crash when a wide function is called on a byte
+       stream.  */
+    fp->_wide_data = (struct _IO_wide_data *) -1L;
 #endif
  fp->_freeres_list = NULL;
 }