glibc/libio
Peter Ammon 18596c5415 libio: Fix crash in fputws [BZ #20632]
This fixes a buffer overflow in wide character string output, reproducing
when output fails, such as if the output fd is closed or is redirected
to a full device.

Wide character output data attempts to maintain the invariant that
`_IO_buf_base <= _IO_write_base <= _IO_write_end <= _IO_buf_end` (that is,
that the write region is a sub-region of `_IO_buf`). Prior to this commit,
this invariant is violated by the `_IO_wfile_overflow` function as so:

1. `_IO_wsetg` is called, assigning `_IO_write_base` to `_IO_buf_base`
2. `_IO_doallocbuf` is called, which jumps to `_IO_wfile_doallocate` via
    the _IO_wfile_jumps vtable. This function then assigns the wide data
    `_IO_buf_base` and `_IO_buf_end` to a malloc'd buffer.

Thus the invariant is violated. The fix is simply to reverse the order:
malloc the `_IO_buf` first and then assign `_IO_write_base` to it.

We also take this opportunity to defensively guard the initialization of
the number of unwritten characters via pointer arithmetic. We now check
that the buffer end is not before the buffer beginning; this matches a
similar defensive check in the narrow analogue `fileops.c`.

Add a test which fails without the fix.

Signed-off-by: Peter Ammon <corydoras@ridiculousfish.com>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2024-10-25 15:05:06 -03:00
..
bits Fix name space violation in fortify wrappers (bug 32052) 2024-08-05 16:49:58 +02:00
__fbufsize.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
__flbf.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
__fpending.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
__fpurge.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
__freadable.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
__freading.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
__fsetlocking.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
__fwritable.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
__fwriting.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
bug-fopena+.c
bug-fseek.c
bug-ftell.c
bug-memstream1.c
bug-mmap-fflush.c
bug-rewind2.c
bug-rewind.c
bug-ungetc2.c
bug-ungetc3.c
bug-ungetc4.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
bug-ungetc.c
bug-ungetwc1.c
bug-ungetwc2.c
bug-wfflush.c
bug-wmemstream1.c
bug-wsetpos.c libio/bug-wsetpos: Make the error message match the causing function 2024-05-13 12:50:48 +01:00
clearerr_u.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
clearerr.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
Depend
fcloseall.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
feof_u.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
feof.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
ferror_u.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
ferror.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
filedoalloc.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
fileno.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
fileops.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
fmemopen.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
fputc_u.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
fputc.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
fputwc_u.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
fputwc.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
freopen64.c Fix freopen handling of ,ccs= (bug 23675) 2024-09-05 20:08:10 +00:00
freopen.c Fix freopen handling of ,ccs= (bug 23675) 2024-09-05 20:08:10 +00:00
fseek.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
fseeko64.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
fseeko.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
ftello64.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
ftello.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
fwide.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
fwprintf.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
fwscanf.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
genops.c libio: Attempt wide backup free only for non-legacy code 2024-09-04 09:29:35 -04:00
getc_u.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
getc.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
getchar_u.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
getchar.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
getwc_u.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
getwc.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
getwchar_u.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
getwchar.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofclose.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofdopen.c Remove memory leak in fdopen (bug 31840) 2024-06-04 14:42:06 +02:00
iofflush_u.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofflush.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofgetpos64.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofgetpos.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofgets_u.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofgets.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofgetws_u.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofgetws.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofopen64.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofopen.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofopncook.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofputs_u.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofputs.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofputws_u.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofputws.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofread_u.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofread.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofsetpos64.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofsetpos.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
ioftell.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofwide.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofwrite_u.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iofwrite.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iogetdelim.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iogetline.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iogets.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iogetwline.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iolibio.h
iopadn.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iopopen.c libio: Fix a deadlock after fork in popen 2024-10-23 13:40:16 +02:00
ioputs.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
ioseekoff.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
ioseekpos.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iosetbuffer.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iosetvbuf.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
ioungetc.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
ioungetwc.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iovdprintf.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iovsprintf.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iovsscanf.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iovswscanf.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
iowpadn.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
libc_fatal.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
libio-macros.sym
libio.h Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
libioP.h libio: Fix a deadlock after fork in popen 2024-10-23 13:40:16 +02:00
Makefile libio: Fix crash in fputws [BZ #20632] 2024-10-25 15:05:06 -03:00
memstream.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
obprintf.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
oldfileops.c libio: Set _vtable_offset before calling _IO_link_in [BZ #32148] 2024-10-01 07:31:25 +08:00
oldfmemopen.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
oldiofclose.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
oldiofdopen.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
oldiofgetpos64.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
oldiofgetpos.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
oldiofopen.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
oldiofsetpos64.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
oldiofsetpos.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
oldiopopen.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
oldpclose.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
oldstdfiles.c Change _IO_stderr_/_IO_stdin_/_IO_stdout to compat symbols [BZ #31766] 2024-05-21 10:12:25 -07:00
oldtmpfile.c posix: Sync tempname with gnulib 2024-04-10 14:53:39 -03:00
pclose.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
peekc.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
putc_u.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
putc.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
putchar_u.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
putchar.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
putwc_u.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
putwc.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
putwchar_u.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
putwchar.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
rewind.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
setbuf.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
setlinebuf.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
stdfiles.c Use a doubly-linked list for _IO_list_all (bug 27777) 2024-05-17 14:13:25 -07:00
stdio.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
stdio.h <stdio.h>: Acknowledge that getdelim/getline are in POSIX 2024-06-11 22:17:12 +01:00
strfile.h Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
strops.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
swprintf.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
swscanf.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
test-fmemopen.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
test-fputs-unbuffered-full.c libio: Fix crash in fputws [BZ #20632] 2024-10-25 15:05:06 -03:00
test-fputws-unbuffered-full.c libio: Fix crash in fputws [BZ #20632] 2024-10-25 15:05:06 -03:00
test-freopen.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
test-freopen.sh Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst_getwc.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst_getwc.input
tst_putwc.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst_swprintf.c
tst_swscanf.c
tst_wprintf2.c
tst_wprintf.c
tst_wscanf.c
tst_wscanf.input
tst-atime.c
tst-bz22415.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-bz24051.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-bz24153.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-bz24228.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-bz24228.map
tst-bz28828.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-bz28828.input
tst-cleanup-default-static.c
tst-cleanup-default.c
tst-cleanup-nostart-stop-gc-static.c
tst-cleanup-nostart-stop-gc.c
tst-cleanup-start-stop-gc-static.c
tst-cleanup-start-stop-gc.c
tst-cleanup.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-cleanup.exp
tst-closeall.c libio: handle opening a file when all files are closed (bug 31963) 2024-07-09 10:12:36 +02:00
tst-eof.c
tst-ext2.c
tst-ext.c
tst-fclose-unopened2.c Add another test for fclose on an unopened file 2024-09-20 10:32:35 -04:00
tst-fclose-unopened2.input Add another test for fclose on an unopened file 2024-09-20 10:32:35 -04:00
tst-fclose-unopened.c Add another test for fclose on an unopened file 2024-09-20 10:32:35 -04:00
tst-fdopen-seek-failure.c libio: Test for fdopen memory leak without SEEK_END support (bug 31840) 2024-06-04 16:09:33 +02:00
tst-fgetc-after-eof.c
tst-fgetwc.c
tst-fgetwc.input
tst-fgetws.c
tst-fopen-compat.c libio: Set _vtable_offset before calling _IO_link_in [BZ #32148] 2024-10-01 07:31:25 +08:00
tst-fopenloc2.c
tst-fopenloc.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-fputws.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-freopen.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-fseek.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-ftell-active-handler.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-ftell-append.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-ftell-partial-wide.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-fwrite-error.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-getdelim.c libio/tst-getdelim: Add new test covering NUL as a delimiter 2024-08-14 11:48:34 +02:00
tst-memstream1.c
tst-memstream2.c
tst-memstream3.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-memstream4.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-memstream.h Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-mmap2-eofsync.c
tst-mmap-eofsync.c
tst-mmap-fflushsync.c
tst-mmap-offend.c
tst-mmap-setvbuf.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-popen1.c
tst-popen-fork.c libio: Fix a deadlock after fork in popen 2024-10-23 13:40:16 +02:00
tst-setvbuf1.c
tst-sprintf-chk-ub.c
tst-sprintf-ub.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-sscanf.c
tst-stderr-compat.c Add crt1-2.0.o for glibc 2.0 compatibility tests 2024-05-06 07:49:40 -07:00
tst-swscanf.c
tst-ungetwc1.c
tst-ungetwc2.c
tst-vtables-common.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-vtables-interposed.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-vtables.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-wfile-sync.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-widetext.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-widetext.input
tst-wmemstream1.c
tst-wmemstream2.c
tst-wmemstream3.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-wmemstream4.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
tst-wmemstream5.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
vasprintf.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
Versions
vscanf.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
vsnprintf.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
vswprintf.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
vtables.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
vwprintf.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
vwscanf.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
wfiledoalloc.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
wfileops.c libio: Fix crash in fputws [BZ #20632] 2024-10-25 15:05:06 -03:00
wgenops.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
wmemstream.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
wprintf.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
wscanf.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
wstrops.c Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00