Use PRINTF_FORTIFY instead of _IO_FLAGS2_FORTIFY (bug 11319)

The _chk variants of all of the printf functions become much simpler.
This is the last thing that we needed _IO_acquire_lock_clear_flags2
for, so it can go as well.  I took the opportunity to make the headers
included and the names of all local variables consistent across all the
affected files.

Since we ultimately want to get rid of __no_long_double as well, it
must be possible to get all of the nontrivial effects of the _chk
functions by calling the _internal functions with appropriate flags.
For most of the __(v)xprintf_chk functions, this is covered by
PRINTF_FORTIFY plus some up-front argument checks that can be
duplicated.  However, __(v)sprintf_chk installs a custom jump table so
that it can crash instead of overflowing the output buffer.  This
functionality is moved to __vsprintf_internal, which now has a
'maxlen' argument like __vsnprintf_internal; to get the unsafe
behavior of ordinary (v)sprintf, pass -1 for that argument.

obstack_printf_chk and obstack_vprintf_chk are no longer in the same
file.

As a side-effect of the unification of both fortified and non-fortified
vdprintf initialization, this patch fixes bug 11319 for __dprintf_chk
and __vdprintf_chk, which was previously fixed only for dprintf and
vdprintf by the commit

commit 7ca890b88e
Author: Ulrich Drepper <drepper@redhat.com>
Date:   Wed Feb 24 16:07:57 2010 -0800

    Fix reporting of I/O errors in *dprintf functions.

This patch adds a test case to avoid regressions.

Tested for powerpc and powerpc64le.
This commit is contained in:
Zack Weinberg 2018-03-07 14:32:03 -05:00 committed by Gabriel F. T. Gomes
parent 124fc732c1
commit 4e2f43f842
35 changed files with 413 additions and 551 deletions

View File

@ -1,3 +1,92 @@
2018-12-05 Zack Weinberg <zackw@panix.com>
Gabriel F. T. Gomes <gabriel@inconstante.eti.br>
[BZ #11319]
* libio/iovsprintf.c (_IO_str_chk_overflow, libio_vtable):
Moved here from debug/vsprintf_chk.c.
(__vsprintf_internal): Add 'maxlen' argument. Change the setup
and completion logic for the strfile to match exactly what
__vsprintf_chk used to do, except, when maxlen is -1, pass -1 to
_IO_str_init_static_internal instead of maxlen-1.
(__vsprintf): Pass -1 as maxlen to __vsprintf_internal.
* stdio-common/sprintf.c (__sprintf): Pass -1 as maxlen to
__vsprintf_internal.
* debug/vsprintf_chk.c (__vsprintf_chk)
* debug/sprintf_chk.c (__sprintf_chk):
Directly call __vsprintf_internal, passing PRINTF_FORTIFY if
'flags' argument is positive, and slen as maxlen. No need to lock
the FILE and/or construct a temporary FILE. Minimize and normalize
header inclusions and variable names. Do not libc_hidden_def anything.
* debug/asprintf_chk.c (__asprintf_chk)
* debug/dprintf_chk.c (__dprintf_chk)
* debug/fprintf_chk.c (__fprintf_chk)
* debug/fwprintf_chk.c (__fwprintf_chk)
* debug/printf_chk.c (__printf_chk)
* debug/snprintf_chk.c (__snprintf_chk)
* debug/swprintf_chk.c (__swprintf_chk)
* debug/vasprintf_chk.c (__vasprintf_chk)
* debug/vdprintf_chk.c (__vdprintf_chk)
* debug/vfprintf_chk.c (__vfprintf_chk)
* debug/vfwprintf_chk.c (__vfwprintf_chk)
* debug/vprintf_chk.c (__vprintf_chk)
* debug/vsnprintf_chk.c (__vsnprintf_chk)
* debug/vswprintf_chk.c (__vswprintf_chk)
* debug/vwprintf_chk.c (__vwprintf_chk)
* debug/wprintf_chk.c (__wprintf_chk):
Directly call the corresponding vxxprintf_internal function, passing
PRINTF_FORTIFY if 'flag' argument is positive. No need to lock
the FILE and/or construct a temporary FILE. Minimize and normalize
header inclusions and variable names. Do not libc_hidden_def anything.
* debug/obprintf_chk.c (__obstack_printf_chk): Directly call
__obstack_vprintf_internal.
(__obstack_vprintf_chk): Convert into a wrapper that calls
__obstack_vprintf_internal (these two functions already had the
same code) and move to new file...
* debug/vobprintf_chk.c (__obstack_vprintf_chk): ... here. New
file.
* debug/obprintf.c (__obstack_vprintf_internal): Remove the checking of
the flags argument and the setting of _IO_FLAGS2_FORTIFY.
* debug/Makefile (routines): Add vobprintf_chk.
* sysdeps/ieee754/ldbl-opt/nldbl-compat.c
(__nldbl___vsprintf): Pass -1 as maxlen to __vsprintf_internal.
(__nldbl___vfprintf_chk, __nldbl___vsnprintf_chk)
(__nldbl___vsprintf_chk, __nldbl___vswprintf_chk)
(__nldbl___vasprintf_chk, __nldbl___vdprintf_chk)
(__nldbl___obstack_vfprintf_chk):
Directly call the corresponding vxxprintf_internal function,
passing PRINTF_FORTIFY if 'flag' argument is positive. If necessary,
duplicate comparison of slen with 0 or maxlen from the corresponding
non-__nldbl function.
* include/stdio.h (__vsnprintf_chk, __vfprintf_chk, __vasprintf_chk)
(__vdprintf_chk, __obstack_vfprintf_chk): Remove libc_hidden_proto.
* include/wchar.h (__vfwprintf_chk, __vswprintf_chk):
Remove libc_hidden_proto.
* stdio-common/vfprintf-internal.c
(__vfprintf_internal, __vfwprintf_internal):
Do not check _IO_FLAGS2_FORTIFY.
* libio/libio.h (_IO_FLAGS2_FORTIFY): Remove.
* libio/libioP.h: Update prototype of __vsprintf_internal and add
a comment explaining why it has the maxlen argument.
(_IO_acquire_lock_clear_flags2_fct): Remove.
(_IO_acquire_lock_clear_flags2): Remove.
(_IO_release_lock): Remove conditional statement which will
now never execute.
(_IO_acquire_lock): Remove variable which is now unused.
* sysdeps/generic/stdio-lock.h (_IO_acquire_lock_clear_flags2): Remove.
* sysdeps/nptl/stdio-lock.h (_IO_acquire_lock_clear_flags2): Remove.
* stdio-common/Makefile (tests): Add tst-bz11319 and
tst-bz11319-fortify2.
(CFLAGS-tst-bz11319-fortify2.c): New macro.
* stdio-common/tst-bz11319-fortify2.c: New file.
* stdio-common/tst-bz11319.c: Likewise.
2018-12-05 Zack Weinberg <zackw@panix.com> 2018-12-05 Zack Weinberg <zackw@panix.com>
Gabriel F. T. Gomes <gabriel@inconstante.eti.br> Gabriel F. T. Gomes <gabriel@inconstante.eti.br>

View File

@ -45,7 +45,7 @@ routines = backtrace backtracesyms backtracesymsfd noophooks \
gethostname_chk getdomainname_chk wcrtomb_chk mbsnrtowcs_chk \ gethostname_chk getdomainname_chk wcrtomb_chk mbsnrtowcs_chk \
wcsnrtombs_chk mbsrtowcs_chk wcsrtombs_chk mbstowcs_chk \ wcsnrtombs_chk mbsrtowcs_chk wcsrtombs_chk mbstowcs_chk \
wcstombs_chk asprintf_chk vasprintf_chk dprintf_chk \ wcstombs_chk asprintf_chk vasprintf_chk dprintf_chk \
vdprintf_chk obprintf_chk \ vdprintf_chk obprintf_chk vobprintf_chk \
longjmp_chk ____longjmp_chk \ longjmp_chk ____longjmp_chk \
fdelt_chk poll_chk ppoll_chk \ fdelt_chk poll_chk ppoll_chk \
explicit_bzero_chk \ explicit_bzero_chk \

View File

@ -15,22 +15,24 @@
License along with the GNU C Library; if not, see License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <libioP.h>
#include <stdarg.h> #include <stdarg.h>
#include <stdio.h> #include <libio/libioP.h>
/* Write formatted output from FORMAT to a string which is /* Write formatted output from FORMAT to a string which is
allocated with malloc and stored in *STRING_PTR. */ allocated with malloc and stored in *STRING_PTR. */
int int
__asprintf_chk (char **result_ptr, int flags, const char *format, ...) __asprintf_chk (char **result_ptr, int flag, const char *format, ...)
{ {
va_list arg; /* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
int done; can only come from read-only format strings. */
unsigned int mode = (flag > 0) ? PRINTF_FORTIFY : 0;
va_list ap;
int ret;
va_start (arg, format); va_start (ap, format);
done = __vasprintf_chk (result_ptr, flags, format, arg); ret = __vasprintf_internal (result_ptr, format, ap, mode);
va_end (arg); va_end (ap);
return done; return ret;
} }

View File

@ -15,21 +15,23 @@
License along with the GNU C Library; if not, see License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <libioP.h>
#include <stdarg.h> #include <stdarg.h>
#include <stdio.h> #include <libio/libioP.h>
/* Write formatted output to D, according to the format string FORMAT. */ /* Write formatted output to D, according to the format string FORMAT. */
int int
__dprintf_chk (int d, int flags, const char *format, ...) __dprintf_chk (int d, int flag, const char *format, ...)
{ {
va_list arg; /* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
int done; can only come from read-only format strings. */
unsigned int mode = (flag > 0) ? PRINTF_FORTIFY : 0;
va_list ap;
int ret;
va_start (arg, format); va_start (ap, format);
done = __vdprintf_chk (d, flags, format, arg); ret = __vdprintf_internal (d, format, ap, mode);
va_end (arg); va_end (ap);
return done; return ret;
} }

View File

@ -16,29 +16,23 @@
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <stdarg.h> #include <stdarg.h>
#include <stdio.h> #include <libio/libioP.h>
#include "../libio/libioP.h"
/* Write formatted output to FP from the format string FORMAT. */ /* Write formatted output to FP from the format string FORMAT. */
int int
___fprintf_chk (FILE *fp, int flag, const char *format, ...) ___fprintf_chk (FILE *fp, int flag, const char *format, ...)
{ {
/* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
can only come from read-only format strings. */
unsigned int mode = (flag > 0) ? PRINTF_FORTIFY : 0;
va_list ap; va_list ap;
int done; int ret;
_IO_acquire_lock_clear_flags2 (fp);
if (flag > 0)
fp->_flags2 |= _IO_FLAGS2_FORTIFY;
va_start (ap, format); va_start (ap, format);
done = vfprintf (fp, format, ap); ret = __vfprintf_internal (fp, format, ap, mode);
va_end (ap); va_end (ap);
if (flag > 0) return ret;
fp->_flags2 &= ~_IO_FLAGS2_FORTIFY;
_IO_release_lock (fp);
return done;
} }
ldbl_strong_alias (___fprintf_chk, __fprintf_chk) ldbl_strong_alias (___fprintf_chk, __fprintf_chk)

View File

@ -16,28 +16,22 @@
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <stdarg.h> #include <stdarg.h>
#include <wchar.h> #include <libio/libioP.h>
#include "../libio/libioP.h"
/* Write formatted output to FP from the format string FORMAT. */ /* Write formatted output to FP from the format string FORMAT. */
int int
__fwprintf_chk (FILE *fp, int flag, const wchar_t *format, ...) __fwprintf_chk (FILE *fp, int flag, const wchar_t *format, ...)
{ {
/* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
can only come from read-only format strings. */
unsigned int mode = (flag > 0) ? PRINTF_FORTIFY : 0;
va_list ap; va_list ap;
int done; int ret;
_IO_acquire_lock_clear_flags2 (fp);
if (flag > 0)
fp->_flags2 |= _IO_FLAGS2_FORTIFY;
va_start (ap, format); va_start (ap, format);
done = __vfwprintf_internal (fp, format, ap, 0); ret = __vfwprintf_internal (fp, format, ap, mode);
va_end (ap); va_end (ap);
if (flag > 0) return ret;
fp->_flags2 &= ~_IO_FLAGS2_FORTIFY;
_IO_release_lock (fp);
return done;
} }

View File

@ -17,99 +17,23 @@
License along with the GNU C Library; if not, see License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <libio/libioP.h>
#include <stdlib.h>
#include <libioP.h>
#include "../libio/strfile.h"
#include <assert.h>
#include <string.h>
#include <errno.h>
#include <obstack.h>
#include <stdarg.h> #include <stdarg.h>
#include <stdio_ext.h>
struct _IO_obstack_file
{
struct _IO_FILE_plus file;
struct obstack *obstack;
};
extern const struct _IO_jump_t _IO_obstack_jumps libio_vtable attribute_hidden;
int
__obstack_vprintf_chk (struct obstack *obstack, int flags, const char *format,
va_list args)
{
struct obstack_FILE
{
struct _IO_obstack_file ofile;
} new_f;
int result;
int size;
int room;
#ifdef _IO_MTSAFE_IO
new_f.ofile.file.file._lock = NULL;
#endif
_IO_no_init (&new_f.ofile.file.file, _IO_USER_LOCK, -1, NULL, NULL);
_IO_JUMPS (&new_f.ofile.file) = &_IO_obstack_jumps;
room = obstack_room (obstack);
size = obstack_object_size (obstack) + room;
if (size == 0)
{
/* We have to handle the allocation a bit different since the
`_IO_str_init_static' function would handle a size of zero
different from what we expect. */
/* Get more memory. */
obstack_make_room (obstack, 64);
/* Recompute how much room we have. */
room = obstack_room (obstack);
size = room;
assert (size != 0);
}
_IO_str_init_static_internal ((struct _IO_strfile_ *) &new_f.ofile,
obstack_base (obstack),
size, obstack_next_free (obstack));
/* Now allocate the rest of the current chunk. */
assert (size == (new_f.ofile.file.file._IO_write_end
- new_f.ofile.file.file._IO_write_base));
assert (new_f.ofile.file.file._IO_write_ptr
== (new_f.ofile.file.file._IO_write_base
+ obstack_object_size (obstack)));
obstack_blank_fast (obstack, room);
new_f.ofile.obstack = obstack;
/* For flags > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
can only come from read-only format strings. */
if (flags > 0)
new_f.ofile.file.file._flags2 |= _IO_FLAGS2_FORTIFY;
result = __vfprintf_internal (&new_f.ofile.file.file, format, args, 0);
/* Shrink the buffer to the space we really currently need. */
obstack_blank_fast (obstack, (new_f.ofile.file.file._IO_write_ptr
- new_f.ofile.file.file._IO_write_end));
return result;
}
libc_hidden_def (__obstack_vprintf_chk)
int int
__obstack_printf_chk (struct obstack *obstack, int flags, const char *format, __obstack_printf_chk (struct obstack *obstack, int flag, const char *format,
...) ...)
{ {
int result; /* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
can only come from read-only format strings. */
unsigned int mode = (flag > 0) ? PRINTF_FORTIFY : 0;
va_list ap; va_list ap;
int ret;
va_start (ap, format); va_start (ap, format);
result = __obstack_vprintf_chk (obstack, flags, format, ap); ret = __obstack_vprintf_internal (obstack, format, ap, mode);
va_end (ap); va_end (ap);
return result;
return ret;
} }

View File

@ -16,29 +16,23 @@
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <stdarg.h> #include <stdarg.h>
#include <stdio.h> #include <libio/libioP.h>
#include "../libio/libioP.h"
/* Write formatted output to stdout from the format string FORMAT. */ /* Write formatted output to stdout from the format string FORMAT. */
int int
___printf_chk (int flag, const char *format, ...) ___printf_chk (int flag, const char *format, ...)
{ {
/* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
can only come from read-only format strings. */
unsigned int mode = (flag > 0) ? PRINTF_FORTIFY : 0;
va_list ap; va_list ap;
int done; int ret;
_IO_acquire_lock_clear_flags2 (stdout);
if (flag > 0)
stdout->_flags2 |= _IO_FLAGS2_FORTIFY;
va_start (ap, format); va_start (ap, format);
done = vfprintf (stdout, format, ap); ret = __vfprintf_internal (stdout, format, ap, mode);
va_end (ap); va_end (ap);
if (flag > 0) return ret;
stdout->_flags2 &= ~_IO_FLAGS2_FORTIFY;
_IO_release_lock (stdout);
return done;
} }
ldbl_strong_alias (___printf_chk, __printf_chk) ldbl_strong_alias (___printf_chk, __printf_chk)

View File

@ -15,25 +15,29 @@
License along with the GNU C Library; if not, see License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <libioP.h>
#include <stdarg.h> #include <stdarg.h>
#include <stdio.h> #include <libio/libioP.h>
/* Write formatted output into S, according to the format /* Write formatted output into S, according to the format
string FORMAT, writing no more than MAXLEN characters. */ string FORMAT, writing no more than MAXLEN characters. */
/* VARARGS5 */
int int
___snprintf_chk (char *s, size_t maxlen, int flags, size_t slen, ___snprintf_chk (char *s, size_t maxlen, int flag, size_t slen,
const char *format, ...) const char *format, ...)
{ {
va_list arg; if (__glibc_unlikely (slen < maxlen))
int done; __chk_fail ();
va_start (arg, format); /* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
done = __vsnprintf_chk (s, maxlen, flags, slen, format, arg); can only come from read-only format strings. */
va_end (arg); unsigned int mode = (flag > 0) ? PRINTF_FORTIFY : 0;
va_list ap;
int ret;
return done; va_start (ap, format);
ret = __vsnprintf_internal (s, maxlen, format, ap, mode);
va_end (ap);
return ret;
} }
ldbl_strong_alias (___snprintf_chk, __snprintf_chk) ldbl_strong_alias (___snprintf_chk, __snprintf_chk)

View File

@ -15,22 +15,27 @@
License along with the GNU C Library; if not, see License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <libioP.h>
#include <stdarg.h> #include <stdarg.h>
#include <stdio.h> #include <libio/libioP.h>
/* Write formatted output into S, according to the format string FORMAT. */ /* Write formatted output into S, according to the format string FORMAT. */
/* VARARGS4 */
int int
___sprintf_chk (char *s, int flags, size_t slen, const char *format, ...) ___sprintf_chk (char *s, int flag, size_t slen, const char *format, ...)
{ {
va_list arg; /* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
int done; can only come from read-only format strings. */
unsigned int mode = (flag > 0) ? PRINTF_FORTIFY : 0;
va_list ap;
int ret;
va_start (arg, format); if (slen == 0)
done = __vsprintf_chk (s, flags, slen, format, arg); __chk_fail ();
va_end (arg);
return done; va_start (ap, format);
ret = __vsprintf_internal (s, slen, format, ap, mode);
va_end (ap);
return ret;
} }
ldbl_strong_alias (___sprintf_chk, __sprintf_chk) ldbl_strong_alias (___sprintf_chk, __sprintf_chk)

View File

@ -16,20 +16,27 @@
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <stdarg.h> #include <stdarg.h>
#include <wchar.h> #include <libio/libioP.h>
/* Write formatted output into S, according to the format string FORMAT. */
/* VARARGS5 */ /* Write formatted output into S, according to the format string FORMAT,
writing no more than MAXLEN characters. */
int int
__swprintf_chk (wchar_t *s, size_t n, int flag, size_t s_len, __swprintf_chk (wchar_t *s, size_t maxlen, int flag, size_t slen,
const wchar_t *format, ...) const wchar_t *format, ...)
{ {
va_list arg; if (__glibc_unlikely (slen < maxlen))
int done; __chk_fail ();
va_start (arg, format); /* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
done = __vswprintf_chk (s, n, flag, s_len, format, arg); can only come from read-only format strings. */
va_end (arg); unsigned int mode = (flag > 0) ? PRINTF_FORTIFY : 0;
va_list ap;
int ret;
return done; va_start (ap, format);
ret = __vswprintf_internal (s, maxlen, format, ap, mode);
va_end (ap);
return ret;
} }

View File

@ -24,72 +24,14 @@
This exception applies to code released by its copyright holders This exception applies to code released by its copyright holders
in files containing the exception. */ in files containing the exception. */
#include <malloc.h> #include <libio/libioP.h>
#include <string.h>
#include <stdio.h>
#include <stdio_ext.h>
#include "../libio/libioP.h"
#include "../libio/strfile.h"
int int
__vasprintf_chk (char **result_ptr, int flags, const char *format, __vasprintf_chk (char **result_ptr, int flag, const char *format, va_list ap)
va_list args)
{ {
/* Initial size of the buffer to be used. Will be doubled each time an /* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
overflow occurs. */
const size_t init_string_size = 100;
char *string;
_IO_strfile sf;
int ret;
size_t needed;
size_t allocated;
/* No need to clear the memory here (unlike for open_memstream) since
we know we will never seek on the stream. */
string = (char *) malloc (init_string_size);
if (string == NULL)
return -1;
#ifdef _IO_MTSAFE_IO
sf._sbf._f._lock = NULL;
#endif
_IO_no_init (&sf._sbf._f, _IO_USER_LOCK, -1, NULL, NULL);
_IO_JUMPS (&sf._sbf) = &_IO_str_jumps;
_IO_str_init_static_internal (&sf, string, init_string_size, string);
sf._sbf._f._flags &= ~_IO_USER_BUF;
sf._s._allocate_buffer_unused = (_IO_alloc_type) malloc;
sf._s._free_buffer_unused = (_IO_free_type) free;
/* For flags > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
can only come from read-only format strings. */ can only come from read-only format strings. */
if (flags > 0) unsigned int mode = (flag > 0) ? PRINTF_FORTIFY : 0;
sf._sbf._f._flags2 |= _IO_FLAGS2_FORTIFY;
ret = __vfprintf_internal (&sf._sbf._f, format, args, 0); return __vasprintf_internal (result_ptr, format, ap, mode);
if (ret < 0)
{
free (sf._sbf._f._IO_buf_base);
return ret;
}
/* Only use realloc if the size we need is of the same (binary)
order of magnitude then the memory we allocated. */
needed = sf._sbf._f._IO_write_ptr - sf._sbf._f._IO_write_base + 1;
allocated = sf._sbf._f._IO_write_end - sf._sbf._f._IO_write_base;
if ((allocated >> 1) <= needed)
*result_ptr = (char *) realloc (sf._sbf._f._IO_buf_base, needed);
else
{
*result_ptr = (char *) malloc (needed);
if (*result_ptr != NULL)
{
memcpy (*result_ptr, sf._sbf._f._IO_buf_base, needed - 1);
free (sf._sbf._f._IO_buf_base);
}
else
/* We have no choice, use the buffer we already have. */
*result_ptr = (char *) realloc (sf._sbf._f._IO_buf_base, needed);
}
if (*result_ptr == NULL)
*result_ptr = sf._sbf._f._IO_buf_base;
(*result_ptr)[needed - 1] = '\0';
return ret;
} }
libc_hidden_def (__vasprintf_chk)

View File

@ -24,41 +24,14 @@
This exception applies to code released by its copyright holders This exception applies to code released by its copyright holders
in files containing the exception. */ in files containing the exception. */
#include <libioP.h> #include <libio/libioP.h>
#include <stdio_ext.h>
int int
__vdprintf_chk (int d, int flags, const char *format, va_list arg) __vdprintf_chk (int d, int flag, const char *format, va_list ap)
{ {
struct _IO_FILE_plus tmpfil; /* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
struct _IO_wide_data wd;
int done;
#ifdef _IO_MTSAFE_IO
tmpfil.file._lock = NULL;
#endif
_IO_no_init (&tmpfil.file, _IO_USER_LOCK, 0, &wd, &_IO_wfile_jumps);
_IO_JUMPS (&tmpfil) = &_IO_file_jumps;
_IO_new_file_init_internal (&tmpfil);
if (_IO_file_attach (&tmpfil.file, d) == NULL)
{
_IO_un_link (&tmpfil);
return EOF;
}
tmpfil.file._flags |= _IO_DELETE_DONT_CLOSE;
_IO_mask_flags (&tmpfil.file, _IO_NO_READS,
_IO_NO_READS+_IO_NO_WRITES+_IO_IS_APPENDING);
/* For flags > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
can only come from read-only format strings. */ can only come from read-only format strings. */
if (flags > 0) unsigned int mode = (flag > 0) ? PRINTF_FORTIFY : 0;
tmpfil.file._flags2 |= _IO_FLAGS2_FORTIFY;
done = __vfprintf_internal (&tmpfil.file, format, arg, 0); return __vdprintf_internal (d, format, ap, mode);
_IO_FINISH (&tmpfil.file);
return done;
} }
libc_hidden_def (__vdprintf_chk)

View File

@ -15,28 +15,17 @@
License along with the GNU C Library; if not, see License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <stdarg.h> #include <libio/libioP.h>
#include <stdio.h>
#include "../libio/libioP.h"
/* Write formatted output to FP from the format string FORMAT. */ /* Write formatted output to FP from the format string FORMAT. */
int int
___vfprintf_chk (FILE *fp, int flag, const char *format, va_list ap) ___vfprintf_chk (FILE *fp, int flag, const char *format, va_list ap)
{ {
int done; /* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
can only come from read-only format strings. */
unsigned int mode = (flag > 0) ? PRINTF_FORTIFY : 0;
_IO_acquire_lock_clear_flags2 (fp); return __vfprintf_internal (fp, format, ap, mode);
if (flag > 0)
fp->_flags2 |= _IO_FLAGS2_FORTIFY;
done = vfprintf (fp, format, ap);
if (flag > 0)
fp->_flags2 &= ~_IO_FLAGS2_FORTIFY;
_IO_release_lock (fp);
return done;
} }
ldbl_hidden_def (___vfprintf_chk, __vfprintf_chk)
ldbl_strong_alias (___vfprintf_chk, __vfprintf_chk) ldbl_strong_alias (___vfprintf_chk, __vfprintf_chk)

View File

@ -15,27 +15,16 @@
License along with the GNU C Library; if not, see License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <stdarg.h> #include <libio/libioP.h>
#include <wchar.h>
#include "../libio/libioP.h"
/* Write formatted output to FP from the format string FORMAT. */ /* Write formatted output to FP from the format string FORMAT. */
int int
__vfwprintf_chk (FILE *fp, int flag, const wchar_t *format, va_list ap) __vfwprintf_chk (FILE *fp, int flag, const wchar_t *format, va_list ap)
{ {
int done; /* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
can only come from read-only format strings. */
unsigned int mode = (flag > 0) ? PRINTF_FORTIFY : 0;
_IO_acquire_lock_clear_flags2 (fp); return __vfwprintf_internal (fp, format, ap, mode);
if (flag > 0)
fp->_flags2 |= _IO_FLAGS2_FORTIFY;
done = __vfwprintf_internal (fp, format, ap, 0);
if (flag > 0)
fp->_flags2 &= ~_IO_FLAGS2_FORTIFY;
_IO_release_lock (fp);
return done;
} }
libc_hidden_def (__vfwprintf_chk)

31
debug/vobprintf_chk.c Normal file
View File

@ -0,0 +1,31 @@
/* Print output of stream to given obstack.
Copyright (C) 2018 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
#include <libio/libioP.h>
int
__obstack_vprintf_chk (struct obstack *obstack, int flag, const char *format,
va_list ap)
{
/* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
can only come from read-only format strings. */
unsigned int mode = (flag > 0) ? PRINTF_FORTIFY : 0;
return __obstack_vprintf_internal (obstack, format, ap, mode);
}

View File

@ -15,27 +15,17 @@
License along with the GNU C Library; if not, see License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <stdarg.h> #include <libio/libioP.h>
#include <stdio.h>
#include "../libio/libioP.h"
/* Write formatted output to stdout from the format string FORMAT. */ /* Write formatted output to stdout from the format string FORMAT. */
int int
___vprintf_chk (int flag, const char *format, va_list ap) ___vprintf_chk (int flag, const char *format, va_list ap)
{ {
int done; /* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
can only come from read-only format strings. */
unsigned int mode = (flag > 0) ? PRINTF_FORTIFY : 0;
_IO_acquire_lock_clear_flags2 (stdout); return __vfprintf_internal (stdout, format, ap, mode);
if (flag > 0)
stdout->_flags2 |= _IO_FLAGS2_FORTIFY;
done = vfprintf (stdout, format, ap);
if (flag > 0)
stdout->_flags2 &= ~_IO_FLAGS2_FORTIFY;
_IO_release_lock (stdout);
return done;
} }
ldbl_strong_alias (___vprintf_chk, __vprintf_chk) ldbl_strong_alias (___vprintf_chk, __vprintf_chk)

View File

@ -15,56 +15,22 @@
License along with the GNU C Library; if not, see License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <stdarg.h> #include <libio/libioP.h>
#include <stdio.h>
#include "../libio/libioP.h"
#include "../libio/strfile.h"
extern const struct _IO_jump_t _IO_strn_jumps libio_vtable attribute_hidden;
/* Write formatted output into S, according to the format /* Write formatted output into S, according to the format
string FORMAT, writing no more than MAXLEN characters. */ string FORMAT, writing no more than MAXLEN characters. */
/* VARARGS5 */
int int
___vsnprintf_chk (char *s, size_t maxlen, int flags, size_t slen, ___vsnprintf_chk (char *s, size_t maxlen, int flag, size_t slen,
const char *format, va_list args) const char *format, va_list ap)
{ {
/* XXX Maybe for less strict version do not fail immediately.
Though, maxlen is supposed to be the size of buffer pointed
to by s, so a conforming program can't pass such maxlen
to *snprintf. */
if (__glibc_unlikely (slen < maxlen)) if (__glibc_unlikely (slen < maxlen))
__chk_fail (); __chk_fail ();
_IO_strnfile sf; /* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
int ret;
#ifdef _IO_MTSAFE_IO
sf.f._sbf._f._lock = NULL;
#endif
/* We need to handle the special case where MAXLEN is 0. Use the
overflow buffer right from the start. */
if (maxlen == 0)
{
s = sf.overflow_buf;
maxlen = sizeof (sf.overflow_buf);
}
_IO_no_init (&sf.f._sbf._f, _IO_USER_LOCK, -1, NULL, NULL);
_IO_JUMPS (&sf.f._sbf) = &_IO_strn_jumps;
s[0] = '\0';
/* For flags > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
can only come from read-only format strings. */ can only come from read-only format strings. */
if (flags > 0) unsigned int mode = (flag > 0) ? PRINTF_FORTIFY : 0;
sf.f._sbf._f._flags2 |= _IO_FLAGS2_FORTIFY;
_IO_str_init_static_internal (&sf.f, s, maxlen - 1, s); return __vsnprintf_internal (s, maxlen, format, ap, mode);
ret = __vfprintf_internal (&sf.f._sbf._f, format, args, 0);
if (sf.f._sbf._f._IO_buf_base != sf.overflow_buf)
*sf.f._sbf._f._IO_write_ptr = '\0';
return ret;
} }
ldbl_hidden_def (___vsnprintf_chk, __vsnprintf_chk)
ldbl_strong_alias (___vsnprintf_chk, __vsnprintf_chk) ldbl_strong_alias (___vsnprintf_chk, __vsnprintf_chk)

View File

@ -15,75 +15,20 @@
License along with the GNU C Library; if not, see License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <stdarg.h> #include <libio/libioP.h>
#include <stdio.h>
#include "../libio/libioP.h"
#include "../libio/strfile.h"
static int _IO_str_chk_overflow (FILE *fp, int c) __THROW;
static int
_IO_str_chk_overflow (FILE *fp, int c)
{
/* When we come to here this means the user supplied buffer is
filled. */
__chk_fail ();
}
static const struct _IO_jump_t _IO_str_chk_jumps libio_vtable =
{
JUMP_INIT_DUMMY,
JUMP_INIT(finish, _IO_str_finish),
JUMP_INIT(overflow, _IO_str_chk_overflow),
JUMP_INIT(underflow, _IO_str_underflow),
JUMP_INIT(uflow, _IO_default_uflow),
JUMP_INIT(pbackfail, _IO_str_pbackfail),
JUMP_INIT(xsputn, _IO_default_xsputn),
JUMP_INIT(xsgetn, _IO_default_xsgetn),
JUMP_INIT(seekoff, _IO_str_seekoff),
JUMP_INIT(seekpos, _IO_default_seekpos),
JUMP_INIT(setbuf, _IO_default_setbuf),
JUMP_INIT(sync, _IO_default_sync),
JUMP_INIT(doallocate, _IO_default_doallocate),
JUMP_INIT(read, _IO_default_read),
JUMP_INIT(write, _IO_default_write),
JUMP_INIT(seek, _IO_default_seek),
JUMP_INIT(close, _IO_default_close),
JUMP_INIT(stat, _IO_default_stat),
JUMP_INIT(showmanyc, _IO_default_showmanyc),
JUMP_INIT(imbue, _IO_default_imbue)
};
int int
___vsprintf_chk (char *s, int flags, size_t slen, const char *format, ___vsprintf_chk (char *s, int flag, size_t slen, const char *format,
va_list args) va_list ap)
{ {
_IO_strfile f; /* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
int ret; can only come from read-only format strings. */
#ifdef _IO_MTSAFE_IO unsigned int mode = (flag > 0) ? PRINTF_FORTIFY : 0;
f._sbf._f._lock = NULL;
#endif
if (slen == 0) if (slen == 0)
__chk_fail (); __chk_fail ();
_IO_no_init (&f._sbf._f, _IO_USER_LOCK, -1, NULL, NULL); return __vsprintf_internal (s, slen, format, ap, mode);
_IO_JUMPS (&f._sbf) = &_IO_str_chk_jumps;
s[0] = '\0';
_IO_str_init_static_internal (&f, s, slen - 1, s);
/* For flags > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
can only come from read-only format strings. */
if (flags > 0)
f._sbf._f._flags2 |= _IO_FLAGS2_FORTIFY;
ret = __vfprintf_internal (&f._sbf._f, format, args, 0);
*f._sbf._f._IO_write_ptr = '\0';
return ret;
} }
ldbl_hidden_def (___vsprintf_chk, __vsprintf_chk) ldbl_hidden_def (___vsprintf_chk, __vsprintf_chk)
ldbl_strong_alias (___vsprintf_chk, __vsprintf_chk) ldbl_strong_alias (___vsprintf_chk, __vsprintf_chk)

View File

@ -15,60 +15,21 @@
License along with the GNU C Library; if not, see License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <stdarg.h> #include <libio/libioP.h>
#include <wchar.h>
#include "../libio/libioP.h"
#include "../libio/strfile.h"
/* Write formatted output into S, according to the format /* Write formatted output into S, according to the format
string FORMAT, writing no more than MAXLEN characters. */ string FORMAT, writing no more than MAXLEN characters. */
/* VARARGS5 */
int int
__vswprintf_chk (wchar_t *s, size_t maxlen, int flags, size_t slen, __vswprintf_chk (wchar_t *s, size_t maxlen, int flag, size_t slen,
const wchar_t *format, va_list args) const wchar_t *format, va_list ap)
{ {
/* XXX Maybe for less strict version do not fail immediately.
Though, maxlen is supposed to be the size of buffer pointed
to by s, so a conforming program can't pass such maxlen
to *snprintf. */
if (__glibc_unlikely (slen < maxlen)) if (__glibc_unlikely (slen < maxlen))
__chk_fail (); __chk_fail ();
_IO_wstrnfile sf; /* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
struct _IO_wide_data wd;
int ret;
#ifdef _IO_MTSAFE_IO
sf.f._sbf._f._lock = NULL;
#endif
/* We need to handle the special case where MAXLEN is 0. Use the
overflow buffer right from the start. */
if (__glibc_unlikely (maxlen == 0))
/* Since we have to write at least the terminating L'\0' a buffer
length of zero always makes the function fail. */
return -1;
_IO_no_init (&sf.f._sbf._f, _IO_USER_LOCK, 0, &wd, &_IO_wstrn_jumps);
_IO_fwide (&sf.f._sbf._f, 1);
s[0] = L'\0';
/* For flags > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
can only come from read-only format strings. */ can only come from read-only format strings. */
if (flags > 0) unsigned int mode = (flag > 0) ? PRINTF_FORTIFY : 0;
sf.f._sbf._f._flags2 |= _IO_FLAGS2_FORTIFY;
_IO_wstr_init_static (&sf.f._sbf._f, s, maxlen - 1, s); return __vswprintf_internal (s, maxlen, format, ap, mode);
ret = __vfwprintf_internal ((FILE *) &sf.f._sbf, format, args, 0);
if (sf.f._sbf._f._wide_data->_IO_buf_base == sf.overflow_buf)
/* ISO C99 requires swprintf/vswprintf to return an error if the
output does not fit int he provided buffer. */
return -1;
/* Terminate the string. */
*sf.f._sbf._f._wide_data->_IO_write_ptr = '\0';
return ret;
} }
libc_hidden_def (__vswprintf_chk)

View File

@ -15,27 +15,16 @@
License along with the GNU C Library; if not, see License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <stdarg.h> #include <libio/libioP.h>
#include <stdio.h>
#include <wchar.h>
#include "../libio/libioP.h"
/* Write formatted output to stdout from the format string FORMAT. */ /* Write formatted output to stdout from the format string FORMAT. */
int int
__vwprintf_chk (int flag, const wchar_t *format, va_list ap) __vwprintf_chk (int flag, const wchar_t *format, va_list ap)
{ {
int done; /* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
can only come from read-only format strings. */
unsigned int mode = (flag > 0) ? PRINTF_FORTIFY : 0;
_IO_acquire_lock_clear_flags2 (stdout); return __vfwprintf_internal (stdout, format, ap, mode);
if (flag > 0)
stdout->_flags2 |= _IO_FLAGS2_FORTIFY;
done = __vfwprintf_internal (stdout, format, ap, 0);
if (flag > 0)
stdout->_flags2 &= ~_IO_FLAGS2_FORTIFY;
_IO_release_lock (stdout);
return done;
} }

View File

@ -16,29 +16,22 @@
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <stdarg.h> #include <stdarg.h>
#include <stdio.h> #include <libio/libioP.h>
#include <wchar.h>
#include "../libio/libioP.h"
/* Write formatted output to stdout from the format string FORMAT. */ /* Write formatted output to stdout from the format string FORMAT. */
int int
__wprintf_chk (int flag, const wchar_t *format, ...) __wprintf_chk (int flag, const wchar_t *format, ...)
{ {
/* For flag > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
can only come from read-only format strings. */
unsigned int mode = (flag > 0) ? PRINTF_FORTIFY : 0;
va_list ap; va_list ap;
int done; int ret;
_IO_acquire_lock_clear_flags2 (stdout);
if (flag > 0)
stdout->_flags2 |= _IO_FLAGS2_FORTIFY;
va_start (ap, format); va_start (ap, format);
done = __vfwprintf_internal (stdout, format, ap, 0); ret = __vfwprintf_internal (stdout, format, ap, mode);
va_end (ap); va_end (ap);
if (flag > 0) return ret;
stdout->_flags2 &= ~_IO_FLAGS2_FORTIFY;
_IO_release_lock (stdout);
return done;
} }

View File

@ -216,11 +216,6 @@ libc_hidden_proto (__open_memstream)
libc_hidden_proto (__libc_fatal) libc_hidden_proto (__libc_fatal)
rtld_hidden_proto (__libc_fatal) rtld_hidden_proto (__libc_fatal)
libc_hidden_proto (__vsprintf_chk) libc_hidden_proto (__vsprintf_chk)
libc_hidden_proto (__vsnprintf_chk)
libc_hidden_proto (__vfprintf_chk)
libc_hidden_proto (__vasprintf_chk)
libc_hidden_proto (__vdprintf_chk)
libc_hidden_proto (__obstack_vprintf_chk)
extern FILE * __fmemopen (void *buf, size_t len, const char *mode); extern FILE * __fmemopen (void *buf, size_t len, const char *mode);
libc_hidden_proto (__fmemopen) libc_hidden_proto (__fmemopen)

View File

@ -216,8 +216,6 @@ extern int __vswprintf_chk (wchar_t *__restrict __s, size_t __n,
const wchar_t *__restrict __format, const wchar_t *__restrict __format,
__gnuc_va_list __arg) __gnuc_va_list __arg)
/* __attribute__ ((__format__ (__wprintf__, 5, 0))) */; /* __attribute__ ((__format__ (__wprintf__, 5, 0))) */;
libc_hidden_proto (__vfwprintf_chk)
libc_hidden_proto (__vswprintf_chk)
extern int __isoc99_fwscanf (__FILE *__restrict __stream, extern int __isoc99_fwscanf (__FILE *__restrict __stream,
const wchar_t *__restrict __format, ...); const wchar_t *__restrict __format, ...);

View File

@ -27,8 +27,47 @@
#include "libioP.h" #include "libioP.h"
#include "strfile.h" #include "strfile.h"
static int __THROW
_IO_str_chk_overflow (FILE *fp, int c)
{
/* If we get here, the user-supplied buffer would be overrun by
further output. */
__chk_fail ();
}
static const struct _IO_jump_t _IO_str_chk_jumps libio_vtable =
{
JUMP_INIT_DUMMY,
JUMP_INIT(finish, _IO_str_finish),
JUMP_INIT(overflow, _IO_str_chk_overflow),
JUMP_INIT(underflow, _IO_str_underflow),
JUMP_INIT(uflow, _IO_default_uflow),
JUMP_INIT(pbackfail, _IO_str_pbackfail),
JUMP_INIT(xsputn, _IO_default_xsputn),
JUMP_INIT(xsgetn, _IO_default_xsgetn),
JUMP_INIT(seekoff, _IO_str_seekoff),
JUMP_INIT(seekpos, _IO_default_seekpos),
JUMP_INIT(setbuf, _IO_default_setbuf),
JUMP_INIT(sync, _IO_default_sync),
JUMP_INIT(doallocate, _IO_default_doallocate),
JUMP_INIT(read, _IO_default_read),
JUMP_INIT(write, _IO_default_write),
JUMP_INIT(seek, _IO_default_seek),
JUMP_INIT(close, _IO_default_close),
JUMP_INIT(stat, _IO_default_stat),
JUMP_INIT(showmanyc, _IO_default_showmanyc),
JUMP_INIT(imbue, _IO_default_imbue)
};
/* This function is called by regular vsprintf with maxlen set to -1,
and by vsprintf_chk with maxlen set to the size of the output
string. In the former case, _IO_str_chk_overflow will never be
called; in the latter case it will crash the program if the buffer
overflows. */
int int
__vsprintf_internal (char *string, const char *format, va_list args, __vsprintf_internal (char *string, size_t maxlen,
const char *format, va_list args,
unsigned int mode_flags) unsigned int mode_flags)
{ {
_IO_strfile sf; _IO_strfile sf;
@ -38,17 +77,22 @@ __vsprintf_internal (char *string, const char *format, va_list args,
sf._sbf._f._lock = NULL; sf._sbf._f._lock = NULL;
#endif #endif
_IO_no_init (&sf._sbf._f, _IO_USER_LOCK, -1, NULL, NULL); _IO_no_init (&sf._sbf._f, _IO_USER_LOCK, -1, NULL, NULL);
_IO_JUMPS (&sf._sbf) = &_IO_str_jumps; _IO_JUMPS (&sf._sbf) = &_IO_str_chk_jumps;
_IO_str_init_static_internal (&sf, string, -1, string); string[0] = '\0';
_IO_str_init_static_internal (&sf, string,
(maxlen == -1) ? -1 : maxlen - 1,
string);
ret = __vfprintf_internal (&sf._sbf._f, format, args, mode_flags); ret = __vfprintf_internal (&sf._sbf._f, format, args, mode_flags);
_IO_putc_unlocked ('\0', &sf._sbf._f);
*sf._sbf._f._IO_write_ptr = '\0';
return ret; return ret;
} }
int int
__vsprintf (char *string, const char *format, va_list args) __vsprintf (char *string, const char *format, va_list args)
{ {
return __vsprintf_internal (string, format, args, 0); return __vsprintf_internal (string, -1, format, args, 0);
} }
ldbl_strong_alias (__vsprintf, _IO_vsprintf) ldbl_strong_alias (__vsprintf, _IO_vsprintf)

View File

@ -90,7 +90,6 @@ typedef union
/* Bits for the _flags2 field. */ /* Bits for the _flags2 field. */
#define _IO_FLAGS2_MMAP 1 #define _IO_FLAGS2_MMAP 1
#define _IO_FLAGS2_NOTCANCEL 2 #define _IO_FLAGS2_NOTCANCEL 2
#define _IO_FLAGS2_FORTIFY 4
#define _IO_FLAGS2_USER_WBUF 8 #define _IO_FLAGS2_USER_WBUF 8
#define _IO_FLAGS2_NOCLOSE 32 #define _IO_FLAGS2_NOCLOSE 32
#define _IO_FLAGS2_CLOEXEC 64 #define _IO_FLAGS2_CLOEXEC 64

View File

@ -677,9 +677,16 @@ extern int __obstack_vprintf_internal (struct obstack *ob, const char *fmt,
va_list ap, unsigned int mode_flags) va_list ap, unsigned int mode_flags)
attribute_hidden; attribute_hidden;
extern int __vsprintf_internal (char *string, const char *format, va_list ap, /* Note: __vsprintf_internal, unlike vsprintf, does take a maxlen argument,
because it's called by both vsprintf and vsprintf_chk. If maxlen is
not set to -1, overrunning the buffer will cause a prompt crash.
This is the behavior of ordinary (v)sprintf functions, thus they call
__vsprintf_internal with that argument set to -1. */
extern int __vsprintf_internal (char *string, size_t maxlen,
const char *format, va_list ap,
unsigned int mode_flags) unsigned int mode_flags)
attribute_hidden; attribute_hidden;
extern int __vsnprintf_internal (char *string, size_t maxlen, extern int __vsnprintf_internal (char *string, size_t maxlen,
const char *format, va_list ap, const char *format, va_list ap,
unsigned int mode_flags) unsigned int mode_flags)
@ -818,26 +825,10 @@ _IO_acquire_lock_fct (FILE **p)
_IO_funlockfile (fp); _IO_funlockfile (fp);
} }
static inline void
__attribute__ ((__always_inline__))
_IO_acquire_lock_clear_flags2_fct (FILE **p)
{
FILE *fp = *p;
fp->_flags2 &= ~(_IO_FLAGS2_FORTIFY);
if ((fp->_flags & _IO_USER_LOCK) == 0)
_IO_funlockfile (fp);
}
#if !defined _IO_MTSAFE_IO && IS_IN (libc) #if !defined _IO_MTSAFE_IO && IS_IN (libc)
# define _IO_acquire_lock(_fp) \ # define _IO_acquire_lock(_fp) \
do { \ do {
FILE *_IO_acquire_lock_file = NULL
# define _IO_acquire_lock_clear_flags2(_fp) \
do { \
FILE *_IO_acquire_lock_file = (_fp)
# define _IO_release_lock(_fp) \ # define _IO_release_lock(_fp) \
if (_IO_acquire_lock_file != NULL) \
_IO_acquire_lock_file->_flags2 &= ~(_IO_FLAGS2_FORTIFY); \
} while (0) } while (0)
#endif #endif

View File

@ -64,7 +64,7 @@ tests := tstscanf test_rdwr test-popen tstgetln test-fseek \
tst-vfprintf-user-type \ tst-vfprintf-user-type \
tst-vfprintf-mbs-prec \ tst-vfprintf-mbs-prec \
tst-scanf-round \ tst-scanf-round \
tst-renameat2 \ tst-renameat2 tst-bz11319 tst-bz11319-fortify2 \
test-srcs = tst-unbputc tst-printf tst-printfsz-islongdouble test-srcs = tst-unbputc tst-printf tst-printfsz-islongdouble
@ -164,6 +164,10 @@ CFLAGS-test_rdwr.c += -DOBJPFX=\"$(objpfx)\"
# tst-gets.c tests a deprecated function. # tst-gets.c tests a deprecated function.
CFLAGS-tst-gets.c += -Wno-deprecated-declarations CFLAGS-tst-gets.c += -Wno-deprecated-declarations
# BZ #11319 was first fixed for regular vdprintf, then reopened because
# the fortified version had the same bug.
CFLAGS-tst-bz11319-fortify2.c += -D_FORTIFY_SOURCE=2
CPPFLAGS += $(libio-mtsafe) CPPFLAGS += $(libio-mtsafe)
$(objpfx)tst-setvbuf1.out: /dev/null $(objpfx)tst-setvbuf1 $(objpfx)tst-setvbuf1.out: /dev/null $(objpfx)tst-setvbuf1

View File

@ -27,7 +27,7 @@ __sprintf (char *s, const char *format, ...)
int done; int done;
va_start (arg, format); va_start (arg, format);
done = __vsprintf_internal (s, format, arg, 0); done = __vsprintf_internal (s, -1, format, arg, 0);
va_end (arg); va_end (arg);
return done; return done;

View File

@ -0,0 +1 @@
#include <tst-bz11319.c>

View File

@ -0,0 +1,49 @@
/* Regression test for bug 11319.
Copyright (C) 2018 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
#define _GNU_SOURCE 1
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <support/check.h>
#include <support/temp_file.h>
#include <support/xunistd.h>
static int
do_test (void)
{
char *tempfile;
int fd;
/* Create a temporary file and open it in read-only mode. */
TEST_VERIFY_EXIT (create_temp_file ("tst-bz11319", &tempfile));
fd = xopen (tempfile, O_RDONLY, 0660);
/* Try and write to the temporary file to intentionally fail, then
check that dprintf (or __dprintf_chk) return EOF. */
TEST_COMPARE (dprintf (fd, "%d", 0), EOF);
xclose (fd);
free (tempfile);
return 0;
}
#include <support/test-driver.c>

View File

@ -1283,8 +1283,6 @@ vfprintf (FILE *s, const CHAR_T *format, va_list ap, unsigned int mode_flags)
/* Temporarily honor environmental settings. */ /* Temporarily honor environmental settings. */
if (__ldbl_is_dbl) if (__ldbl_is_dbl)
mode_flags |= PRINTF_LDBL_IS_DBL; mode_flags |= PRINTF_LDBL_IS_DBL;
if (s->_flags2 & _IO_FLAGS2_FORTIFY)
mode_flags |= PRINTF_FORTIFY;
/* Orient the stream. */ /* Orient the stream. */
#ifdef ORIENT #ifdef ORIENT

View File

@ -54,15 +54,8 @@ __libc_lock_define_recursive (typedef, _IO_lock_t)
__attribute__((cleanup (_IO_acquire_lock_fct))) \ __attribute__((cleanup (_IO_acquire_lock_fct))) \
= (_fp); \ = (_fp); \
_IO_flockfile (_IO_acquire_lock_file); _IO_flockfile (_IO_acquire_lock_file);
# define _IO_acquire_lock_clear_flags2(_fp) \
do { \
FILE *_IO_acquire_lock_file \
__attribute__((cleanup (_IO_acquire_lock_clear_flags2_fct))) \
= (_fp); \
_IO_flockfile (_IO_acquire_lock_file);
# else # else
# define _IO_acquire_lock(_fp) _IO_acquire_lock_needs_exceptions_enabled # define _IO_acquire_lock(_fp) _IO_acquire_lock_needs_exceptions_enabled
# define _IO_acquire_lock_clear_flags2(_fp) _IO_acquire_lock (_fp)
# endif # endif
# define _IO_release_lock(_fp) ; } while (0) # define _IO_release_lock(_fp) ; } while (0)

View File

@ -179,7 +179,7 @@ __nldbl___vsprintf (char *string, const char *fmt, va_list ap)
{ {
int done; int done;
__no_long_double = 1; __no_long_double = 1;
done = __vsprintf_internal (string, fmt, ap, 0); done = __vsprintf_internal (string, -1, fmt, ap, 0);
__no_long_double = 0; __no_long_double = 0;
return done; return done;
} }
@ -579,7 +579,7 @@ __nldbl___vfprintf_chk (FILE *s, int flag, const char *fmt, va_list ap)
{ {
int res; int res;
set_no_long_double (); set_no_long_double ();
res = __vfprintf_chk (s, flag, fmt, ap); res = __vfprintf_internal (s, fmt, ap, (flag > 0) ? PRINTF_FORTIFY : 0);
clear_no_long_double (); clear_no_long_double ();
return res; return res;
} }
@ -591,7 +591,7 @@ __nldbl___vfwprintf_chk (FILE *s, int flag, const wchar_t *fmt, va_list ap)
{ {
int res; int res;
set_no_long_double (); set_no_long_double ();
res = __vfwprintf_chk (s, flag, fmt, ap); res = __vfwprintf_internal (s, fmt, ap, (flag > 0) ? PRINTF_FORTIFY : 0);
clear_no_long_double (); clear_no_long_double ();
return res; return res;
} }
@ -609,9 +609,13 @@ attribute_compat_text_section
__nldbl___vsnprintf_chk (char *string, size_t maxlen, int flag, size_t slen, __nldbl___vsnprintf_chk (char *string, size_t maxlen, int flag, size_t slen,
const char *fmt, va_list ap) const char *fmt, va_list ap)
{ {
if (__glibc_unlikely (slen < maxlen))
__chk_fail ();
int res; int res;
__no_long_double = 1; __no_long_double = 1;
res = __vsnprintf_chk (string, maxlen, flag, slen, fmt, ap); res = __vsnprintf_internal (string, maxlen, fmt, ap,
(flag > 0) ? PRINTF_FORTIFY : 0);
__no_long_double = 0; __no_long_double = 0;
return res; return res;
} }
@ -622,9 +626,13 @@ attribute_compat_text_section
__nldbl___vsprintf_chk (char *string, int flag, size_t slen, const char *fmt, __nldbl___vsprintf_chk (char *string, int flag, size_t slen, const char *fmt,
va_list ap) va_list ap)
{ {
if (slen == 0)
__chk_fail ();
int res; int res;
__no_long_double = 1; __no_long_double = 1;
res = __vsprintf_chk (string, flag, slen, fmt, ap); res = __vsprintf_internal (string, slen, fmt, ap,
(flag > 0) ? PRINTF_FORTIFY : 0);
__no_long_double = 0; __no_long_double = 0;
return res; return res;
} }
@ -635,9 +643,13 @@ attribute_compat_text_section
__nldbl___vswprintf_chk (wchar_t *string, size_t maxlen, int flag, size_t slen, __nldbl___vswprintf_chk (wchar_t *string, size_t maxlen, int flag, size_t slen,
const wchar_t *fmt, va_list ap) const wchar_t *fmt, va_list ap)
{ {
if (__glibc_unlikely (slen < maxlen))
__chk_fail ();
int res; int res;
__no_long_double = 1; __no_long_double = 1;
res = __vswprintf_chk (string, maxlen, flag, slen, fmt, ap); res = __vswprintf_internal (string, maxlen, fmt, ap,
(flag > 0) ? PRINTF_FORTIFY : 0);
__no_long_double = 0; __no_long_double = 0;
return res; return res;
} }
@ -670,7 +682,8 @@ __nldbl___vasprintf_chk (char **ptr, int flag, const char *fmt, va_list arg)
{ {
int res; int res;
__no_long_double = 1; __no_long_double = 1;
res = __vasprintf_chk (ptr, flag, fmt, arg); res = __vasprintf_internal (ptr, fmt, arg,
(flag > 0) ? PRINTF_FORTIFY : 0);
__no_long_double = 0; __no_long_double = 0;
return res; return res;
} }
@ -696,7 +709,7 @@ __nldbl___vdprintf_chk (int d, int flag, const char *fmt, va_list arg)
{ {
int res; int res;
set_no_long_double (); set_no_long_double ();
res = __vdprintf_chk (d, flag, fmt, arg); res = __vdprintf_internal (d, fmt, arg, (flag > 0) ? PRINTF_FORTIFY : 0);
clear_no_long_double (); clear_no_long_double ();
return res; return res;
} }
@ -723,7 +736,8 @@ __nldbl___obstack_vprintf_chk (struct obstack *obstack, int flag,
{ {
int res; int res;
__no_long_double = 1; __no_long_double = 1;
res = __obstack_vprintf_chk (obstack, flag, fmt, arg); res = __obstack_vprintf_internal (obstack, fmt, arg,
(flag > 0) ? PRINTF_FORTIFY : 0);
__no_long_double = 0; __no_long_double = 0;
return res; return res;
} }

View File

@ -94,15 +94,8 @@ typedef struct { int lock; int cnt; void *owner; } _IO_lock_t;
__attribute__((cleanup (_IO_acquire_lock_fct))) \ __attribute__((cleanup (_IO_acquire_lock_fct))) \
= (_fp); \ = (_fp); \
_IO_flockfile (_IO_acquire_lock_file); _IO_flockfile (_IO_acquire_lock_file);
# define _IO_acquire_lock_clear_flags2(_fp) \
do { \
FILE *_IO_acquire_lock_file \
__attribute__((cleanup (_IO_acquire_lock_clear_flags2_fct))) \
= (_fp); \
_IO_flockfile (_IO_acquire_lock_file);
# else # else
# define _IO_acquire_lock(_fp) _IO_acquire_lock_needs_exceptions_enabled # define _IO_acquire_lock(_fp) _IO_acquire_lock_needs_exceptions_enabled
# define _IO_acquire_lock_clear_flags2(_fp) _IO_acquire_lock (_fp)
# endif # endif
# define _IO_release_lock(_fp) ; } while (0) # define _IO_release_lock(_fp) ; } while (0)