From patchwork Mon Aug 10 03:45:22 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Pluzhnikov X-Patchwork-Id: 505508 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 69FC6140134 for ; Mon, 10 Aug 2015 13:46:02 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.b=UJZb5AJT; dkim-atps=neutral DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; q=dns; s=default; b=RBZGeWz nlQbBfVsXmIluap9EsLXy1CFhuHgPp4yIhpjGbLGl1ieZ29x2ntiscMPBjOpxZiO 29dyu5u2riAhfSa8NcTVIkHfGiuNWY5cQtACQv9+8jX1pTHr2KyzlDpHPzIPP0WW TiL7ZJax3uarRfF6HkVnuHc5oy+M6SlcU/r4= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; s=default; bh=bBek+gzmGp8PO mjqh5GK5aor6Es=; b=UJZb5AJToxp97/AgjKY7d4xdAcDyHhSdkI62CkL4ObWvR mp4GY/3EPHhdrYCQqh/zFlRRdBz/W84YR3gom+Kbg7SbfVz+r08K6Hhx7mX7YP3O J+LP8vLV3a7/gdkz7hjZv1rtVS8bui5R3HtBf85yCa0UzxJ8RbTASK6RBmXKFM= Received: (qmail 21866 invoked by alias); 10 Aug 2015 03:45:56 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 21853 invoked by uid 89); 10 Aug 2015 03:45:56 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.3 required=5.0 tests=AWL, BAYES_00, FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RP_MATCHES_RCVD, SPF_PASS autolearn=ham version=3.3.2 X-HELO: mail-vk0-f51.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:content-type; bh=xYozQAkDlfBSPh34qzpuLjTruA2A+a5g/yN1C3wHhwM=; b=KinH2h+XDem6FLXCILfNYTPVm4N4sb1QfOioViOf0odo/ogL1UANT3Bmy0jdFcEdqj fAZQn39OPMsIg7h4ycEVsLWAEdbmmisw2RwIWncEiQ1r14fTILIzyegwxGFwHcrGb8r0 i9utvBGOJZ0oX4uh4PDp3T0OkRFt19UC2+ZpDNT/NvJJng7Q1/Fmtuy8zOtjmhRwkiZH hoLYA0dGX7Zcg48WrskOm/T3HtgY/U/E+cXZXB+h9YzQsbZKGKFIAbI3QjRS7B8kfk54 HSaxITTUkPTNcg95sdZPsDUQ8/mBtQon+rPMwuo+04+Ga10IghWtbX/qAVF/sO9yn8oA bCqw== X-Gm-Message-State: ALoCoQmtExEE+kaSxpolEiBjSjN11wH9GD256XTcQ+4r5KTyo963Wezc8va8hAFnnkkVx4UtFKcC X-Received: by 10.52.112.67 with SMTP id io3mr21874447vdb.58.1439178351814; Sun, 09 Aug 2015 20:45:51 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <20150810023644.GD23550@vapier> References: <20150810023644.GD23550@vapier> From: Paul Pluzhnikov Date: Sun, 9 Aug 2015 20:45:22 -0700 Message-ID: Subject: Re: Fix BZ #18757 (fmemopen doesn't fail with invalid modes) To: Paul Pluzhnikov , GLIBC Devel , Paul Pluzhnikov On Sun, Aug 9, 2015 at 7:36 PM, Mike Frysinger wrote: > On 09 Aug 2015 15:28, Paul Pluzhnikov wrote: >> +/* Check valid open mode. Only "(r|w|a)\+?" are valid. */ > > this is not what the documentation states: AFAICT, only "r", "w", "w+" and "a" are really used by __fmemopen, but I overlooked the _IO_fopencookie part. > https://www.gnu.org/software/libc/manual/html_node/String-Streams.html > "The argument opentype is the same as in fopen" > https://www.gnu.org/software/libc/manual/html_node/Opening-Streams.html > there are various GNU extensions here, and the standard 'b' flag Handling of 'b' in fmemopen has been removed: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=fdb7d390dd0d96e4a8239c46f3aa64598b90842b I also filed https://bugzilla.kernel.org/show_bug.cgi?id=102551 to update man7.org description ... > so the only thing we should check is whether the first byte is [rwa]. and it > seems to me that _IO_fopencookie (which fmemopen tails into) already does just > that for us. Oh, I see. The bug is that _IO_fopencookie doesn't set errno. In addition, if _IO_fopencookie fails, we leak memory. Revised patch attached. 2015-08-09 Paul Pluzhnikov [BZ #18757] * libio/fmemopen.c (__fmemopen): Set EINVAL and don't leak memory. * libio/oldfmemopen.c (__old_fmemopen): Likewise. * libio/test-fmemopen.c (do_bz18757): New test. diff --git a/libio/fmemopen.c b/libio/fmemopen.c index 3ab3e8d..1addfac 100644 --- a/libio/fmemopen.c +++ b/libio/fmemopen.c @@ -149,6 +149,7 @@ __fmemopen (void *buf, size_t len, const char *mode) { cookie_io_functions_t iof; fmemopen_cookie_t *c; + FILE *ret; c = (fmemopen_cookie_t *) calloc (sizeof (fmemopen_cookie_t), 1); if (c == NULL) @@ -209,7 +210,16 @@ __fmemopen (void *buf, size_t len, const char *mode) iof.seek = fmemopen_seek; iof.close = fmemopen_close; - return _IO_fopencookie (c, mode, iof); + ret = _IO_fopencookie (c, mode, iof); + + if (__glibc_unlikely (ret == NULL)) + { + /* BZ #18757 -- set EINVAL */ + __set_errno (EINVAL); + free (c); + } + + return ret; } libc_hidden_def (__fmemopen) versioned_symbol (libc, __fmemopen, fmemopen, GLIBC_2_22); diff --git a/libio/oldfmemopen.c b/libio/oldfmemopen.c index 8e35672..40432d1 100644 --- a/libio/oldfmemopen.c +++ b/libio/oldfmemopen.c @@ -204,6 +204,7 @@ __old_fmemopen (void *buf, size_t len, const char *mode) { cookie_io_functions_t iof; fmemopen_cookie_t *c; + FILE *ret; if (__glibc_unlikely (len == 0)) { @@ -259,7 +260,15 @@ __old_fmemopen (void *buf, size_t len, const char *mode) iof.seek = fmemopen_seek; iof.close = fmemopen_close; - return _IO_fopencookie (c, mode, iof); + ret = _IO_fopencookie (c, mode, iof); + if (__glibc_unlikely (ret == NULL)) + { + /* BZ 18757 -- set EINVAL */ + __set_errno (EINVAL); + free (c); + } + + return ret; } compat_symbol (libc, __old_fmemopen, fmemopen, GLIBC_2_2); #endif diff --git a/libio/test-fmemopen.c b/libio/test-fmemopen.c index 63ca89f..4d15b36 100644 --- a/libio/test-fmemopen.c +++ b/libio/test-fmemopen.c @@ -24,6 +24,28 @@ static char buffer[] = "foobar"; #include static int +do_bz18757 (void) +{ + char c = 0; + FILE *stream; + + errno = 0; + stream = fmemopen (&c, 1, "?"); + if (stream == NULL) + { + if (errno == EINVAL) + return 0; + + printf ("FAIL: errno = %i, but wanted EINVAL (%i)\n", errno, EINVAL); + return 1; + } + + printf ("FAIL: stream = %p, but wanted NULL\n", stream); + fclose (stream); + return 2; +} + +static int do_test (void) { int ch; @@ -44,7 +66,7 @@ do_test (void) fclose (stream); - return ret; + return ret + do_bz18757 (); } #define TEST_FUNCTION do_test ()