lib/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2025-07-29 11:41:21 +03:00
Code Activity

Fix fwrite() reading beyond end of buffer in error path

Browse Source 
Partially revert commits 2b766585f9 and
de2fd463b1, which were intended to fix BZ#11741
but caused another, likely worse bug, namely that fwrite() and fputs() could,
in an error path, read data beyond the end of the specified buffer, and
potentially even write this data to the file.

Fix BZ#11741 properly by checking the return value from _IO_padn() in
stdio-common/vfprintf.c.
This commit is contained in:
Eric Biggers
2013-10-11 22:29:38 +05:30
committed by Siddhesh Poyarekar
parent 75b4202ab0
commit 3d110c7c6e
8 changed files with 50 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libio/iopadn.c
View File

@ -59,7 +59,7 @@ _IO_padn (fp, pad, count)
w = _IO_sputn (fp, padptr, PADSIZE);
written += w;
if (w != PADSIZE)
return w == EOF ? w : written;
return written;
}
if (i > 0)