Date: Mon, 5 Sep 2016 04:49:59 +0000 (UTC) From: "Andrey A. Chernov" <ache@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r305409 - head/lib/libc/stdio Message-ID: <201609050449.u854nxfp003671@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ache Date: Mon Sep 5 04:49:58 2016 New Revision: 305409 URL: https://svnweb.freebsd.org/changeset/base/305409 Log: 1) Prevent out of bounds access to ws[-1] (passed buffer) which happens when the first mb sequence is incomplete and there are not enougn chars in the read buffer. ws[-1] may lead to memory faults or false results, in case the memory here contains '\n'. 2) Fix EOF checking I mess in my previos r305406 commit. MFC after: 3 days Modified: head/lib/libc/stdio/fgetws.c Modified: head/lib/libc/stdio/fgetws.c ============================================================================== --- head/lib/libc/stdio/fgetws.c Mon Sep 5 04:47:31 2016 (r305408) +++ head/lib/libc/stdio/fgetws.c Mon Sep 5 04:49:58 2016 (r305409) @@ -93,7 +93,7 @@ fgetws_l(wchar_t * __restrict ws, int n, fp->_p = (unsigned char *)src; n -= nconv; wsp += nconv; - } while (wsp[-1] != L'\n' && n > 1 && (fp->_r > 0 || + } while ((wsp == ws || wsp[-1] != L'\n') && n > 1 && (fp->_r > 0 || (sret = __srefill(fp)) == 0)); if (sret && !__sfeof(fp)) /* ferror */ @@ -104,7 +104,7 @@ fgetws_l(wchar_t * __restrict ws, int n, errno = EILSEQ; goto error; } - if (sret) + if (wsp == ws) /* EOF */ goto error; *wsp = L'\0';
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201609050449.u854nxfp003671>