diff options
| author | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2024-11-07 11:16:04 -0500 |
|---|---|---|
| committer | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2024-12-17 17:42:55 -0500 |
| commit | ae5062201d7e9d18fe88bff4bc71088374c394fb (patch) | |
| tree | 4f5917292a83f1e2f479802987f7e7dc966a5672 /stdio-common | |
| parent | cfdd9e7aa45cdc575df237e2d2eee3219a06829b (diff) | |
| download | glibc-ae5062201d7e9d18fe88bff4bc71088374c394fb.zip glibc-ae5062201d7e9d18fe88bff4bc71088374c394fb.tar.gz glibc-ae5062201d7e9d18fe88bff4bc71088374c394fb.tar.bz2 | |
ungetc: Guarantee single char pushback
The C standard requires that ungetc guarantees at least one pushback,
but the malloc call to allocate the pushback buffer could fail, thus
violating that requirement. Fix this by adding a single byte pushback
buffer in the FILE struct that the pushback can fall back to if malloc
fails.
The side-effect is that if the initial malloc fails and the 1-byte
fallback buffer is used, future resizing (if it succeeds) will be
2-bytes, 4-bytes and so on, which is suboptimal but it's after a malloc
failure, so maybe even desirable.
A future optimization here could be to have the pushback code use the
single byte buffer first and only fall back to malloc for subsequent
calls.
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Maciej W. Rozycki <macro@redhat.com>
Diffstat (limited to 'stdio-common')
| -rw-r--r-- | stdio-common/Makefile | 2 | ||||
| -rw-r--r-- | stdio-common/tst-ungetc-nomem.c | 121 |
2 files changed, 123 insertions, 0 deletions
diff --git a/stdio-common/Makefile b/stdio-common/Makefile index e76e40e..b1a04fd 100644 --- a/stdio-common/Makefile +++ b/stdio-common/Makefile @@ -1,4 +1,5 @@ # Copyright (C) 1991-2024 Free Software Foundation, Inc. +# Copyright The GNU Toolchain Authors. # This file is part of the GNU C Library. # The GNU C Library is free software; you can redistribute it and/or @@ -303,6 +304,7 @@ tests := \ tst-tmpnam \ tst-ungetc \ tst-ungetc-leak \ + tst-ungetc-nomem \ tst-unlockedio \ tst-vfprintf-mbs-prec \ tst-vfprintf-user-type \ diff --git a/stdio-common/tst-ungetc-nomem.c b/stdio-common/tst-ungetc-nomem.c new file mode 100644 index 0000000..0872de6 --- /dev/null +++ b/stdio-common/tst-ungetc-nomem.c @@ -0,0 +1,121 @@ +/* Test ungetc behavior with malloc failures. + Copyright The GNU Toolchain Authors. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <https://www.gnu.org/licenses/>. */ + +#include <dlfcn.h> +#include <stdio.h> +#include <string.h> +#include <support/check.h> +#include <support/support.h> +#include <support/temp_file.h> +#include <support/xstdio.h> + +static volatile bool fail = false; + +/* Induce a malloc failure whenever FAIL is set; we use the __LIBC_MALLOC entry + point to avoid the other alternative, which is RTLD_NEXT. */ +void * +malloc (size_t sz) +{ + if (fail) + return NULL; + + static void *(*real_malloc) (size_t); + + if (real_malloc == NULL) + real_malloc = dlsym (RTLD_NEXT, "malloc"); + + return real_malloc (sz); +} + +static int +do_test (void) +{ + char *filename = NULL; + struct stat props = {}; + size_t bufsz = 0; + + create_temp_file ("tst-ungetc-nomem.", &filename); + if (stat (filename, &props) != 0) + FAIL_EXIT1 ("Could not get file status: %m\n"); + + FILE *fp = fopen (filename, "w"); + + /* The libio buffer sizes are the same as block size. This is to ensure that + the test runs at the read underflow boundary as well. */ + bufsz = props.st_blksize + 2; + + char *buf = xmalloc (bufsz); + memset (buf, 'a', bufsz); + + if (fwrite (buf, sizeof (char), bufsz, fp) != bufsz) + FAIL_EXIT1 ("fwrite failed: %m\n"); + xfclose (fp); + + /* Begin test. */ + fp = xfopen (filename, "r"); + + while (!feof (fp)) + { + /* Reset the pushback buffer state. */ + fseek (fp, 0, SEEK_CUR); + + fail = true; + /* 1: First ungetc should always succeed, as the standard requires. */ + TEST_COMPARE (ungetc ('b', fp), 'b'); + + /* 2: This will result in resizing, which should fail. */ + TEST_COMPARE (ungetc ('c', fp), EOF); + + /* 3: Now allow the resizing, which should immediately fill up the buffer + too, since this allocates only double the current buffer, i.e. + 2-bytes. */ + fail = false; + TEST_COMPARE (ungetc ('d', fp), 'd'); + + /* 4: And fail again because this again forces an alloc, which fails. */ + fail = true; + TEST_COMPARE (ungetc ('e', fp), EOF); + + /* 5: Enable allocations again so that we now get a 4-byte buffer. Now + both calls should work. */ + fail = false; + TEST_COMPARE (ungetc ('f', fp), 'f'); + fail = true; + TEST_COMPARE (ungetc ('g', fp), 'g'); + + /* Drain out the x's. */ + TEST_COMPARE (fgetc (fp), 'g'); + TEST_COMPARE (fgetc (fp), 'f'); + TEST_COMPARE (fgetc (fp), 'd'); + + /* Finally, drain out the first char we had pushed back, followed by one + more char from the stream, if present. */ + TEST_COMPARE (fgetc (fp), 'b'); + char c = fgetc (fp); + if (!feof (fp)) + TEST_COMPARE (c, 'a'); + } + + /* Final sanity check before we're done. */ + TEST_COMPARE (ferror (fp), 0); + xfclose (fp); + + return 0; +} + +#include <support/test-driver.c> |