aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog13
-rw-r--r--debug/fprintf_chk.c4
-rw-r--r--debug/printf_chk.c4
-rw-r--r--debug/tst-chk1.c17
-rw-r--r--debug/vfprintf_chk.c4
-rw-r--r--debug/vprintf_chk.c4
-rw-r--r--debug/vsnprintf_chk.c2
-rw-r--r--debug/vsprintf_chk.c2
-rw-r--r--stdio-common/vfprintf.c16
9 files changed, 49 insertions, 17 deletions
diff --git a/ChangeLog b/ChangeLog
index 2b5b698..d973d88 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,15 @@
-2004-11-17 Alfred M. Szmidt <ams@gnu.org>
+2004-11-18 Ulrich Drepper <drepper@redhat.com>
- * sysdeps/posix/libc_fatal.c: Include <sys/uio.h>.
+ * libio/libio.h (_IO_FLAGS2_FORTIFY): Renamed from
+ _IO_FLAGS2_CHECK_PERCENT_N.
+ * debug/fprintff_chk.c: Adjust all users.
+ * debug/printf_chk.c: Likewise.
+ * debug/vfprintf_chk.c: Likewise.
+ * debug/vprintf_chk.c: Likewise.
+ * debug/vsnprintf_chk.c: Likewise.
+ * debug/vsprintf_chk.c: Likewise.
+ * stdio-common/vfprintf.c: Likewise. Detect missing %N$ formats.
+ * debug/tst-chk1.c: Test detection of missing %N$ formats.
2004-11-15 Jakub Jelinek <jakub@redhat.com>
diff --git a/debug/fprintf_chk.c b/debug/fprintf_chk.c
index 77508b9..2b7d22b 100644
--- a/debug/fprintf_chk.c
+++ b/debug/fprintf_chk.c
@@ -31,14 +31,14 @@ __fprintf_chk (FILE *fp, int flag, const char *format, ...)
_IO_acquire_lock (fp);
if (flag > 0)
- fp->_flags2 |= _IO_FLAGS2_CHECK_PERCENT_N;
+ fp->_flags2 |= _IO_FLAGS2_FORTIFY;
va_start (ap, format);
done = vfprintf (fp, format, ap);
va_end (ap);
if (flag > 0)
- fp->_flags2 &= ~_IO_FLAGS2_CHECK_PERCENT_N;
+ fp->_flags2 &= ~_IO_FLAGS2_FORTIFY;
_IO_release_lock (fp);
return done;
diff --git a/debug/printf_chk.c b/debug/printf_chk.c
index d2b3873..86096b4 100644
--- a/debug/printf_chk.c
+++ b/debug/printf_chk.c
@@ -31,14 +31,14 @@ __printf_chk (int flag, const char *format, ...)
_IO_acquire_lock (stdout);
if (flag > 0)
- stdout->_flags2 |= _IO_FLAGS2_CHECK_PERCENT_N;
+ stdout->_flags2 |= _IO_FLAGS2_FORTIFY;
va_start (ap, format);
done = vfprintf (stdout, format, ap);
va_end (ap);
if (flag > 0)
- stdout->_flags2 &= ~_IO_FLAGS2_CHECK_PERCENT_N;
+ stdout->_flags2 &= ~_IO_FLAGS2_FORTIFY;
_IO_release_lock (stdout);
return done;
diff --git a/debug/tst-chk1.c b/debug/tst-chk1.c
index 37320c3..0df660d 100644
--- a/debug/tst-chk1.c
+++ b/debug/tst-chk1.c
@@ -474,5 +474,22 @@ do_test (void)
CHK_FAIL_END
#endif
+ /* Check whether missing N$ formats are detected. */
+ CHK_FAIL2_START
+ printf ("%3$d\n", 1, 2, 3, 4);
+ CHK_FAIL2_END
+
+ CHK_FAIL2_START
+ fprintf (stdout, "%3$d\n", 1, 2, 3, 4);
+ CHK_FAIL2_END
+
+ CHK_FAIL2_START
+ sprintf (buf, "%3$d\n", 1, 2, 3, 4);
+ CHK_FAIL2_END
+
+ CHK_FAIL2_START
+ snprintf (buf, sizeof (buf), "%3$d\n", 1, 2, 3, 4);
+ CHK_FAIL2_END
+
return ret;
}
diff --git a/debug/vfprintf_chk.c b/debug/vfprintf_chk.c
index a9e107d..c8e7c3b 100644
--- a/debug/vfprintf_chk.c
+++ b/debug/vfprintf_chk.c
@@ -30,12 +30,12 @@ __vfprintf_chk (FILE *fp, int flag, const char *format, va_list ap)
_IO_acquire_lock (fp);
if (flag > 0)
- fp->_flags2 |= _IO_FLAGS2_CHECK_PERCENT_N;
+ fp->_flags2 |= _IO_FLAGS2_FORTIFY;
done = vfprintf (fp, format, ap);
if (flag > 0)
- fp->_flags2 &= ~_IO_FLAGS2_CHECK_PERCENT_N;
+ fp->_flags2 &= ~_IO_FLAGS2_FORTIFY;
_IO_release_lock (fp);
return done;
diff --git a/debug/vprintf_chk.c b/debug/vprintf_chk.c
index f477f15..1fd5bcd 100644
--- a/debug/vprintf_chk.c
+++ b/debug/vprintf_chk.c
@@ -30,12 +30,12 @@ __vprintf_chk (int flag, const char *format, va_list ap)
_IO_acquire_lock (stdout);
if (flag > 0)
- stdout->_flags2 |= _IO_FLAGS2_CHECK_PERCENT_N;
+ stdout->_flags2 |= _IO_FLAGS2_FORTIFY;
done = vfprintf (stdout, format, ap);
if (flag > 0)
- stdout->_flags2 &= ~_IO_FLAGS2_CHECK_PERCENT_N;
+ stdout->_flags2 &= ~_IO_FLAGS2_FORTIFY;
_IO_release_lock (stdout);
return done;
diff --git a/debug/vsnprintf_chk.c b/debug/vsnprintf_chk.c
index 850cd5a..a0fd4eb 100644
--- a/debug/vsnprintf_chk.c
+++ b/debug/vsnprintf_chk.c
@@ -58,7 +58,7 @@ __vsnprintf_chk (char *s, size_t maxlen, int flags, size_t slen,
/* For flags > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
can only come from read-only format strings. */
if (flags > 0)
- sf.f._sbf._f._flags2 |= _IO_FLAGS2_CHECK_PERCENT_N;
+ sf.f._sbf._f._flags2 |= _IO_FLAGS2_FORTIFY;
_IO_str_init_static_internal (&sf.f, s, maxlen - 1, s);
ret = INTUSE(_IO_vfprintf) ((_IO_FILE *) &sf.f._sbf, format, args);
diff --git a/debug/vsprintf_chk.c b/debug/vsprintf_chk.c
index 8338328..f41c5fc 100644
--- a/debug/vsprintf_chk.c
+++ b/debug/vsprintf_chk.c
@@ -81,7 +81,7 @@ __vsprintf_chk (char *s, int flags, size_t slen, const char *format,
/* For flags > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
can only come from read-only format strings. */
if (flags > 0)
- f._sbf._f._flags2 |= _IO_FLAGS2_CHECK_PERCENT_N;
+ f._sbf._f._flags2 |= _IO_FLAGS2_FORTIFY;
ret = INTUSE(_IO_vfprintf) ((_IO_FILE *) &f._sbf, format, args);
diff --git a/stdio-common/vfprintf.c b/stdio-common/vfprintf.c
index 5e480ad..3f0e1de 100644
--- a/stdio-common/vfprintf.c
+++ b/stdio-common/vfprintf.c
@@ -882,18 +882,18 @@ vfprintf (FILE *s, const CHAR_T *format, va_list ap)
/* NOTREACHED */ \
\
LABEL (form_number): \
- if (s->_flags2 & _IO_FLAGS2_CHECK_PERCENT_N) \
+ if (s->_flags2 & _IO_FLAGS2_FORTIFY) \
{ \
if (! readonly_format) \
{ \
extern int __readonly_area (const void *, size_t) \
attribute_hidden; \
readonly_format \
- = __readonly_area (format, (STR_LEN (format) + 1) \
- * sizeof (CHAR_T)); \
+ = __readonly_area (format, ((STR_LEN (format) + 1) \
+ * sizeof (CHAR_T))); \
} \
if (readonly_format < 0) \
- __chk_fail (); \
+ __libc_fatal ("*** %n is writable segment detected ***\n"); \
} \
/* Answer the count of characters written. */ \
if (fspec == NULL) \
@@ -1649,7 +1649,8 @@ do_positional:
/* Allocate memory for the argument descriptions. */
args_type = alloca (nargs * sizeof (int));
- memset (args_type, 0, nargs * sizeof (int));
+ memset (args_type, s->_flags2 & _IO_FLAGS2_FORTIFY ? '\xff' : '\0',
+ nargs * sizeof (int));
args_value = alloca (nargs * sizeof (union printf_arg));
/* XXX Could do sanity check here: If any element in ARGS_TYPE is
@@ -1714,6 +1715,11 @@ do_positional:
else
args_value[cnt].pa_long_double = 0.0;
break;
+ case -1:
+ /* Error case. Not all parameters appear in N$ format
+ strings. We have no way to determine their type. */
+ assert (s->_flags2 & _IO_FLAGS2_FORTIFY);
+ __libc_fatal ("*** invalid %N$ use detected ***\n");
}
/* Now walk through all format specifiers and process them. */