diff options
-rw-r--r-- | ChangeLog | 13 | ||||
-rw-r--r-- | debug/fprintf_chk.c | 4 | ||||
-rw-r--r-- | debug/printf_chk.c | 4 | ||||
-rw-r--r-- | debug/tst-chk1.c | 17 | ||||
-rw-r--r-- | debug/vfprintf_chk.c | 4 | ||||
-rw-r--r-- | debug/vprintf_chk.c | 4 | ||||
-rw-r--r-- | debug/vsnprintf_chk.c | 2 | ||||
-rw-r--r-- | debug/vsprintf_chk.c | 2 | ||||
-rw-r--r-- | stdio-common/vfprintf.c | 16 |
9 files changed, 49 insertions, 17 deletions
@@ -1,6 +1,15 @@ -2004-11-17 Alfred M. Szmidt <ams@gnu.org> +2004-11-18 Ulrich Drepper <drepper@redhat.com> - * sysdeps/posix/libc_fatal.c: Include <sys/uio.h>. + * libio/libio.h (_IO_FLAGS2_FORTIFY): Renamed from + _IO_FLAGS2_CHECK_PERCENT_N. + * debug/fprintff_chk.c: Adjust all users. + * debug/printf_chk.c: Likewise. + * debug/vfprintf_chk.c: Likewise. + * debug/vprintf_chk.c: Likewise. + * debug/vsnprintf_chk.c: Likewise. + * debug/vsprintf_chk.c: Likewise. + * stdio-common/vfprintf.c: Likewise. Detect missing %N$ formats. + * debug/tst-chk1.c: Test detection of missing %N$ formats. 2004-11-15 Jakub Jelinek <jakub@redhat.com> diff --git a/debug/fprintf_chk.c b/debug/fprintf_chk.c index 77508b9..2b7d22b 100644 --- a/debug/fprintf_chk.c +++ b/debug/fprintf_chk.c @@ -31,14 +31,14 @@ __fprintf_chk (FILE *fp, int flag, const char *format, ...) _IO_acquire_lock (fp); if (flag > 0) - fp->_flags2 |= _IO_FLAGS2_CHECK_PERCENT_N; + fp->_flags2 |= _IO_FLAGS2_FORTIFY; va_start (ap, format); done = vfprintf (fp, format, ap); va_end (ap); if (flag > 0) - fp->_flags2 &= ~_IO_FLAGS2_CHECK_PERCENT_N; + fp->_flags2 &= ~_IO_FLAGS2_FORTIFY; _IO_release_lock (fp); return done; diff --git a/debug/printf_chk.c b/debug/printf_chk.c index d2b3873..86096b4 100644 --- a/debug/printf_chk.c +++ b/debug/printf_chk.c @@ -31,14 +31,14 @@ __printf_chk (int flag, const char *format, ...) _IO_acquire_lock (stdout); if (flag > 0) - stdout->_flags2 |= _IO_FLAGS2_CHECK_PERCENT_N; + stdout->_flags2 |= _IO_FLAGS2_FORTIFY; va_start (ap, format); done = vfprintf (stdout, format, ap); va_end (ap); if (flag > 0) - stdout->_flags2 &= ~_IO_FLAGS2_CHECK_PERCENT_N; + stdout->_flags2 &= ~_IO_FLAGS2_FORTIFY; _IO_release_lock (stdout); return done; diff --git a/debug/tst-chk1.c b/debug/tst-chk1.c index 37320c3..0df660d 100644 --- a/debug/tst-chk1.c +++ b/debug/tst-chk1.c @@ -474,5 +474,22 @@ do_test (void) CHK_FAIL_END #endif + /* Check whether missing N$ formats are detected. */ + CHK_FAIL2_START + printf ("%3$d\n", 1, 2, 3, 4); + CHK_FAIL2_END + + CHK_FAIL2_START + fprintf (stdout, "%3$d\n", 1, 2, 3, 4); + CHK_FAIL2_END + + CHK_FAIL2_START + sprintf (buf, "%3$d\n", 1, 2, 3, 4); + CHK_FAIL2_END + + CHK_FAIL2_START + snprintf (buf, sizeof (buf), "%3$d\n", 1, 2, 3, 4); + CHK_FAIL2_END + return ret; } diff --git a/debug/vfprintf_chk.c b/debug/vfprintf_chk.c index a9e107d..c8e7c3b 100644 --- a/debug/vfprintf_chk.c +++ b/debug/vfprintf_chk.c @@ -30,12 +30,12 @@ __vfprintf_chk (FILE *fp, int flag, const char *format, va_list ap) _IO_acquire_lock (fp); if (flag > 0) - fp->_flags2 |= _IO_FLAGS2_CHECK_PERCENT_N; + fp->_flags2 |= _IO_FLAGS2_FORTIFY; done = vfprintf (fp, format, ap); if (flag > 0) - fp->_flags2 &= ~_IO_FLAGS2_CHECK_PERCENT_N; + fp->_flags2 &= ~_IO_FLAGS2_FORTIFY; _IO_release_lock (fp); return done; diff --git a/debug/vprintf_chk.c b/debug/vprintf_chk.c index f477f15..1fd5bcd 100644 --- a/debug/vprintf_chk.c +++ b/debug/vprintf_chk.c @@ -30,12 +30,12 @@ __vprintf_chk (int flag, const char *format, va_list ap) _IO_acquire_lock (stdout); if (flag > 0) - stdout->_flags2 |= _IO_FLAGS2_CHECK_PERCENT_N; + stdout->_flags2 |= _IO_FLAGS2_FORTIFY; done = vfprintf (stdout, format, ap); if (flag > 0) - stdout->_flags2 &= ~_IO_FLAGS2_CHECK_PERCENT_N; + stdout->_flags2 &= ~_IO_FLAGS2_FORTIFY; _IO_release_lock (stdout); return done; diff --git a/debug/vsnprintf_chk.c b/debug/vsnprintf_chk.c index 850cd5a..a0fd4eb 100644 --- a/debug/vsnprintf_chk.c +++ b/debug/vsnprintf_chk.c @@ -58,7 +58,7 @@ __vsnprintf_chk (char *s, size_t maxlen, int flags, size_t slen, /* For flags > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n can only come from read-only format strings. */ if (flags > 0) - sf.f._sbf._f._flags2 |= _IO_FLAGS2_CHECK_PERCENT_N; + sf.f._sbf._f._flags2 |= _IO_FLAGS2_FORTIFY; _IO_str_init_static_internal (&sf.f, s, maxlen - 1, s); ret = INTUSE(_IO_vfprintf) ((_IO_FILE *) &sf.f._sbf, format, args); diff --git a/debug/vsprintf_chk.c b/debug/vsprintf_chk.c index 8338328..f41c5fc 100644 --- a/debug/vsprintf_chk.c +++ b/debug/vsprintf_chk.c @@ -81,7 +81,7 @@ __vsprintf_chk (char *s, int flags, size_t slen, const char *format, /* For flags > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n can only come from read-only format strings. */ if (flags > 0) - f._sbf._f._flags2 |= _IO_FLAGS2_CHECK_PERCENT_N; + f._sbf._f._flags2 |= _IO_FLAGS2_FORTIFY; ret = INTUSE(_IO_vfprintf) ((_IO_FILE *) &f._sbf, format, args); diff --git a/stdio-common/vfprintf.c b/stdio-common/vfprintf.c index 5e480ad..3f0e1de 100644 --- a/stdio-common/vfprintf.c +++ b/stdio-common/vfprintf.c @@ -882,18 +882,18 @@ vfprintf (FILE *s, const CHAR_T *format, va_list ap) /* NOTREACHED */ \ \ LABEL (form_number): \ - if (s->_flags2 & _IO_FLAGS2_CHECK_PERCENT_N) \ + if (s->_flags2 & _IO_FLAGS2_FORTIFY) \ { \ if (! readonly_format) \ { \ extern int __readonly_area (const void *, size_t) \ attribute_hidden; \ readonly_format \ - = __readonly_area (format, (STR_LEN (format) + 1) \ - * sizeof (CHAR_T)); \ + = __readonly_area (format, ((STR_LEN (format) + 1) \ + * sizeof (CHAR_T))); \ } \ if (readonly_format < 0) \ - __chk_fail (); \ + __libc_fatal ("*** %n is writable segment detected ***\n"); \ } \ /* Answer the count of characters written. */ \ if (fspec == NULL) \ @@ -1649,7 +1649,8 @@ do_positional: /* Allocate memory for the argument descriptions. */ args_type = alloca (nargs * sizeof (int)); - memset (args_type, 0, nargs * sizeof (int)); + memset (args_type, s->_flags2 & _IO_FLAGS2_FORTIFY ? '\xff' : '\0', + nargs * sizeof (int)); args_value = alloca (nargs * sizeof (union printf_arg)); /* XXX Could do sanity check here: If any element in ARGS_TYPE is @@ -1714,6 +1715,11 @@ do_positional: else args_value[cnt].pa_long_double = 0.0; break; + case -1: + /* Error case. Not all parameters appear in N$ format + strings. We have no way to determine their type. */ + assert (s->_flags2 & _IO_FLAGS2_FORTIFY); + __libc_fatal ("*** invalid %N$ use detected ***\n"); } /* Now walk through all format specifiers and process them. */ |