Fix fwrite() reading beyond end of buffer in error path

Partially revert commits 2b766585f9b4ffabeef2f36200c275976b93f2c7 and
de2fd463b1c0310d75084b6d774fb974075a4ad9, which were intended to fix BZ#11741
but caused another, likely worse bug, namely that fwrite() and fputs() could,
in an error path, read data beyond the end of the specified buffer, and
potentially even write this data to the file.

Fix BZ#11741 properly by checking the return value from _IO_padn() in
stdio-common/vfprintf.c.

1 files changed, 6 insertions, 6 deletions

diff --git a/NEWS b/NEWS
index 5f0a710..48a92e8 100644
--- a/NEWS
+++ b/NEWS
@@ -9,12 +9,12 @@ Version 2.19
 
 * The following bugs are resolved with this release:
 
-  156, 431, 13982, 13985, 14155, 14547, 14699, 15048, 15400, 15427, 15522,
-  15531, 15532, 15608, 15609, 15610, 15632, 15640, 15680, 15681, 15723,
-  15734, 15735, 15736, 15748, 15749, 15754, 15760, 15797, 15844, 15849,
-  15855, 15856, 15857, 15859, 15867, 15886, 15887, 15890, 15892, 15893,
-  15895, 15897, 15905, 15909, 15919, 15921, 15923, 15939, 15963, 15966,
-  15988, 16034.
+  156, 431, 13982, 13985, 14155, 14547, 14699, 15048, 15362, 15400, 15427,
+  15522, 15531, 15532, 15608, 15609, 15610, 15632, 15640, 15680, 15681,
+  15723, 15734, 15735, 15736, 15748, 15749, 15754, 15760, 15797, 15844,
+  15849, 15855, 15856, 15857, 15859, 15867, 15886, 15887, 15890, 15892,
+  15893, 15895, 15897, 15905, 15909, 15919, 15921, 15923, 15939, 15963,
+  15966, 15988, 16034.
 
 * CVE-2012-4412 The strcoll implementation caches indices and rules for
   large collation sequences to optimize multiple passes.  This cache