From 107b8a922a9f72bae8d066549c675062bee0897f Mon Sep 17 00:00:00 2001 From: Ulrich Drepper Date: Mon, 14 Aug 2006 22:16:14 +0000 Subject: [BZ #1996] 2006-08-14 Ulrich Drepper [BZ #1996] * libio/memstream.c (open_memstream): Allocate initial buffer with calloc. * libio/wmemstream.c (open_wmemstream): Likewise. * libio/strops.c: Pretty printing. (_IO_str_overflow): Clear uninitialized part of the new buffer. (enlarge_userbuf): New function. (_IO_str_seekoff): Call it if seek position is larger than current buffer. * libio/wstrops.c: Likewise. * libio/vasprintf.c: Add comment as to why we do not have to use calloc instead of malloc to allocate initial buffer. * libio/Makefile (tests): Add bug-memstream1 and bug-wmemstream1. * libio/bug-memstream1.c: New file. * libio/bug-wmemstream1.c: New file. --- libio/Makefile | 3 +- libio/bug-memstream1.c | 133 +++++++++++++++++++++++++++++++++++++++++++++++ libio/bug-wmemstream1.c | 135 ++++++++++++++++++++++++++++++++++++++++++++++++ libio/memstream.c | 2 +- libio/strops.c | 91 ++++++++++++++++++++++++++++---- libio/vasprintf.c | 2 + libio/wmemstream.c | 2 +- libio/wstrops.c | 104 +++++++++++++++++++++++++++++++++---- 8 files changed, 450 insertions(+), 22 deletions(-) create mode 100644 libio/bug-memstream1.c create mode 100644 libio/bug-wmemstream1.c (limited to 'libio') diff --git a/libio/Makefile b/libio/Makefile index e9c1d52..0529744 100644 --- a/libio/Makefile +++ b/libio/Makefile @@ -56,7 +56,8 @@ tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc tst_putwc \ tst-mmap2-eofsync tst-mmap-offend bug-fopena+ bug-wfflush \ bug-ungetc2 bug-ftell bug-ungetc3 bug-ungetc4 tst-fopenloc2 \ tst-memstream1 tst-memstream2 \ - tst-wmemstream1 tst-wmemstream2 + tst-wmemstream1 tst-wmemstream2 \ + bug-memstream1 bug-wmemstream1 test-srcs = test-freopen all: # Make this the default target; it will be defined in Rules. diff --git a/libio/bug-memstream1.c b/libio/bug-memstream1.c new file mode 100644 index 0000000..8af36fe --- /dev/null +++ b/libio/bug-memstream1.c @@ -0,0 +1,133 @@ +#include +#include + + +static int +do_test (void) +{ + size_t size; + char *buf; + FILE *fp = open_memstream (&buf, &size); + if (fp == NULL) + { + puts ("open_memstream failed"); + return 1; + } + + off64_t off = ftello64 (fp); + if (off != 0) + { + puts ("initial position wrong"); + return 1; + } + + if (fseek (fp, 32768, SEEK_SET) != 0) + { + puts ("fseek failed"); + return 1; + } + + if (fputs ("foo", fp) == EOF) + { + puts ("fputs failed"); + return 1; + } + + if (fclose (fp) == EOF) + { + puts ("fclose failed"); + return 1; + } + + if (size != 32768 + 3) + { + printf ("expected size %d, got %zu\n", 32768 + 3, size); + return 1; + } + + for (int i = 0; i < 32768; ++i) + if (buf[i] != '\0') + { + printf ("byte at offset %d is %#hhx\n", i, buf[i]); + return 1; + } + + if (memcmp (buf + 32768, "foo", 3) != 0) + { + puts ("written string incorrect"); + return 1; + } + + /* Mark the buffer. */ + memset (buf, 'A', size); + free (buf); + + /* Try again, this time with write mode enabled before the seek. */ + fp = open_memstream (&buf, &size); + if (fp == NULL) + { + puts ("2nd open_memstream failed"); + return 1; + } + + off = ftello64 (fp); + if (off != 0) + { + puts ("2nd initial position wrong"); + return 1; + } + + if (fputs ("bar", fp) == EOF) + { + puts ("2nd fputs failed"); + return 1; + } + + if (fseek (fp, 32768, SEEK_SET) != 0) + { + puts ("2nd fseek failed"); + return 1; + } + + if (fputs ("foo", fp) == EOF) + { + puts ("3rd fputs failed"); + return 1; + } + + if (fclose (fp) == EOF) + { + puts ("2nd fclose failed"); + return 1; + } + + if (size != 32768 + 3) + { + printf ("2nd expected size %d, got %zu\n", 32768 + 3, size); + return 1; + } + + if (memcmp (buf, "bar", 3) != 0) + { + puts ("initial string incorrect in 2nd try"); + return 1; + } + + for (int i = 3; i < 32768; ++i) + if (buf[i] != '\0') + { + printf ("byte at offset %d is %#hhx in 2nd try\n", i, buf[i]); + return 1; + } + + if (memcmp (buf + 32768, "foo", 3) != 0) + { + puts ("written string incorrect in 2nd try"); + return 1; + } + + return 0; +} + +#define TEST_FUNCTION do_test () +#include "../test-skeleton.c" diff --git a/libio/bug-wmemstream1.c b/libio/bug-wmemstream1.c new file mode 100644 index 0000000..2190593 --- /dev/null +++ b/libio/bug-wmemstream1.c @@ -0,0 +1,135 @@ +#include +#include + + +static int +do_test (void) +{ + size_t size; + wchar_t *buf; + FILE *fp = open_wmemstream (&buf, &size); + if (fp == NULL) + { + puts ("open_wmemstream failed"); + return 1; + } + + off64_t off = ftello64 (fp); + if (off != 0) + { + puts ("initial position wrong"); + return 1; + } + + if (fseek (fp, 32768, SEEK_SET) != 0) + { + puts ("fseek failed"); + return 1; + } + + if (fputws (L"foo", fp) == EOF) + { + puts ("fputws failed"); + return 1; + } + + if (fclose (fp) == EOF) + { + puts ("fclose failed"); + return 1; + } + + if (size != 32768 + 3) + { + printf ("expected size %d, got %zu\n", 32768 + 3, size); + return 1; + } + + for (int i = 0; i < 32768; ++i) + if (buf[i] != L'\0') + { + printf ("wide character at offset %d is %#x\n", + i, (unsigned int) buf[i]); + return 1; + } + + if (wmemcmp (buf + 32768, L"foo", 3) != 0) + { + puts ("written string incorrect"); + return 1; + } + + /* Mark the buffer. */ + wmemset (buf, L'A', size); + free (buf); + + /* Try again, this time with write mode enabled before the seek. */ + fp = open_wmemstream (&buf, &size); + if (fp == NULL) + { + puts ("2nd open_wmemstream failed"); + return 1; + } + + off = ftello64 (fp); + if (off != 0) + { + puts ("2nd initial position wrong"); + return 1; + } + + if (fputws (L"bar", fp) == EOF) + { + puts ("2nd fputws failed"); + return 1; + } + + if (fseek (fp, 32768, SEEK_SET) != 0) + { + puts ("2nd fseek failed"); + return 1; + } + + if (fputws (L"foo", fp) == EOF) + { + puts ("3rd fputws failed"); + return 1; + } + + if (fclose (fp) == EOF) + { + puts ("2nd fclose failed"); + return 1; + } + + if (size != 32768 + 3) + { + printf ("2nd expected size %d, got %zu\n", 32768 + 3, size); + return 1; + } + + if (wmemcmp (buf, L"bar", 3) != 0) + { + puts ("initial string incorrect in 2nd try"); + return 1; + } + + for (int i = 3; i < 32768; ++i) + if (buf[i] != L'\0') + { + printf ("wide character at offset %d is %#x in 2nd try\n", + i, (unsigned int) buf[i]); + return 1; + } + + if (wmemcmp (buf + 32768, L"foo", 3) != 0) + { + puts ("written string incorrect in 2nd try"); + return 1; + } + + return 0; +} + +#define TEST_FUNCTION do_test () +#include "../test-skeleton.c" diff --git a/libio/memstream.c b/libio/memstream.c index 742da74..877383f 100644 --- a/libio/memstream.c +++ b/libio/memstream.c @@ -83,7 +83,7 @@ open_memstream (bufloc, sizeloc) new_f->fp._sf._sbf._f._lock = &new_f->lock; #endif - buf = malloc (_IO_BUFSIZ); + buf = calloc (1, _IO_BUFSIZ); if (buf == NULL) return NULL; INTUSE(_IO_init) (&new_f->fp._sf._sbf._f, 0); diff --git a/libio/strops.c b/libio/strops.c index da60e93..05270ce 100644 --- a/libio/strops.c +++ b/libio/strops.c @@ -25,6 +25,7 @@ This exception applies to code released by its copyright holders in files containing the exception. */ +#include #include "strfile.h" #include "libioP.h" #include @@ -102,7 +103,7 @@ _IO_str_overflow (fp, c) fp->_IO_write_ptr = fp->_IO_read_ptr; fp->_IO_read_ptr = fp->_IO_read_end; } - pos = fp->_IO_write_ptr - fp->_IO_write_base; + pos = fp->_IO_write_ptr - fp->_IO_write_base; if (pos >= (_IO_size_t) (_IO_blen (fp) + flush_only)) { if (fp->_flags & _IO_USER_BUF) /* not allowed to enlarge */ @@ -111,7 +112,10 @@ _IO_str_overflow (fp, c) { char *new_buf; char *old_buf = fp->_IO_buf_base; - _IO_size_t new_size = 2 * _IO_blen (fp) + 100; + size_t old_blen = _IO_blen (fp); + _IO_size_t new_size = 2 * old_blen + 100; + if (new_size < old_blen) + return EOF; new_buf = (char *) (*((_IO_strfile *) fp)->_s._allocate_buffer) (new_size); if (new_buf == NULL) @@ -121,15 +125,13 @@ _IO_str_overflow (fp, c) } if (old_buf) { - memcpy (new_buf, old_buf, _IO_blen (fp)); + memcpy (new_buf, old_buf, old_blen); (*((_IO_strfile *) fp)->_s._free_buffer) (old_buf); /* Make sure _IO_setb won't try to delete _IO_buf_base. */ fp->_IO_buf_base = NULL; } -#if 0 - if (lenp == &LEN(fp)) /* use '\0'-filling */ - memset (new_buf + pos, 0, blen() - pos); -#endif + memset (new_buf + old_blen, '\0', new_size - old_blen); + INTUSE(_IO_setb) (fp, new_buf, new_buf + new_size, 1); fp->_IO_read_base = new_buf + (fp->_IO_read_base - old_buf); fp->_IO_read_ptr = new_buf + (fp->_IO_read_ptr - old_buf); @@ -179,6 +181,71 @@ _IO_str_count (fp) - fp->_IO_read_base); } + +static int +enlarge_userbuf (_IO_FILE *fp, _IO_off64_t offset, int reading) +{ + if ((_IO_ssize_t) offset <= _IO_blen (fp)) + return 0; + + _IO_ssize_t oldend = fp->_IO_write_end - fp->_IO_write_base; + + /* Try to enlarge the buffer. */ + if (fp->_flags & _IO_USER_BUF) + /* User-provided buffer. */ + return 1; + + _IO_size_t newsize = offset + 100; + char *oldbuf = fp->_IO_buf_base; + char *newbuf + = (char *) (*((_IO_strfile *) fp)->_s._allocate_buffer) (newsize); + if (newbuf == NULL) + return 1; + + if (oldbuf != NULL) + { + memcpy (newbuf, oldbuf, _IO_blen (fp)); + (*((_IO_strfile *) fp)->_s._free_buffer) (oldbuf); + /* Make sure _IO_setb won't try to delete + _IO_buf_base. */ + fp->_IO_buf_base = NULL; + } + + INTUSE(_IO_setb) (fp, newbuf, newbuf + newsize, 1); + + if (reading) + { + fp->_IO_write_base = newbuf + (fp->_IO_write_base - oldbuf); + fp->_IO_write_ptr = newbuf + (fp->_IO_write_ptr - oldbuf); + fp->_IO_write_end = newbuf + (fp->_IO_write_end - oldbuf); + fp->_IO_read_ptr = newbuf + (fp->_IO_read_ptr - oldbuf); + + fp->_IO_read_base = newbuf; + fp->_IO_read_end = fp->_IO_buf_end; + } + else + { + fp->_IO_read_base = newbuf + (fp->_IO_read_base - oldbuf); + fp->_IO_read_ptr = newbuf + (fp->_IO_read_ptr - oldbuf); + fp->_IO_read_end = newbuf + (fp->_IO_read_end - oldbuf); + fp->_IO_write_ptr = newbuf + (fp->_IO_write_ptr - oldbuf); + + fp->_IO_write_base = newbuf; + fp->_IO_write_end = fp->_IO_buf_end; + } + + /* Clear the area between the last write position and th + new position. */ + assert (offset >= oldend); + if (reading) + memset (fp->_IO_read_base + oldend, '\0', offset - oldend); + else + memset (fp->_IO_write_base + oldend, '\0', offset - oldend); + + return 0; +} + + _IO_off64_t _IO_str_seekoff (fp, offset, dir, mode) _IO_FILE *fp; @@ -219,7 +286,10 @@ _IO_str_seekoff (fp, offset, dir, mode) default: /* case _IO_seek_set: */ break; } - if (offset < 0 || (_IO_ssize_t) offset > cur_size) + if (offset < 0) + return EOF; + if ((_IO_ssize_t) offset > cur_size + && enlarge_userbuf (fp, offset, 1) != 0) return EOF; fp->_IO_read_ptr = fp->_IO_read_base + offset; fp->_IO_read_end = fp->_IO_read_base + cur_size; @@ -240,7 +310,10 @@ _IO_str_seekoff (fp, offset, dir, mode) default: /* case _IO_seek_set: */ break; } - if (offset < 0 || (_IO_ssize_t) offset > cur_size) + if (offset < 0) + return EOF; + if ((_IO_ssize_t) offset > cur_size + && enlarge_userbuf (fp, offset, 0) != 0) return EOF; fp->_IO_write_ptr = fp->_IO_write_base + offset; new_pos = offset; diff --git a/libio/vasprintf.c b/libio/vasprintf.c index ac77330..2fdb9f6 100644 --- a/libio/vasprintf.c +++ b/libio/vasprintf.c @@ -46,6 +46,8 @@ _IO_vasprintf (result_ptr, format, args) int ret; _IO_size_t needed; _IO_size_t allocated; + /* No need to clear the memory here (unlike for open_memstream) since + we know we will never seek on the stream. */ string = (char *) malloc (init_string_size); if (string == NULL) return -1; diff --git a/libio/wmemstream.c b/libio/wmemstream.c index 1709f2d..85ea649 100644 --- a/libio/wmemstream.c +++ b/libio/wmemstream.c @@ -83,7 +83,7 @@ open_wmemstream (bufloc, sizeloc) new_f->fp._sf._sbf._f._lock = &new_f->lock; #endif - buf = malloc (_IO_BUFSIZ); + buf = calloc (1, _IO_BUFSIZ); if (buf == NULL) return NULL; diff --git a/libio/wstrops.c b/libio/wstrops.c index 09dbfc2..8b862fb 100644 --- a/libio/wstrops.c +++ b/libio/wstrops.c @@ -25,6 +25,7 @@ This exception applies to code released by its copyright holders in files containing the exception. */ +#include #include "strfile.h" #include "libioP.h" #include @@ -66,7 +67,7 @@ _IO_wstr_init_static (fp, ptr, size, pstart) fp->_wide_data->_IO_read_end = end; } /* A null _allocate_buffer function flags the strfile as being static. */ - (((_IO_strfile *) fp)->_s._allocate_buffer) = (_IO_alloc_type)0; + (((_IO_strfile *) fp)->_s._allocate_buffer) = (_IO_alloc_type)0; } _IO_wint_t @@ -84,7 +85,7 @@ _IO_wstr_overflow (fp, c) fp->_wide_data->_IO_write_ptr = fp->_wide_data->_IO_read_ptr; fp->_wide_data->_IO_read_ptr = fp->_wide_data->_IO_read_end; } - pos = fp->_wide_data->_IO_write_ptr - fp->_wide_data->_IO_write_base; + pos = fp->_wide_data->_IO_write_ptr - fp->_wide_data->_IO_write_base; if (pos >= (_IO_size_t) (_IO_wblen (fp) + flush_only)) { if (fp->_flags & _IO_USER_BUF) /* not allowed to enlarge */ @@ -93,7 +94,10 @@ _IO_wstr_overflow (fp, c) { wchar_t *new_buf; wchar_t *old_buf = fp->_wide_data->_IO_buf_base; - _IO_size_t new_size = 2 * _IO_wblen (fp) + 100; + size_t old_wblen = _IO_wblen (fp); + _IO_size_t new_size = 2 * old_wblen + 100; + if (new_size < old_wblen) + return EOF; new_buf = (wchar_t *) (*((_IO_strfile *) fp)->_s._allocate_buffer) (new_size * sizeof (wchar_t)); @@ -104,11 +108,14 @@ _IO_wstr_overflow (fp, c) } if (old_buf) { - __wmemcpy (new_buf, old_buf, _IO_wblen (fp)); + __wmemcpy (new_buf, old_buf, old_wblen); (*((_IO_strfile *) fp)->_s._free_buffer) (old_buf); /* Make sure _IO_setb won't try to delete _IO_buf_base. */ fp->_wide_data->_IO_buf_base = NULL; } + + wmemset (new_buf + old_wblen, L'\0', new_size - old_wblen); + INTUSE(_IO_wsetb) (fp, new_buf, new_buf + new_size, 1); fp->_wide_data->_IO_read_base = new_buf + (fp->_wide_data->_IO_read_base - old_buf); @@ -131,6 +138,7 @@ _IO_wstr_overflow (fp, c) return c; } + _IO_wint_t _IO_wstr_underflow (fp) _IO_FILE *fp; @@ -149,17 +157,87 @@ _IO_wstr_underflow (fp) return WEOF; } -/* The size of the valid part of the buffer. */ +/* The size of the valid part of the buffer. */ _IO_ssize_t _IO_wstr_count (fp) _IO_FILE *fp; { - return ((fp->_wide_data->_IO_write_ptr > fp->_wide_data->_IO_read_end - ? fp->_wide_data->_IO_write_ptr : fp->_wide_data->_IO_read_end) - - fp->_wide_data->_IO_read_base); + struct _IO_wide_data *wd = fp->_wide_data; + + return ((wd->_IO_write_ptr > wd->_IO_read_end + ? wd->_IO_write_ptr : wd->_IO_read_end) + - wd->_IO_read_base); } + +static int +enlarge_userbuf (_IO_FILE *fp, _IO_off64_t offset, int reading) +{ + if ((_IO_ssize_t) offset <= _IO_blen (fp)) + return 0; + + struct _IO_wide_data *wd = fp->_wide_data; + + _IO_ssize_t oldend = wd->_IO_write_end - wd->_IO_write_base; + + /* Try to enlarge the buffer. */ + if (fp->_flags & _IO_USER_BUF) + /* User-provided buffer. */ + return 1; + + _IO_size_t newsize = offset + 100; + wchar_t *oldbuf = wd->_IO_buf_base; + wchar_t *newbuf + = (wchar_t *) (*((_IO_strfile *) fp)->_s._allocate_buffer) (newsize + * sizeof (wchar_t)); + if (newbuf == NULL) + return 1; + + if (oldbuf != NULL) + { + __wmemcpy (newbuf, oldbuf, _IO_wblen (fp)); + (*((_IO_strfile *) fp)->_s._free_buffer) (oldbuf); + /* Make sure _IO_setb won't try to delete + _IO_buf_base. */ + wd->_IO_buf_base = NULL; + } + + INTUSE(_IO_wsetb) (fp, newbuf, newbuf + newsize, 1); + + if (reading) + { + wd->_IO_write_base = newbuf + (wd->_IO_write_base - oldbuf); + wd->_IO_write_ptr = newbuf + (wd->_IO_write_ptr - oldbuf); + wd->_IO_write_end = newbuf + (wd->_IO_write_end - oldbuf); + wd->_IO_read_ptr = newbuf + (wd->_IO_read_ptr - oldbuf); + + wd->_IO_read_base = newbuf; + wd->_IO_read_end = wd->_IO_buf_end; + } + else + { + wd->_IO_read_base = newbuf + (wd->_IO_read_base - oldbuf); + wd->_IO_read_ptr = newbuf + (wd->_IO_read_ptr - oldbuf); + wd->_IO_read_end = newbuf + (wd->_IO_read_end - oldbuf); + wd->_IO_write_ptr = newbuf + (wd->_IO_write_ptr - oldbuf); + + wd->_IO_write_base = newbuf; + wd->_IO_write_end = wd->_IO_buf_end; + } + + /* Clear the area between the last write position and th + new position. */ + assert (offset >= oldend); + if (reading) + wmemset (wd->_IO_read_base + oldend, L'\0', offset - oldend); + else + wmemset (wd->_IO_write_base + oldend, L'\0', offset - oldend); + + return 0; +} + + _IO_off64_t _IO_wstr_seekoff (fp, offset, dir, mode) _IO_FILE *fp; @@ -202,7 +280,10 @@ _IO_wstr_seekoff (fp, offset, dir, mode) default: /* case _IO_seek_set: */ break; } - if (offset < 0 || (_IO_ssize_t) offset > cur_size) + if (offset < 0) + return EOF; + if ((_IO_ssize_t) offset > cur_size + && enlarge_userbuf (fp, offset, 1) != 0) return EOF; fp->_wide_data->_IO_read_ptr = (fp->_wide_data->_IO_read_base + offset); @@ -226,7 +307,10 @@ _IO_wstr_seekoff (fp, offset, dir, mode) default: /* case _IO_seek_set: */ break; } - if (offset < 0 || (_IO_ssize_t) offset > cur_size) + if (offset < 0) + return EOF; + if ((_IO_ssize_t) offset > cur_size + && enlarge_userbuf (fp, offset, 0) != 0) return EOF; fp->_wide_data->_IO_write_ptr = (fp->_wide_data->_IO_write_base + offset); -- cgit v1.1