From patchwork Mon Aug 10 05:00:51 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Pluzhnikov X-Patchwork-Id: 505513 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 805641401AF for ; Mon, 10 Aug 2015 15:03:51 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.b=boGhkPie; dkim-atps=neutral DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; q=dns; s=default; b=NsS+Ql1 rzs5jD3hN5D2e8zQY9qLuYvYliJ8BMvpEYowDckWNFakfIZId1jDWVHkYV/sMczw n9o3dS8WUyVGCCThHQUlxVvLXpMWxvSp7OeY66PVmmcbiqkPg6M012Kr7vk7U5FU kYBzmHYDFDigdXEb6d9QJh+OoeuTs7NtJsAg= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; s=default; bh=trUCHq9PPJc4/ ylQ0APtItc6Uo4=; b=boGhkPielCwrFbpqzER9zRxCef95G7tJSgLYv2VOKpUuX 51TKGsM99XIcI90VvodyQqiQ+KMzZ6J633TBuGr+nI23S7n1OXiJF96TjEF7uF5v MdLkWZItGd+PvMRyWjcOQbDwJ0w0HjAIyoH7dkjh9HrEd+zWFTFSq6xZ5STp6g= Received: (qmail 55273 invoked by alias); 10 Aug 2015 05:02:43 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 54246 invoked by uid 89); 10 Aug 2015 05:01:24 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.3 required=5.0 tests=AWL, BAYES_00, FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RP_MATCHES_RCVD, SPF_PASS autolearn=ham version=3.3.2 X-HELO: mail-vk0-f42.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:content-type; bh=Dd1dkGqC5AIXUXafE3Yfbre31Cm5+JrCVOq9S6pXFGk=; b=eWRrZVreU8XPMVtQU8DM+SrgCx4mXcZB0emrMMn63ma6XxDeLCaatFQtaxt6+zO54J LNTRe7nx+wBA70tJygJSX7WIEWmJEmWCTABuGOBlFvth0jzc8zpU52ai4iubEkSFilkS Z6ZzSPHDjlRi6kD5k3MDe8UCoFvNfZ5b1IOR66yrhlcnwt7559nwN9DAWx5RQJUzf0IA hn6APyhaOvMLy3KfRDQhsBaANpjiV1vtjK9xM+tuCPZ5uiJsdG/uKuVdj8O9ogXM/bTD LF/FhdVR+wYgZVYUbN2GIACIoObUZ6qBn7YX8Ztvj5nUkMA6jgCOGilzj5zPyMwtU/4U 6syA== X-Gm-Message-State: ALoCoQkC+8sDjsAZov9UQUB0YplSigcPebnvveadSx3DVLWTd9YZRDMxFS0qoae5x6eSho3/GCRC X-Received: by 10.52.227.99 with SMTP id rz3mr21936829vdc.47.1439182880987; Sun, 09 Aug 2015 22:01:20 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <20150810041505.GH23550@vapier> References: <20150810023644.GD23550@vapier> <20150810041505.GH23550@vapier> From: Paul Pluzhnikov Date: Sun, 9 Aug 2015 22:00:51 -0700 Message-ID: Subject: Re: Fix BZ #18757 (fmemopen doesn't fail with invalid modes) To: Paul Pluzhnikov , GLIBC Devel , Paul Pluzhnikov On Sun, Aug 9, 2015 at 9:15 PM, Mike Frysinger wrote: > i think you also need to free c->buffer when c->mybuffer is true Right. 2015-08-09 Paul Pluzhnikov [BZ #18757] * libio/fmemopen.c (__fmemopen): Set EINVAL and don't leak memory. * libio/oldfmemopen.c (__old_fmemopen): Likewise. * libio/test-fmemopen.c (do_bz18757): New test. diff --git a/libio/fmemopen.c b/libio/fmemopen.c index 3ab3e8d..ad64f04 100644 --- a/libio/fmemopen.c +++ b/libio/fmemopen.c @@ -149,6 +149,7 @@ __fmemopen (void *buf, size_t len, const char *mode) { cookie_io_functions_t iof; fmemopen_cookie_t *c; + FILE *ret; c = (fmemopen_cookie_t *) calloc (sizeof (fmemopen_cookie_t), 1); if (c == NULL) @@ -209,7 +210,20 @@ __fmemopen (void *buf, size_t len, const char *mode) iof.seek = fmemopen_seek; iof.close = fmemopen_close; - return _IO_fopencookie (c, mode, iof); + ret = _IO_fopencookie (c, mode, iof); + + if (__glibc_unlikely (ret == NULL)) + { + /* BZ #18757 -- set EINVAL. */ + __set_errno (EINVAL); + + if (c->mybuffer) + free (c->buffer); + + free (c); + } + + return ret; } libc_hidden_def (__fmemopen) versioned_symbol (libc, __fmemopen, fmemopen, GLIBC_2_22); diff --git a/libio/oldfmemopen.c b/libio/oldfmemopen.c index 8e35672..1b331a5 100644 --- a/libio/oldfmemopen.c +++ b/libio/oldfmemopen.c @@ -204,6 +204,7 @@ __old_fmemopen (void *buf, size_t len, const char *mode) { cookie_io_functions_t iof; fmemopen_cookie_t *c; + FILE *ret; if (__glibc_unlikely (len == 0)) { @@ -259,7 +260,19 @@ __old_fmemopen (void *buf, size_t len, const char *mode) iof.seek = fmemopen_seek; iof.close = fmemopen_close; - return _IO_fopencookie (c, mode, iof); + ret = _IO_fopencookie (c, mode, iof); + if (__glibc_unlikely (ret == NULL)) + { + /* BZ 18757 -- set EINVAL. */ + __set_errno (EINVAL); + + if (c->mybuffer) + free (c->buffer); + + free (c); + } + + return ret; } compat_symbol (libc, __old_fmemopen, fmemopen, GLIBC_2_2); #endif diff --git a/libio/test-fmemopen.c b/libio/test-fmemopen.c index 63ca89f..4d15b36 100644 --- a/libio/test-fmemopen.c +++ b/libio/test-fmemopen.c @@ -24,6 +24,28 @@ static char buffer[] = "foobar"; #include static int +do_bz18757 (void) +{ + char c = 0; + FILE *stream; + + errno = 0; + stream = fmemopen (&c, 1, "?"); + if (stream == NULL) + { + if (errno == EINVAL) + return 0; + + printf ("FAIL: errno = %i, but wanted EINVAL (%i)\n", errno, EINVAL); + return 1; + } + + printf ("FAIL: stream = %p, but wanted NULL\n", stream); + fclose (stream); + return 2; +} + +static int do_test (void) { int ch; @@ -44,7 +66,7 @@ do_test (void) fclose (stream); - return ret; + return ret + do_bz18757 (); } #define TEST_FUNCTION do_test ()