This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/2074] New: _IO_new_file_xsputn() in fileops.c not checking for EOF
- From: "jfardo at laurelnetworks dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 20 Dec 2005 20:28:21 -0000
- Subject: [Bug libc/2074] New: _IO_new_file_xsputn() in fileops.c not checking for EOF
- Reply-to: sourceware-bugzilla at sourceware dot org
In glibc 2.3.4, the function new_do_write() in libio/fileops.c returns an
unsigned
value (an _IO_size_t). If the underlying write system call in new_do_write()
returns EOF (-1), new_do_write() will return 0xffffffff rather than -1.
The function IO_new_file_xsputn() in libio/fileops.c appears to have
2 problems if the call to new_do_write() returns 0xffffffff. Here's
the specific snippet of code from IO_new_file_xsputn():
if (do_write)
{
count = new_do_write (f, s, do_write);
to_do -= count;
if (count < do_write)
return n - to_do;
}
/* Now write out the remainder. Normally, this will fit in the
buffer, but it's somewhat messier for line-buffered files,
so we let _IO_default_xsputn handle the general case. */
if (to_do)
to_do -= INTUSE(_IO_default_xsputn) (f, s+do_write, to_do);
}
return n - to_do;
If new_do_write() returns 0xffffffff, 'to_do' will actually
be incremented by 1. Also, since 'count' is an unsigned quantity,
the if statement 'if (count < do_write)' will evaluate to false,
and the code will incorrectly fall through to the call to
IO_default_xsputn().
--
Summary: _IO_new_file_xsputn() in fileops.c not checking for EOF
Product: glibc
Version: 2.3.4
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper at redhat dot com
ReportedBy: jfardo at laurelnetworks dot com
CC: glibc-bugs at sources dot redhat dot com
GCC build triplet: i686-pc-linux-gnu
GCC host triplet: i686-pc-linux-gnu
GCC target triplet: i686-pc-linux-gnu
http://sourceware.org/bugzilla/show_bug.cgi?id=2074
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.