This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH] Fix access beyond array after write error in file I/O
- From: Andreas Schwab <schwab at suse dot de>
- To: libc-alpha at sourceware dot org
- Date: Thu, 18 Apr 2013 15:19:59 +0200
- Subject: [PATCH] Fix access beyond array after write error in file I/O
>From <https://bugzilla.novell.com/show_bug.cgi?id=813306>.
fileops.c:new_do_write is supposed to return 0 on error.
Andreas.
* libio/fileops.c (new_do_write): Return zero if there was a write
error.
(_IO_new_file_xsputn): Return EOF if nothing was written.
---
libio/fileops.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/libio/fileops.c b/libio/fileops.c
index 61b61b3..44db7ff 100644
--- a/libio/fileops.c
+++ b/libio/fileops.c
@@ -511,7 +511,7 @@ new_do_write (fp, data, to_do)
const char *data;
_IO_size_t to_do;
{
- _IO_size_t count;
+ _IO_ssize_t count;
if (fp->_flags & _IO_IS_APPENDING)
/* On a system without a proper O_APPEND implementation,
you would need to sys_seek(0, SEEK_END) here, but is
@@ -528,6 +528,8 @@ new_do_write (fp, data, to_do)
fp->_offset = new_pos;
}
count = _IO_SYSWRITE (fp, data, to_do);
+ if (count < 0)
+ return 0;
if (fp->_cur_column && count)
fp->_cur_column = _IO_adjust_column (fp->_cur_column - 1, data, count) + 1;
_IO_setg (fp, fp->_IO_buf_base, fp->_IO_buf_base, fp->_IO_buf_base);
@@ -1338,7 +1340,8 @@ _IO_new_file_xsputn (f, data, n)
count = new_do_write (f, s, do_write);
to_do -= count;
if (count < do_write)
- return n - to_do;
+ /* If nothing has been written return an error. */
+ return to_do == n ? EOF : n - to_do;
}
/* Now write out the remainder. Normally, this will fit in the
--
1.8.2.1
--
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."