加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
libio-Check-remaining-buffer-size-in-_IO_wdo_write-b.patch 1.78 KB
一键复制 编辑 原始数据 按行查看 历史
From cfe121910013a46e2477562282c56ae8062089aa Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Tue, 2 Jan 2024 14:36:17 +0100
Subject: [PATCH 9/9] libio: Check remaining buffer size in _IO_wdo_write (bug
31183)
The multibyte character needs to fit into the remaining buffer space,
not the already-written buffer space. Without the fix, we were never
moving the write pointer from the start of the buffer, always using
the single-character fallback buffer.
Fixes commit 04b76b5aa8b2d1d19066e42dd1 ("Don't error out writing
a multibyte character to an unbuffered stream (bug 17522)").
(cherry picked from commit ecc7c3deb9f347649c2078fcc0f94d4cedf92d60)
---
NEWS | 1 +
libio/wfileops.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/NEWS b/NEWS
index 905230b838..6768c2da6f 100644
--- a/NEWS
+++ b/NEWS
@@ -43,6 +43,7 @@ The following bugs are resolved with this release:
-D_FILE_OFFSET_BITS=64
[30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527)
[30843] potential use-after-free in getcanonname (CVE-2023-4806)
+ [31183] Wide stream buffer size reduced MB_LEN_MAX bytes after bug 17522 fix
[31184] FAIL: elf/tst-tlsgap
[31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
diff --git a/libio/wfileops.c b/libio/wfileops.c
index f16f6db1c3..9ab8f2e7f3 100644
--- a/libio/wfileops.c
+++ b/libio/wfileops.c
@@ -55,7 +55,7 @@ _IO_wdo_write (FILE *fp, const wchar_t *data, size_t to_do)
char mb_buf[MB_LEN_MAX];
char *write_base, *write_ptr, *buf_end;
- if (fp->_IO_write_ptr - fp->_IO_write_base < sizeof (mb_buf))
+ if (fp->_IO_buf_end - fp->_IO_write_ptr < sizeof (mb_buf))
{
/* Make sure we have room for at least one multibyte
character. */
--
2.33.0
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化