diff options
| author | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2024-08-13 21:00:06 -0400 |
|---|---|---|
| committer | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2024-08-15 13:55:07 -0400 |
| commit | cdf0f88f97b0aaceb894cc02b21159d148d7065c (patch) | |
| tree | ed6685cb305c34086c790abd40d3475a2a72e26d /libio | |
| parent | 3f7df7e757f4efec38e45d4068e5492efcac4856 (diff) | |
| download | glibc-cdf0f88f97b0aaceb894cc02b21159d148d7065c.tar.xz glibc-cdf0f88f97b0aaceb894cc02b21159d148d7065c.zip | |
ungetc: Fix uninitialized read when putting into unused streams [BZ #27821]
When ungetc is called on an unused stream, the backup buffer is
allocated without the main get area being present. This results in
every subsequent ungetc (as the stream remains in the backup area)
checking uninitialized memory in the backup buffer when trying to put a
character back into the stream.
Avoid comparing the input character with buffer contents when in backup
to avoid this uninitialized read. The uninitialized read is harmless in
this context since the location is promptly overwritten with the input
character, thus fulfilling ungetc functionality.
Also adjust wording in the manual to drop the paragraph that says glibc
cannot do multiple ungetc back to back since with this change, ungetc
can actually do this.
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Diffstat (limited to 'libio')
| -rw-r--r-- | libio/genops.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libio/genops.c b/libio/genops.c index 99f5e80f20..b012fa33d2 100644 --- a/libio/genops.c +++ b/libio/genops.c @@ -662,7 +662,7 @@ _IO_sputbackc (FILE *fp, int c) { int result; - if (fp->_IO_read_ptr > fp->_IO_read_base + if (fp->_IO_read_ptr > fp->_IO_read_base && !_IO_in_backup (fp) && (unsigned char)fp->_IO_read_ptr[-1] == (unsigned char)c) { fp->_IO_read_ptr--; |