From 4e2f43f842ef5e253cc23383645adbaa03cedb86 Mon Sep 17 00:00:00 2001 From: Zack Weinberg Date: Wed, 7 Mar 2018 14:32:03 -0500 Subject: Use PRINTF_FORTIFY instead of _IO_FLAGS2_FORTIFY (bug 11319) The _chk variants of all of the printf functions become much simpler. This is the last thing that we needed _IO_acquire_lock_clear_flags2 for, so it can go as well. I took the opportunity to make the headers included and the names of all local variables consistent across all the affected files. Since we ultimately want to get rid of __no_long_double as well, it must be possible to get all of the nontrivial effects of the _chk functions by calling the _internal functions with appropriate flags. For most of the __(v)xprintf_chk functions, this is covered by PRINTF_FORTIFY plus some up-front argument checks that can be duplicated. However, __(v)sprintf_chk installs a custom jump table so that it can crash instead of overflowing the output buffer. This functionality is moved to __vsprintf_internal, which now has a 'maxlen' argument like __vsnprintf_internal; to get the unsafe behavior of ordinary (v)sprintf, pass -1 for that argument. obstack_printf_chk and obstack_vprintf_chk are no longer in the same file. As a side-effect of the unification of both fortified and non-fortified vdprintf initialization, this patch fixes bug 11319 for __dprintf_chk and __vdprintf_chk, which was previously fixed only for dprintf and vdprintf by the commit commit 7ca890b88e6ab7624afb1742a9fffb37ad5b3fc3 Author: Ulrich Drepper Date: Wed Feb 24 16:07:57 2010 -0800 Fix reporting of I/O errors in *dprintf functions. This patch adds a test case to avoid regressions. Tested for powerpc and powerpc64le. --- ChangeLog | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index e3bba2ab5a..f73817b12b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,92 @@ +2018-12-05 Zack Weinberg + Gabriel F. T. Gomes + + [BZ #11319] + * libio/iovsprintf.c (_IO_str_chk_overflow, libio_vtable): + Moved here from debug/vsprintf_chk.c. + (__vsprintf_internal): Add 'maxlen' argument. Change the setup + and completion logic for the strfile to match exactly what + __vsprintf_chk used to do, except, when maxlen is -1, pass -1 to + _IO_str_init_static_internal instead of maxlen-1. + (__vsprintf): Pass -1 as maxlen to __vsprintf_internal. + * stdio-common/sprintf.c (__sprintf): Pass -1 as maxlen to + __vsprintf_internal. + + * debug/vsprintf_chk.c (__vsprintf_chk) + * debug/sprintf_chk.c (__sprintf_chk): + Directly call __vsprintf_internal, passing PRINTF_FORTIFY if + 'flags' argument is positive, and slen as maxlen. No need to lock + the FILE and/or construct a temporary FILE. Minimize and normalize + header inclusions and variable names. Do not libc_hidden_def anything. + + * debug/asprintf_chk.c (__asprintf_chk) + * debug/dprintf_chk.c (__dprintf_chk) + * debug/fprintf_chk.c (__fprintf_chk) + * debug/fwprintf_chk.c (__fwprintf_chk) + * debug/printf_chk.c (__printf_chk) + * debug/snprintf_chk.c (__snprintf_chk) + * debug/swprintf_chk.c (__swprintf_chk) + * debug/vasprintf_chk.c (__vasprintf_chk) + * debug/vdprintf_chk.c (__vdprintf_chk) + * debug/vfprintf_chk.c (__vfprintf_chk) + * debug/vfwprintf_chk.c (__vfwprintf_chk) + * debug/vprintf_chk.c (__vprintf_chk) + * debug/vsnprintf_chk.c (__vsnprintf_chk) + * debug/vswprintf_chk.c (__vswprintf_chk) + * debug/vwprintf_chk.c (__vwprintf_chk) + * debug/wprintf_chk.c (__wprintf_chk): + Directly call the corresponding vxxprintf_internal function, passing + PRINTF_FORTIFY if 'flag' argument is positive. No need to lock + the FILE and/or construct a temporary FILE. Minimize and normalize + header inclusions and variable names. Do not libc_hidden_def anything. + + * debug/obprintf_chk.c (__obstack_printf_chk): Directly call + __obstack_vprintf_internal. + (__obstack_vprintf_chk): Convert into a wrapper that calls + __obstack_vprintf_internal (these two functions already had the + same code) and move to new file... + * debug/vobprintf_chk.c (__obstack_vprintf_chk): ... here. New + file. + * debug/obprintf.c (__obstack_vprintf_internal): Remove the checking of + the flags argument and the setting of _IO_FLAGS2_FORTIFY. + * debug/Makefile (routines): Add vobprintf_chk. + + * sysdeps/ieee754/ldbl-opt/nldbl-compat.c + (__nldbl___vsprintf): Pass -1 as maxlen to __vsprintf_internal. + (__nldbl___vfprintf_chk, __nldbl___vsnprintf_chk) + (__nldbl___vsprintf_chk, __nldbl___vswprintf_chk) + (__nldbl___vasprintf_chk, __nldbl___vdprintf_chk) + (__nldbl___obstack_vfprintf_chk): + Directly call the corresponding vxxprintf_internal function, + passing PRINTF_FORTIFY if 'flag' argument is positive. If necessary, + duplicate comparison of slen with 0 or maxlen from the corresponding + non-__nldbl function. + + * include/stdio.h (__vsnprintf_chk, __vfprintf_chk, __vasprintf_chk) + (__vdprintf_chk, __obstack_vfprintf_chk): Remove libc_hidden_proto. + * include/wchar.h (__vfwprintf_chk, __vswprintf_chk): + Remove libc_hidden_proto. + + * stdio-common/vfprintf-internal.c + (__vfprintf_internal, __vfwprintf_internal): + Do not check _IO_FLAGS2_FORTIFY. + * libio/libio.h (_IO_FLAGS2_FORTIFY): Remove. + * libio/libioP.h: Update prototype of __vsprintf_internal and add + a comment explaining why it has the maxlen argument. + (_IO_acquire_lock_clear_flags2_fct): Remove. + (_IO_acquire_lock_clear_flags2): Remove. + (_IO_release_lock): Remove conditional statement which will + now never execute. + (_IO_acquire_lock): Remove variable which is now unused. + * sysdeps/generic/stdio-lock.h (_IO_acquire_lock_clear_flags2): Remove. + * sysdeps/nptl/stdio-lock.h (_IO_acquire_lock_clear_flags2): Remove. + + * stdio-common/Makefile (tests): Add tst-bz11319 and + tst-bz11319-fortify2. + (CFLAGS-tst-bz11319-fortify2.c): New macro. + * stdio-common/tst-bz11319-fortify2.c: New file. + * stdio-common/tst-bz11319.c: Likewise. + 2018-12-05 Zack Weinberg Gabriel F. T. Gomes -- cgit v1.2.3