From patchwork Wed Aug 14 23:32:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siddhesh Poyarekar X-Patchwork-Id: 95885 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id E63483858404 for ; Wed, 14 Aug 2024 23:34:27 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E63483858404 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1723678467; bh=wNnSg2WhErcIbYptrMgpMjTRR2HBd/MF6YGL3oHEWaI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From; b=P/V36PPBLw/fz9wEaokyzov4quiHWlhfkZLT56tiNGjfTx8ElztdeplmGV+MDGSk8 C/tROp6h9YkqbxpF1OPC8OBMXwGoYGhYMEYDBRQnROzRns7RQm/f098YZNS7do9y1Y sh+F7NLPX4Cmcb1Nyn9cPl/shC0SWit7upsq1Zuk= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from toucan.tulip.relay.mailchannels.net (toucan.tulip.relay.mailchannels.net [23.83.218.254]) by sourceware.org (Postfix) with ESMTPS id 03FD23858D34 for ; Wed, 14 Aug 2024 23:32:39 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 03FD23858D34 Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=sourceware.org Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=sourceware.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 03FD23858D34 Authentication-Results: server2.sourceware.org; arc=pass smtp.remote-ip=23.83.218.254 ARC-Seal: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1723678362; cv=pass; b=kfcYBIpHKMSqRPgqtzstbXnDr2haGSDgtUT378swU8vMZjP+vStRFV5yqf/bgYeflLMs4WoLaN38SPfCV7cHNqdgRdluodnvAJW7s0UF0VkNS3edQI5Iv0yZLhPwXY2cS44mZB9PepeELaOUZpjoBDa27+85XTzynPZhrghRhqg= ARC-Message-Signature: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1723678362; c=relaxed/simple; bh=hE6Fub/GTVwxpPl+wyFbQ20VKALGqovCfYcDcvS55VU=; h=From:To:Subject:Date:Message-ID:MIME-Version; b=AnVzPzJ8VyfBde5Hx2on1lW3XEhGjLcNaY7p/OXS+s1owovO8tyB1ty1J3lgRBYoYdAxmaxeGQwbUp22VnxxFnVnwIlLzk1UcPBmriof8+mZrDELAmLPNWs2nX5vY2Ml6TAV+9N8PsWra81JpkYdRm4BdJqc6JqkW5cMsL2Tzy0= ARC-Authentication-Results: i=2; server2.sourceware.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 084603658E9; Wed, 14 Aug 2024 23:32:39 +0000 (UTC) Received: from pdx1-sub0-mail-a310.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 6A1BB365783; Wed, 14 Aug 2024 23:32:38 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1723678358; a=rsa-sha256; cv=none; b=iWH+WD3pdzbTBS8cJsOPwxNyhPGzH6XSThHNWEwUSLtsAXGQwUwUWRNMQ9c36whqFBXKJb brsgmA6j9Yi9sr7iEULwLbKVbvbGLYl18T1W3WEhEVtZdISLDUgqkOW0rNcNQkCTMX4wk/ D1b+WXM8rAwQb+dNS97PCLd12z8b4nsYt4LP5OV5oz774IsewBy6scqGUCPp4Orzg9rEs8 A09RzFHCwc6PfUfHHehq7ZIaRZeX8Z0ctYskUpUWOvus17NRaTLa1ZJt7TNnk5T4p6YRsy TMaO4zNRTK4CatEhZq54dD13hm0r1NSSrVXChRpNXZOVTUl3nQsO2XIOK9g4NQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1723678358; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wNnSg2WhErcIbYptrMgpMjTRR2HBd/MF6YGL3oHEWaI=; b=ZzJWKEuMvaa2PPt2zBQz6of+CyyeWOXNCT2/HVtjegMFFuYG8jijHJSq8Pjp4jQm2fayit cpll3URUjRjX+OkUp8LRk+ub0TJ39e6LvB2tkMowg1I0K1kPaWuibY8mO6fJ0F8CC0lf9d IcypOXQZ94OfPDTxHvri42jjVhxNdofJIxhnwv5u89mzIgqWQ2OYRggGfu2jkO4bfVWBKb gL0NX3F3YTvIKU5rxCtz347l2SA8LcVegcwkubDbhpSxzbUdPdVdGcmETT91X1LW0CsGqu RwycVdp0OcQyvpkl80cWwZcIpdSuT8WJkqK/83pQFuUz29TRZBUIlsCEVkjZtg== ARC-Authentication-Results: i=1; rspamd-587694846-t85ng; auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@sourceware.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Cure-Glossy: 465f08ca005cddda_1723678358652_844129962 X-MC-Loop-Signature: 1723678358652:1237675976 X-MC-Ingress-Time: 1723678358652 Received: from pdx1-sub0-mail-a310.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.114.99.137 (trex/7.0.2); Wed, 14 Aug 2024 23:32:38 +0000 Received: from fedora.redhat.com (bras-base-toroon4859w-grc-84-184-146-171-51.dsl.bell.ca [184.146.171.51]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a310.dreamhost.com (Postfix) with ESMTPSA id 4Wkl0k0S8Jz9p; Wed, 14 Aug 2024 16:32:38 -0700 (PDT) From: Siddhesh Poyarekar To: libc-alpha@sourceware.org Cc: fweimer@redhat.com Subject: [PATCH 1/2] ungetc: Fix uninitialized read when putting into unused streams [BZ #27821] Date: Wed, 14 Aug 2024 19:32:31 -0400 Message-ID: <20240814233232.1468890-2-siddhesh@sourceware.org> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240814233232.1468890-1-siddhesh@sourceware.org> References: <20240814233232.1468890-1-siddhesh@sourceware.org> MIME-Version: 1.0 X-Spam-Status: No, score=-1170.4 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_SOFTFAIL, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org When ungetc is called on an unused stream, the backup buffer is allocated without the main get area being present. This results in two every subsequent ungetc (as the stream remains in the backup area) checking uninitialized memory in the backup buffer when trying to put a character back into the stream. Avoid comparing the input character with buffer contents when in backup to avoid this uninitialized read. The uninitialized read is harmless in this context since the location is promptly overwritten with the input character, thus fulfilling ungetc functionality. Also adjust wording in the manual to drop the paragraph that says glibc cannot do multiple ungetc back to back since with this change, ungetc can actually do this. Signed-off-by: Siddhesh Poyarekar --- libio/genops.c | 2 +- manual/stdio.texi | 8 +++----- stdio-common/tst-ungetc.c | 2 ++ 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/libio/genops.c b/libio/genops.c index 99f5e80f20..b012fa33d2 100644 --- a/libio/genops.c +++ b/libio/genops.c @@ -662,7 +662,7 @@ _IO_sputbackc (FILE *fp, int c) { int result; - if (fp->_IO_read_ptr > fp->_IO_read_base + if (fp->_IO_read_ptr > fp->_IO_read_base && !_IO_in_backup (fp) && (unsigned char)fp->_IO_read_ptr[-1] == (unsigned char)c) { fp->_IO_read_ptr--; diff --git a/manual/stdio.texi b/manual/stdio.texi index 8517653507..92614775fa 100644 --- a/manual/stdio.texi +++ b/manual/stdio.texi @@ -1467,11 +1467,9 @@ program; usually @code{ungetc} is used only to unread a character that was just read from the same stream. @Theglibc{} supports this even on files opened in binary mode, but other systems might not. -@Theglibc{} only supports one character of pushback---in other -words, it does not work to call @code{ungetc} twice without doing input -in between. Other systems might let you push back multiple characters; -then reading from the stream retrieves the characters in the reverse -order that they were pushed. +@Theglibc{} supports pushing back multiple characters; subsequently +reading from the stream retrieves the characters in the reverse order +that they were pushed. Pushing back characters doesn't alter the file; only the internal buffering for the stream is affected. If a file positioning function diff --git a/stdio-common/tst-ungetc.c b/stdio-common/tst-ungetc.c index 5c808f0734..388b202493 100644 --- a/stdio-common/tst-ungetc.c +++ b/stdio-common/tst-ungetc.c @@ -48,6 +48,8 @@ do_test (void) TEST_VERIFY_EXIT (getc (fp) == 'b'); TEST_VERIFY_EXIT (getc (fp) == 'l'); TEST_VERIFY_EXIT (ungetc ('m', fp) == 'm'); + TEST_VERIFY_EXIT (ungetc ('n', fp) == 'n'); + TEST_VERIFY_EXIT (getc (fp) == 'n'); TEST_VERIFY_EXIT (getc (fp) == 'm'); TEST_VERIFY_EXIT ((c = getc (fp)) == 'a'); TEST_VERIFY_EXIT (getc (fp) == EOF);