diff options
| author | Rich Felker <dalias@aerifal.cx> | 2023-03-20 18:48:20 -0400 |
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2023-03-21 09:10:11 -0400 |
| commit | 0440ed69eac766c712e974358c3e09d63e330f40 (patch) | |
| tree | 89c12b1b0467a4e4ec6b7520c94b646eb837adf7 /src/stdio | |
| parent | d055e6a45a17673b8dd3ec16e786bb2fe1700dd5 (diff) | |
| download | musl-0440ed69eac766c712e974358c3e09d63e330f40.tar.gz | |
fix wide printf continuation after output or encoding errors
this fixes a broader bug for which a special case was reported by
Bruno Haible, in the form of %n getting processed (and reporting the
number of wide characters which would have been written, but weren't)
after an encoding error (EILSEQ). in addition to the %n case, some but
not all of the format specifiers continued to attempt output after an
error. in particular, %c, %lc, and %s all used fputwc directly without
any check for error status.
as long as the error condition was permanent rather than transient,
these write attempts had no visible side effects, but in theory it
could be visible, for example with EAGAIN/EWOULDBLOCK or ENOSPC, if
the condition precluding output came to an end. this could produce
output with missing non-final data, rather than just truncated output,
albeit with the function still returning -1 as expected to report an
error.
to fix this, a check is added to stop processing of any new directive
(including %n) if the stream is already in error state, and direct use
of fputwc is replaced with calls to the out() helper function, which
checks for error status.
note that fprintf is also used directly without checking error status,
but due to how commit d42269d7c85308abdbf8cee38b1a1097249eb38b
previously attempted to solve the issue of output after error, the
call to fprintf does not attempt to write anything when the
wide-oriented stream is already in error state. this is non-obvious,
and is quite a hack, so it should be changed, but I've left it alone
for now to make the bug fix commit itself as non-invasive as possible.
Diffstat (limited to 'src/stdio')
| -rw-r--r-- | src/stdio/vfwprintf.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/stdio/vfwprintf.c b/src/stdio/vfwprintf.c index e69a2d5e..119fdffc 100644 --- a/src/stdio/vfwprintf.c +++ b/src/stdio/vfwprintf.c @@ -242,6 +242,10 @@ static int wprintf_core(FILE *f, const wchar_t *fmt, va_list *ap, union arg *nl_ } if (!f) continue; + + /* Do not process any new directives once in error state. */ + if (ferror(f)) return -1; + t = s[-1]; if (ps && (t&15)==3) t&=~32; @@ -261,7 +265,7 @@ static int wprintf_core(FILE *f, const wchar_t *fmt, va_list *ap, union arg *nl_ case 'C': if (w<1) w=1; if (w>1 && !(fl&LEFT_ADJ)) fprintf(f, "%*s", w-1, ""); - fputwc(t=='C' ? arg.i : btowc(arg.i), f); + out(f, &(wchar_t){t=='C' ? arg.i : btowc(arg.i)}, 1); if (w>1 && (fl&LEFT_ADJ)) fprintf(f, "%*s", w-1, ""); l = w; continue; @@ -291,7 +295,7 @@ static int wprintf_core(FILE *f, const wchar_t *fmt, va_list *ap, union arg *nl_ while (l--) { i=mbtowc(&wc, bs, MB_LEN_MAX); bs+=i; - fputwc(wc, f); + out(f, &wc, 1); } if ((fl&LEFT_ADJ)) fprintf(f, "%*s", w-p, ""); l=w; |