From 3a051769c4a91c3a7d1f1310d888faa4abf363e7 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Mon, 20 Mar 2023 19:07:54 -0400 Subject: fix (normal, narrow) printf erroneously processing %n after output errors unlike with wide printf variants, encoding errors are not a vector by which this bug is reachable, and the out() helper function already ensured that no further output could be written after an output error, transient or otherwise. however, the %n specifier could still be processed after an error, yielding a side effect that wrongly implied output had succeeded. due to buffering effects, it's still possible for %n to show output as having "succeeded", but for it never to appear on the underlying file due to an error at flush time. this change, however, ensures that processing of %n does not conflict with any error which has already been seen. --- src/stdio/vfprintf.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/stdio/vfprintf.c b/src/stdio/vfprintf.c index 45557951..2dbdb5e2 100644 --- a/src/stdio/vfprintf.c +++ b/src/stdio/vfprintf.c @@ -530,6 +530,9 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg, if (!f) continue; + /* Do not process any new directives once in error state. */ + if (ferror(f)) return -1; + z = buf + sizeof(buf); prefix = "-+ 0X0x"; pl = 0; -- cgit v1.2.1