-2004-11-17 Alfred M. Szmidt <ams@gnu.org>
+2004-11-18 Ulrich Drepper <drepper@redhat.com>
- * sysdeps/posix/libc_fatal.c: Include <sys/uio.h>.
+ * libio/libio.h (_IO_FLAGS2_FORTIFY): Renamed from
+ _IO_FLAGS2_CHECK_PERCENT_N.
+ * debug/fprintff_chk.c: Adjust all users.
+ * debug/printf_chk.c: Likewise.
+ * debug/vfprintf_chk.c: Likewise.
+ * debug/vprintf_chk.c: Likewise.
+ * debug/vsnprintf_chk.c: Likewise.
+ * debug/vsprintf_chk.c: Likewise.
+ * stdio-common/vfprintf.c: Likewise. Detect missing %N$ formats.
+ * debug/tst-chk1.c: Test detection of missing %N$ formats.
2004-11-15 Jakub Jelinek <jakub@redhat.com>
_IO_acquire_lock (fp);
if (flag > 0)
- fp->_flags2 |= _IO_FLAGS2_CHECK_PERCENT_N;
+ fp->_flags2 |= _IO_FLAGS2_FORTIFY;
va_start (ap, format);
done = vfprintf (fp, format, ap);
va_end (ap);
if (flag > 0)
- fp->_flags2 &= ~_IO_FLAGS2_CHECK_PERCENT_N;
+ fp->_flags2 &= ~_IO_FLAGS2_FORTIFY;
_IO_release_lock (fp);
return done;
_IO_acquire_lock (stdout);
if (flag > 0)
- stdout->_flags2 |= _IO_FLAGS2_CHECK_PERCENT_N;
+ stdout->_flags2 |= _IO_FLAGS2_FORTIFY;
va_start (ap, format);
done = vfprintf (stdout, format, ap);
va_end (ap);
if (flag > 0)
- stdout->_flags2 &= ~_IO_FLAGS2_CHECK_PERCENT_N;
+ stdout->_flags2 &= ~_IO_FLAGS2_FORTIFY;
_IO_release_lock (stdout);
return done;
CHK_FAIL_END
#endif
+ /* Check whether missing N$ formats are detected. */
+ CHK_FAIL2_START
+ printf ("%3$d\n", 1, 2, 3, 4);
+ CHK_FAIL2_END
+
+ CHK_FAIL2_START
+ fprintf (stdout, "%3$d\n", 1, 2, 3, 4);
+ CHK_FAIL2_END
+
+ CHK_FAIL2_START
+ sprintf (buf, "%3$d\n", 1, 2, 3, 4);
+ CHK_FAIL2_END
+
+ CHK_FAIL2_START
+ snprintf (buf, sizeof (buf), "%3$d\n", 1, 2, 3, 4);
+ CHK_FAIL2_END
+
return ret;
}
_IO_acquire_lock (fp);
if (flag > 0)
- fp->_flags2 |= _IO_FLAGS2_CHECK_PERCENT_N;
+ fp->_flags2 |= _IO_FLAGS2_FORTIFY;
done = vfprintf (fp, format, ap);
if (flag > 0)
- fp->_flags2 &= ~_IO_FLAGS2_CHECK_PERCENT_N;
+ fp->_flags2 &= ~_IO_FLAGS2_FORTIFY;
_IO_release_lock (fp);
return done;
_IO_acquire_lock (stdout);
if (flag > 0)
- stdout->_flags2 |= _IO_FLAGS2_CHECK_PERCENT_N;
+ stdout->_flags2 |= _IO_FLAGS2_FORTIFY;
done = vfprintf (stdout, format, ap);
if (flag > 0)
- stdout->_flags2 &= ~_IO_FLAGS2_CHECK_PERCENT_N;
+ stdout->_flags2 &= ~_IO_FLAGS2_FORTIFY;
_IO_release_lock (stdout);
return done;
/* For flags > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
can only come from read-only format strings. */
if (flags > 0)
- sf.f._sbf._f._flags2 |= _IO_FLAGS2_CHECK_PERCENT_N;
+ sf.f._sbf._f._flags2 |= _IO_FLAGS2_FORTIFY;
_IO_str_init_static_internal (&sf.f, s, maxlen - 1, s);
ret = INTUSE(_IO_vfprintf) ((_IO_FILE *) &sf.f._sbf, format, args);
/* For flags > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
can only come from read-only format strings. */
if (flags > 0)
- f._sbf._f._flags2 |= _IO_FLAGS2_CHECK_PERCENT_N;
+ f._sbf._f._flags2 |= _IO_FLAGS2_FORTIFY;
ret = INTUSE(_IO_vfprintf) ((_IO_FILE *) &f._sbf, format, args);
/* NOTREACHED */ \
\
LABEL (form_number): \
- if (s->_flags2 & _IO_FLAGS2_CHECK_PERCENT_N) \
+ if (s->_flags2 & _IO_FLAGS2_FORTIFY) \
{ \
if (! readonly_format) \
{ \
extern int __readonly_area (const void *, size_t) \
attribute_hidden; \
readonly_format \
- = __readonly_area (format, (STR_LEN (format) + 1) \
- * sizeof (CHAR_T)); \
+ = __readonly_area (format, ((STR_LEN (format) + 1) \
+ * sizeof (CHAR_T))); \
} \
if (readonly_format < 0) \
- __chk_fail (); \
+ __libc_fatal ("*** %n is writable segment detected ***\n"); \
} \
/* Answer the count of characters written. */ \
if (fspec == NULL) \
/* Allocate memory for the argument descriptions. */
args_type = alloca (nargs * sizeof (int));
- memset (args_type, 0, nargs * sizeof (int));
+ memset (args_type, s->_flags2 & _IO_FLAGS2_FORTIFY ? '\xff' : '\0',
+ nargs * sizeof (int));
args_value = alloca (nargs * sizeof (union printf_arg));
/* XXX Could do sanity check here: If any element in ARGS_TYPE is
else
args_value[cnt].pa_long_double = 0.0;
break;
+ case -1:
+ /* Error case. Not all parameters appear in N$ format
+ strings. We have no way to determine their type. */
+ assert (s->_flags2 & _IO_FLAGS2_FORTIFY);
+ __libc_fatal ("*** invalid %N$ use detected ***\n");
}
/* Now walk through all format specifiers and process them. */
projects / thirdparty / glibc.git / commitdiff
