Re: Issue with unget_wch_sp and -D_FORTIFY

bug-ncurses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issue with unget_wch_sp and -D_FORTIFY_SOURCE

From:	Siddhesh Poyarekar
Subject:	Re: Issue with unget_wch_sp and -D_FORTIFY_SOURCE
Date:	Thu, 7 Apr 2022 07:22:43 +0530
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0

On 07/04/2022 06:23, Thomas Dickey wrote:

not quite:

        the wcrtomb() function shall determine the number of bytes needed to
        represent the character that corresponds to the wide character given by
        wc (including any shift sequences), and store the resulting bytes in
        the array whose first element is pointed to by s.  At most {MB_CUR_MAX}
        bytes are stored.

That last part is a guarantee that the representation won't be longer

than a given limit.  But writing zeroes out violates the first statement,
if those bytes are not _needed_.

Does it though? The first statement only says that those bytes arewritten out, not that _only_ those bytes (or needed bytes) are stored;the comment about the amoung of storage is only made in the secondstatement.

I'll admit however (in addition to the fact that I was the one who madethat statement to Martin) that it's likely not the intended reading,which is why I qualified it with "defensive". It's probably anunnecessary distraction since the stricter fortification decision inglibc is not based on that reading.

However, the call that you're reporting on is a different problem than that.

Offhand reading the code, it looks as if I didn't add 1 for the terminating
null (in the call to malloc) which is documented here:

        The wcsrtombs() function returns the number of bytes that make  up  the
        converted  part  of  multibyte  sequence, not including the terminating
        null byte.  If a wide character was encountered which could not be con‐
        verted, (size_t) -1 is returned, and errno set to EILSEQ.

The glibc fortification (enabled by _FORTIFY_SOURCE) strictly requiresthe buffer to be MB_CUR_MAX long so despite fixing that bug (I trustyour assertion on its existence) if the destination size is less thanMB_CUR_MAX, the function will still crash. Folks from the glibccommunity discussed this here[1] in the context of snprintf and comment1 in particular applies here; fortification checks may be stricter thanwhat the standard requires.


Siddhesh

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=28989

[Prev in Thread]

Current Thread

[Next in Thread]

Issue with unget_wch_sp and -D_FORTIFY_SOURCE, Martin Liška, 2022/04/06
- Re: Issue with unget_wch_sp and -D_FORTIFY_SOURCE, Thomas Dickey, 2022/04/06
  - Re: Issue with unget_wch_sp and -D_FORTIFY_SOURCE, Siddhesh Poyarekar <=
    - Re: Issue with unget_wch_sp and -D_FORTIFY_SOURCE, Siddhesh Poyarekar, 2022/04/07
    - Re: Issue with unget_wch_sp and -D_FORTIFY_SOURCE, Thomas Dickey, 2022/04/09
    - Re: Issue with unget_wch_sp and -D_FORTIFY_SOURCE, Thomas Dickey, 2022/04/09
    - Re: Issue with unget_wch_sp and -D_FORTIFY_SOURCE, Thomas Dickey, 2022/04/09
    - Re: Issue with unget_wch_sp and -D_FORTIFY_SOURCE, Siddhesh Poyarekar, 2022/04/11
    - Re: Issue with unget_wch_sp and -D_FORTIFY_SOURCE, Thomas Dickey, 2022/04/11
    - Re: Issue with unget_wch_sp and -D_FORTIFY_SOURCE, Siddhesh Poyarekar, 2022/04/12
    - Re: Issue with unget_wch_sp and -D_FORTIFY_SOURCE, Thomas Dickey, 2022/04/12

Prev by Date: Re: Issue with unget_wch_sp and -D_FORTIFY_SOURCE
Next by Date: Re: Issue with unget_wch_sp and -D_FORTIFY_SOURCE
Previous by thread: Re: Issue with unget_wch_sp and -D_FORTIFY_SOURCE
Next by thread: Re: Issue with unget_wch_sp and -D_FORTIFY_SOURCE
Index(es):
- Date
- Thread