From 0440ed69eac766c712e974358c3e09d63e330f40 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Mon, 20 Mar 2023 18:48:20 -0400 Subject: [PATCH] fix wide printf continuation after output or encoding errors this fixes a broader bug for which a special case was reported by Bruno Haible, in the form of %n getting processed (and reporting the number of wide characters which would have been written, but weren't) after an encoding error (EILSEQ). in addition to the %n case, some but not all of the format specifiers continued to attempt output after an error. in particular, %c, %lc, and %s all used fputwc directly without any check for error status. as long as the error condition was permanent rather than transient, these write attempts had no visible side effects, but in theory it could be visible, for example with EAGAIN/EWOULDBLOCK or ENOSPC, if the condition precluding output came to an end. this could produce output with missing non-final data, rather than just truncated output, albeit with the function still returning -1 as expected to report an error. to fix this, a check is added to stop processing of any new directive (including %n) if the stream is already in error state, and direct use of fputwc is replaced with calls to the out() helper function, which checks for error status. note that fprintf is also used directly without checking error status, but due to how commit d42269d7c85308abdbf8cee38b1a1097249eb38b previously attempted to solve the issue of output after error, the call to fprintf does not attempt to write anything when the wide-oriented stream is already in error state. this is non-obvious, and is quite a hack, so it should be changed, but I've left it alone for now to make the bug fix commit itself as non-invasive as possible. --- src/stdio/vfwprintf.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/stdio/vfwprintf.c b/src/stdio/vfwprintf.c index e69a2d5e..119fdffc 100644 --- a/src/stdio/vfwprintf.c +++ b/src/stdio/vfwprintf.c @@ -242,6 +242,10 @@ static int wprintf_core(FILE *f, const wchar_t *fmt, va_list *ap, union arg *nl_ } if (!f) continue; + + /* Do not process any new directives once in error state. */ + if (ferror(f)) return -1; + t = s[-1]; if (ps && (t&15)==3) t&=~32; @@ -261,7 +265,7 @@ static int wprintf_core(FILE *f, const wchar_t *fmt, va_list *ap, union arg *nl_ case 'C': if (w<1) w=1; if (w>1 && !(fl&LEFT_ADJ)) fprintf(f, "%*s", w-1, ""); - fputwc(t=='C' ? arg.i : btowc(arg.i), f); + out(f, &(wchar_t){t=='C' ? arg.i : btowc(arg.i)}, 1); if (w>1 && (fl&LEFT_ADJ)) fprintf(f, "%*s", w-1, ""); l = w; continue; @@ -291,7 +295,7 @@ static int wprintf_core(FILE *f, const wchar_t *fmt, va_list *ap, union arg *nl_ while (l--) { i=mbtowc(&wc, bs, MB_LEN_MAX); bs+=i; - fputwc(wc, f); + out(f, &wc, 1); } if ((fl&LEFT_ADJ)) fprintf(f, "%*s", w-p, ""); l=w;