This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/2337] libio in wide mode deallocates user supplied buffer

From: "rsa at us dot ibm dot com" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sources dot redhat dot com
Date: 4 Oct 2006 16:46:08 -0000
Subject: [Bug libc/2337] libio in wide mode deallocates user supplied buffer
References: <20060214170527.2337.Petr.Salinger@seznam.cz>
Reply-to: sourceware-bugzilla at sourceware dot org

------- Additional Comments From rsa at us dot ibm dot com  2006-10-04 16:46 -------
I've identified two problems with the glibc src code:

1.) The first fwprintf() invocation automatically reorients the FILE stream as
'wide' using _IO_fwide().  The user provided buffer (_IO_FILE->_IO_buf_base) is
NOT USED as the wide character buffer(_IO_FILE->_wide_data->_IO_buf_base).  This
causes vfprintf to detect an empty buffer and __woverflow allocates an internal
wide character buffer the size of the file system blk_size (i.e. 1024) to use
for wide character vfprintf.  This is not directly related to the spurious
deallocation of the user supplied buffer.

2.) When fclose is called _IO_new_fclose() invokes INT_USE(_IO_file_close_it())
which zeros the _IO_FILE struct _flags field:

fp->_flags = _IO_MAGIC|CLOSED_FILEBUF_FLAGS;

following which _IO_new_fclose() invokes _IO_FINISH(fp) which calls
_IO_new_file_finish() (the _IO_wfile_jumps entry for __finish) which detects an
unset _IO_USER_BUF and free's the buffer spuriously.

Possible solutions:
1.) When the stream is reoriented set _IO_FILE->_wide_data->_IO_buf_base =
_IO_FILE->_IO_buf_base; _IO_FILE->_IO_buf_base = NULL;  This will cause wide
character printf to use the user supplied buffer.
 
2a.) Reset the _IO_USER_BUF bit flag to '1' after clearing _IO_FILE->_flags if
it was set before the clearing the _flags in _IO_file_close_it().

2b.) Provide a wide character centric 'finish' function and adjust the
_IO_wfile_jumps jump table entry to use the new function rather than reusing the
non-wide character centric version, i.e.:

JUMP_INIT(finish, _IO_wfile_finish),

instead of what currently exists:

JUMP_INIT(finish, _IO_new_file_finish),

Then, since the FILE stream has been reoriented to 'wide' the _IO_wfile_finish()
would properly only care about the wide character allocated buffer in the manner
of _IO_wsetb().

I'll investigate the specifications to see if wide character usage is supposed
to use the user supplied buffer.

In the meantime I can provide a patch for solution 2a).  It may not be the right
decision but we'll investigate.

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED


http://sourceware.org/bugzilla/show_bug.cgi?id=2337

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]