From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/13971
Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail
From: Rich Felker <dalias@libc.org>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: segfault on sscanf
Date: Thu, 14 Mar 2019 18:34:15 -0400
Message-ID: <20190314223415.GH23599@brightrain.aerifal.cx>
References: <20190314104617.711ac7d8@faultier2go>
 <20190314162814.GI28106@voyager>
 <20190314165335.GJ28106@voyager>
 <20190314181919.GJ26605@port70.net>
 <20190314183812.GK28106@voyager>
 <20190314194933.GK26605@port70.net>
Reply-To: musl@lists.openwall.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226";
	logging-data="91796"; mail-complaints-to="usenet@blaine.gmane.org"
User-Agent: Mutt/1.5.21 (2010-09-15)
To: musl@lists.openwall.com
Original-X-From: musl-return-13987-gllmg-musl=m.gmane.org@lists.openwall.com Thu Mar 14 23:34:31 2019
Return-path: <musl-return-13987-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@m.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by blaine.gmane.org with smtp (Exim 4.89)
	(envelope-from <musl-return-13987-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1h4Yvm-000NkD-3S
	for gllmg-musl@m.gmane.org; Thu, 14 Mar 2019 23:34:30 +0100
Original-Received: (qmail 7904 invoked by uid 550); 14 Mar 2019 22:34:27 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Original-Received: (qmail 7881 invoked from network); 14 Mar 2019 22:34:27 -0000
Content-Disposition: inline
In-Reply-To: <20190314194933.GK26605@port70.net>
Original-Sender: Rich Felker <dalias@aerifal.cx>
Xref: news.gmane.org gmane.linux.lib.musl.general:13971
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/13971>

On Thu, Mar 14, 2019 at 08:49:34PM +0100, Szabolcs Nagy wrote:
> * Markus Wichmann <nullplan@gmx.net> [2019-03-14 19:38:12 +0100]:
> 
> > On Thu, Mar 14, 2019 at 07:19:19PM +0100, Szabolcs Nagy wrote:
> > > i think __shgetc should ensure f->rpos == f->shend on EOF
> > 
> > What about shunget(), though? Currently, if shgetc() returns EOF, at the
> 
> i meant f->rpos == f->shend == 0.

Changing f->rpos is not valid here; it would corrupt the state of the
FILE for furher use after the shgetc phase is done. This is especially
important if we reached the code due to shlim being hit, but I think
it also matters for __uflow failing; normally the FILE is left in read
mode, with rpos and rend pointers valid. If we were going to zero
rpos, we would also have to zero rend, taking it out of read mode, but
this does not seem desirable.

Rather, I think f->shend should be set to f->rpos, not 0. Does this
sound right?

Rich