Refactor fwrite(3) to remove buffer overflow bug.
This commit is contained in:
parent
d950421358
commit
6aa4eb3405
|
@ -22,12 +22,14 @@
|
||||||
|
|
||||||
*******************************************************************************/
|
*******************************************************************************/
|
||||||
|
|
||||||
|
#include <assert.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
|
|
||||||
extern "C" size_t fwrite(const void* ptr, size_t size, size_t nmemb, FILE* fp)
|
extern "C" size_t fwrite(const void* ptr, size_t size, size_t nmemb, FILE* fp)
|
||||||
{
|
{
|
||||||
if ( !fp->write_func ) { errno = EBADF; return 0; }
|
if ( !fp->write_func )
|
||||||
|
return errno = EBADF, 0;
|
||||||
fp->flags &= ~_FILE_LAST_READ; fp->flags |= _FILE_LAST_WRITE;
|
fp->flags &= ~_FILE_LAST_READ; fp->flags |= _FILE_LAST_WRITE;
|
||||||
char* str = (char*) ptr;
|
char* str = (char*) ptr;
|
||||||
size_t total = size * nmemb;
|
size_t total = size * nmemb;
|
||||||
|
@ -35,29 +37,27 @@ extern "C" size_t fwrite(const void* ptr, size_t size, size_t nmemb, FILE* fp)
|
||||||
while ( sofar < total )
|
while ( sofar < total )
|
||||||
{
|
{
|
||||||
size_t left = total - sofar;
|
size_t left = total - sofar;
|
||||||
if ( (!fp->bufferused && fp->buffersize <= left) ||
|
if ( fp->flags & _FILE_NO_BUFFER || !fp->buffersize )
|
||||||
(fp->flags & _FILE_NO_BUFFER) )
|
|
||||||
{
|
{
|
||||||
return sofar + fp->write_func(str + sofar, 1, left, fp->user);
|
size_t ret = sofar + fp->write_func(str + sofar, 1, left, fp->user);
|
||||||
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
size_t available = fp->buffersize - fp->bufferused;
|
size_t available = fp->buffersize - fp->bufferused;
|
||||||
size_t count = ( left < available ) ? left : available;
|
if ( !available )
|
||||||
count = left;
|
{
|
||||||
|
if ( fflush(fp) == 0 ) continue;
|
||||||
|
else return sofar;
|
||||||
|
}
|
||||||
|
|
||||||
|
size_t count = available < left ? available : left;
|
||||||
for ( size_t i = 0; i < count; i++ )
|
for ( size_t i = 0; i < count; i++ )
|
||||||
{
|
{
|
||||||
char c = str[sofar++];
|
char c = str[sofar++];
|
||||||
fp->buffer[fp->bufferused++] = c;
|
fp->buffer[fp->bufferused++] = c;
|
||||||
if ( c == '\n' )
|
assert(fp->bufferused <= fp->buffersize);
|
||||||
{
|
if ( c == '\n' || fp->buffersize == fp->bufferused )
|
||||||
if ( fflush(fp) ) { return sofar; }
|
|
||||||
break;
|
break;
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( fp->buffersize <= fp->bufferused )
|
|
||||||
{
|
|
||||||
if ( fflush(fp) ) { return sofar; }
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return sofar;
|
return sofar;
|
||||||
|
|
Loading…
Reference in New Issue