From owner-svn-src-head@FreeBSD.ORG Sat Apr 21 07:07:12 2012 Return-Path: Delivered-To: svn-src-head@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 52A011065673; Sat, 21 Apr 2012 07:07:12 +0000 (UTC) (envelope-from peterjeremy@acm.org) Received: from fallbackmx06.syd.optusnet.com.au (fallbackmx06.syd.optusnet.com.au [211.29.132.8]) by mx1.freebsd.org (Postfix) with ESMTP id D31EE8FC0A; Sat, 21 Apr 2012 07:07:11 +0000 (UTC) Received: from mail35.syd.optusnet.com.au (mail35.syd.optusnet.com.au [211.29.133.51]) by fallbackmx06.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id q3L77498011628; Sat, 21 Apr 2012 17:07:04 +1000 Received: from server.vk2pj.dyndns.org (c220-239-251-180.belrs5.nsw.optusnet.com.au [220.239.251.180]) by mail35.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id q3L76t3J024635 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 21 Apr 2012 17:06:56 +1000 X-Bogosity: Ham, spamicity=0.000000 Received: from server.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by server.vk2pj.dyndns.org (8.14.5/8.14.4) with ESMTP id q3L75sVc071060; Sat, 21 Apr 2012 17:05:54 +1000 (EST) (envelope-from peter@server.vk2pj.dyndns.org) Received: (from peter@localhost) by server.vk2pj.dyndns.org (8.14.5/8.14.5/Submit) id q3L75s9n071059; Sat, 21 Apr 2012 17:05:54 +1000 (EST) (envelope-from peter) Date: Sat, 21 Apr 2012 17:05:54 +1000 From: Peter Jeremy To: David Schultz Message-ID: <20120421070554.GA59737@server.vk2pj.dyndns.org> References: <201204210608.q3L682O3074354@svn.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="YiEDa0DAkWCtVeE4" Content-Disposition: inline In-Reply-To: <201204210608.q3L682O3074354@svn.freebsd.org> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.21 (2010-09-15) Cc: svn-src-head@FreeBSD.org, svn-src-all@FreeBSD.org, src-committers@FreeBSD.org Subject: Re: svn commit: r234528 - head/lib/libc/stdio X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Apr 2012 07:07:12 -0000 --YiEDa0DAkWCtVeE4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2012-Apr-21 06:08:02 +0000, David Schultz wrote: >Log: > Fix a bug introduced in r187302 that was causing fputws() to enter an > infinite loop pretty much unconditionally. Unfortunately, I suspect you've just turned an unconditional infinite loop into a conditional one. There's still a "wsp =3D ws;" inside the loop so if you pass in a long string (one that exceeds BUFSIZ bytes when converted to a multi-byte string) then wsp will be non-NULL after the call to __wcsnrtombs(), causing the do loop to loop and then wsp will be re-initialised to ws. I think the fix is to move the "wsp =3D ws;" outside the loop. > It's remarkable that the > patch that introduced the bug was never tested, but even more > remarkable that nobody noticed for over two years. It took me a while to work out that the problem was libc and not my code. --=20 Peter Jeremy --YiEDa0DAkWCtVeE4 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAk+SXFIACgkQ/opHv/APuIfg7ACglm8HpS2PB9NBPXBg6zPNTXKM x9wAn0yVKQOYkI0vIAnr4TOnjWY5eTOR =GwXX -----END PGP SIGNATURE----- --YiEDa0DAkWCtVeE4--