From owner-svn-src-head@freebsd.org Tue Dec 6 17:05:04 2016 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 45464C6AD99; Tue, 6 Dec 2016 17:05:04 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EFA5B9A0; Tue, 6 Dec 2016 17:05:03 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id uB6H53N8076360; Tue, 6 Dec 2016 17:05:03 GMT (envelope-from bdrewery@FreeBSD.org) Received: (from bdrewery@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id uB6H532K076359; Tue, 6 Dec 2016 17:05:03 GMT (envelope-from bdrewery@FreeBSD.org) Message-Id: <201612061705.uB6H532K076359@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bdrewery set sender to bdrewery@FreeBSD.org using -f From: Bryan Drewery Date: Tue, 6 Dec 2016 17:05:03 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r309626 - head/contrib/libc-vis X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Dec 2016 17:05:04 -0000 Author: bdrewery Date: Tue Dec 6 17:05:02 2016 New Revision: 309626 URL: https://svnweb.freebsd.org/changeset/base/309626 Log: strvis(3): Avoid internal state of multibyte functions being tainted. The mbtoc(3) and wctomb(3) functions use internal state which may be tainted before the call to strvis(3). In this context we can just use the thread-safe versions mbrtoc(3) and wcrtomb(3) which allow passing our own state from our stack. MFC after: 2 weeks Sponsored by: Dell EMC Isilon Modified: head/contrib/libc-vis/vis.c Modified: head/contrib/libc-vis/vis.c ============================================================================== --- head/contrib/libc-vis/vis.c Tue Dec 6 15:49:39 2016 (r309625) +++ head/contrib/libc-vis/vis.c Tue Dec 6 17:05:02 2016 (r309626) @@ -353,12 +353,14 @@ makeextralist(int flags, const char *src wchar_t *dst, *d; size_t len; const wchar_t *s; + mbstate_t mbstate; + bzero(&mbstate, sizeof(mbstate)); len = strlen(src); if ((dst = calloc(len + MAXEXTRAS, sizeof(*dst))) == NULL) return NULL; - if ((flags & VIS_NOLOCALE) || mbstowcs(dst, src, len) == (size_t)-1) { + if ((flags & VIS_NOLOCALE) || mbsrtowcs(dst, &src, len, &mbstate) == (size_t)-1) { size_t i; for (i = 0; i < len; i++) dst[i] = (wchar_t)(u_char)src[i]; @@ -400,6 +402,7 @@ istrsenvisx(char **mbdstp, size_t *dlen, int clen = 0, cerr, error = -1, i, shft; char *mbdst, *mdst; ssize_t mbslength, maxolen; + mbstate_t mbstate; _DIAGASSERT(mbdstp != NULL); _DIAGASSERT(mbsrc != NULL || mblength == 0); @@ -456,10 +459,11 @@ istrsenvisx(char **mbdstp, size_t *dlen, */ if (mbslength == 1) mbslength++; + bzero(&mbstate, sizeof(mbstate)); while (mbslength > 0) { /* Convert one multibyte character to wchar_t. */ if (!cerr) - clen = mbtowc(src, mbsrc, MB_LEN_MAX); + clen = mbrtowc(src, mbsrc, MB_LEN_MAX, &mbstate); if (cerr || clen < 0) { /* Conversion error, process as a byte instead. */ *src = (wint_t)(u_char)*mbsrc; @@ -530,9 +534,10 @@ istrsenvisx(char **mbdstp, size_t *dlen, len = wcslen(start); maxolen = dlen ? *dlen : (wcslen(start) * MB_LEN_MAX + 1); olen = 0; + bzero(&mbstate, sizeof(mbstate)); for (dst = start; len > 0; len--) { if (!cerr) - clen = wctomb(mbdst, *dst); + clen = wcrtomb(mbdst, *dst, &mbstate); if (cerr || clen < 0) { /* * Conversion error, process as a byte(s) instead.