From: Rich Felker Date: Mon, 20 Mar 2023 23:07:54 +0000 (-0400) Subject: fix (normal, narrow) printf erroneously processing %n after output errors X-Git-Url: http://nsz.repo.hu/git/?a=commitdiff_plain;ds=sidebyside;h=3a051769c4a91c3a7d1f1310d888faa4abf363e7;p=musl fix (normal, narrow) printf erroneously processing %n after output errors unlike with wide printf variants, encoding errors are not a vector by which this bug is reachable, and the out() helper function already ensured that no further output could be written after an output error, transient or otherwise. however, the %n specifier could still be processed after an error, yielding a side effect that wrongly implied output had succeeded. due to buffering effects, it's still possible for %n to show output as having "succeeded", but for it never to appear on the underlying file due to an error at flush time. this change, however, ensures that processing of %n does not conflict with any error which has already been seen. --- diff --git a/src/stdio/vfprintf.c b/src/stdio/vfprintf.c index 45557951..2dbdb5e2 100644 --- a/src/stdio/vfprintf.c +++ b/src/stdio/vfprintf.c @@ -530,6 +530,9 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg, if (!f) continue; + /* Do not process any new directives once in error state. */ + if (ferror(f)) return -1; + z = buf + sizeof(buf); prefix = "-+ 0X0x"; pl = 0;