fix (normal, narrow) printf erroneously processing %n after output errors

unlike with wide printf variants, encoding errors are not a vector by
which this bug is reachable, and the out() helper function already
ensured that no further output could be written after an output error,
transient or otherwise. however, the %n specifier could still be
processed after an error, yielding a side effect that wrongly implied
output had succeeded.

due to buffering effects, it's still possible for %n to show output as
having "succeeded", but for it never to appear on the underlying file
due to an error at flush time. this change, however, ensures that
processing of %n does not conflict with any error which has already
been seen.

diff --git a/src/stdio/vfprintf.c b/src/stdio/vfprintf.c
index 4555795..2dbdb5e 100644 (file)
--- a/src/stdio/vfprintf.c
+++ b/src/stdio/vfprintf.c
@@ -530,6 +530,9 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg,
 
                if (!f) continue;
 
+               /* Do not process any new directives once in error state. */
+               if (ferror(f)) return -1;
+
                z = buf + sizeof(buf);
                prefix = "-+   0X0x";
                pl = 0;