fwrite() race condition could lead to huge memmove / crash. Fixed, th…

…anks to sam-itt for pointing it out (GitHub issue #10). git-svn-id: svn://rootdirectory.ddns.net/pdclib/trunk@863 bcf39385-58cc-4174-9fcf-14f50f90dd47
XboxDev · Mar 6, 2020 · b770ec6 · b770ec6
1 parent ecbbfe7
commit b770ec6
Showing 1 changed file with 13 additions and 11 deletions.
diff --git a/functions/stdio/fwrite.c b/functions/stdio/fwrite.c
@@ -48,6 +48,7 @@ size_t fwrite( const void * _PDCLIB_restrict ptr, size_t size, size_t nmemb, str
                     _PDCLIB_UNLOCK( stream->mtx );
                     return nmemb_i;
                 }
+                offset = 0;
                 /* lineend = false; */
             }
         }
@@ -72,18 +73,19 @@ size_t fwrite( const void * _PDCLIB_restrict ptr, size_t size, size_t nmemb, str
             }
             break;
         case _IOLBF:
+            if ( offset > 0 )
             {
-            size_t bufidx = stream->bufidx;
-            stream->bufidx = offset;
-            if ( _PDCLIB_flushbuffer( stream ) == EOF )
-            {
-                /* See comment above. */
-                stream->bufidx = bufidx;
-                _PDCLIB_UNLOCK( stream->mtx );
-                return nmemb_i - 1;
-            }
-            stream->bufidx = bufidx - offset;
-            memmove( stream->buffer, stream->buffer + offset, stream->bufidx );
+                size_t bufidx = stream->bufidx;
+                stream->bufidx = offset;
+                if ( _PDCLIB_flushbuffer( stream ) == EOF )
+                {
+                    /* See comment above. */
+                    stream->bufidx = bufidx;
+                    _PDCLIB_UNLOCK( stream->mtx );
+                    return nmemb_i - 1;
+                }
+                stream->bufidx = bufidx - offset;
+                memmove( stream->buffer, stream->buffer + offset, stream->bufidx );
             }
     }