From 7cd274587760436effbfce65cfdbd51f761acd67 Mon Sep 17 00:00:00 2001
From: Roland McGrath <roland@gnu.org>
Date: Wed, 16 Feb 2005 19:57:14 +0000
Subject: Updated to fedora-glibc-2_3-20050216T1256

---
 libio/fmemopen.c   | 22 ++++++++++++++++------
 libio/iofopncook.c | 20 ++++++++++++++++++--
 2 files changed, 34 insertions(+), 8 deletions(-)

(limited to 'libio')

diff --git a/libio/fmemopen.c b/libio/fmemopen.c
index ab6ffdd678..c22cba1ec4 100644
--- a/libio/fmemopen.c
+++ b/libio/fmemopen.c
@@ -27,8 +27,6 @@
  * but couldn't find it in libio. The following snippet of code is an
  * attempt to implement what glibc's documentation describes.
  *
- * No, it isn't really tested yet. :-)
- *
  *
  *
  * I already see some potential problems:
@@ -166,7 +164,7 @@ fmemopen_seek (void *cookie, _IO_off64_t *p, int w)
       break;
 
     case SEEK_END:
-      np = c->size - *p;
+      np = c->maxpos - *p;
       break;
 
     default:
@@ -176,9 +174,9 @@ fmemopen_seek (void *cookie, _IO_off64_t *p, int w)
   if (np < 0 || (size_t) np > c->size)
     return -1;
 
-  c->pos = np;
+  *p = c->pos = np;
 
-  return np;
+  return 0;
 }
 
 
@@ -203,6 +201,13 @@ fmemopen (void *buf, size_t len, const char *mode)
   cookie_io_functions_t iof;
   fmemopen_cookie_t *c;
 
+  if (len == 0)
+    {
+    einval:
+      __set_errno (EINVAL);
+      return NULL;
+    }
+
   c = (fmemopen_cookie_t *) malloc (sizeof (fmemopen_cookie_t));
   if (c == NULL)
     return NULL;
@@ -220,7 +225,12 @@ fmemopen (void *buf, size_t len, const char *mode)
       c->buffer[0] = '\0';
     }
   else
-    c->buffer = buf;
+    {
+      if ((uintptr_t) len > -(uintptr_t) buf)
+	goto einval;
+
+      c->buffer = buf;
+    }
 
   c->size = len;
 
diff --git a/libio/iofopncook.c b/libio/iofopncook.c
index 321eb67b8d..6f720b43ef 100644
--- a/libio/iofopncook.c
+++ b/libio/iofopncook.c
@@ -36,6 +36,8 @@ static _IO_ssize_t _IO_cookie_read (register _IO_FILE* fp, void* buf,
 static _IO_ssize_t _IO_cookie_write (register _IO_FILE* fp,
 				     const void* buf, _IO_ssize_t size);
 static _IO_off64_t _IO_cookie_seek (_IO_FILE *fp, _IO_off64_t offset, int dir);
+static _IO_off64_t _IO_cookie_seekoff (_IO_FILE *fp, _IO_off64_t offset,
+				       int dir, int mode);
 static int _IO_cookie_close (_IO_FILE* fp);
 
 static _IO_ssize_t
@@ -94,6 +96,20 @@ _IO_cookie_close (fp)
 }
 
 
+static _IO_off64_t
+_IO_cookie_seekoff (fp, offset, dir, mode)
+     _IO_FILE *fp;
+     _IO_off64_t offset;
+     int dir;
+     int mode;
+{
+  /* We must force the fileops code to always use seek to determine
+     the position.  */
+  fp->_offset = _IO_pos_BAD;
+  return INTUSE(_IO_file_seekoff) (fp, offset, dir, mode);
+}
+
+
 static const struct _IO_jump_t _IO_cookie_jumps = {
   JUMP_INIT_DUMMY,
   JUMP_INIT(finish, INTUSE(_IO_file_finish)),
@@ -103,7 +119,7 @@ static const struct _IO_jump_t _IO_cookie_jumps = {
   JUMP_INIT(pbackfail, INTUSE(_IO_default_pbackfail)),
   JUMP_INIT(xsputn, INTUSE(_IO_file_xsputn)),
   JUMP_INIT(xsgetn, INTUSE(_IO_default_xsgetn)),
-  JUMP_INIT(seekoff, INTUSE(_IO_file_seekoff)),
+  JUMP_INIT(seekoff, _IO_cookie_seekoff),
   JUMP_INIT(seekpos, _IO_default_seekpos),
   JUMP_INIT(setbuf, INTUSE(_IO_file_setbuf)),
   JUMP_INIT(sync, INTUSE(_IO_file_sync)),
@@ -223,7 +239,7 @@ static const struct _IO_jump_t _IO_old_cookie_jumps = {
   JUMP_INIT(pbackfail, INTUSE(_IO_default_pbackfail)),
   JUMP_INIT(xsputn, INTUSE(_IO_file_xsputn)),
   JUMP_INIT(xsgetn, INTUSE(_IO_default_xsgetn)),
-  JUMP_INIT(seekoff, INTUSE(_IO_file_seekoff)),
+  JUMP_INIT(seekoff, _IO_cookie_seekoff),
   JUMP_INIT(seekpos, _IO_default_seekpos),
   JUMP_INIT(setbuf, INTUSE(_IO_file_setbuf)),
   JUMP_INIT(sync, INTUSE(_IO_file_sync)),
-- 
cgit v1.2.3