Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 25 Oct 2021 14:28:12 +0200
From: Lorenzo Beretta <>
Subject: request: please detect reads from stdin with unflushed writes to stdout


there are a few programs around that do something like
printf("question: ");
fgets(ans, sizeof ans, stdin);

without fflushing stdout and get away with it because it happens to work
under glibc.
(fyi the ones I stumbled onto are mkfs.xfs and, vipw/vigr from util-linux,
then the developer noticed the same with chfn/chsh)

Ideally that would be taken care of by either some compiler warning (but
not even clang's -Weverything catches that) or by some static analysis
tool, but I couldn't find any.

A __very__ tentative and untested patch:
diff --git i/src/stdio/__stdio_read.c w/src/stdio/__stdio_read.c
index ea675da3..6b10f76c 100644
--- i/src/stdio/__stdio_read.c
+++ w/src/stdio/__stdio_read.c
@@ -8,6 +8,11 @@ size_t __stdio_read(FILE *f, unsigned char *buf, size_t
  { .iov_base = f->buf, .iov_len = f->buf_size }
  ssize_t cnt;
+ if (f == stdin) {
+ if (stdout->wpos != stdout->wbase) {
+ do_something(glibc);
+ }
+ }

  cnt = iov[0].iov_len ? syscall(SYS_readv, f->fd, iov, 2)
  : syscall(SYS_read, f->fd, iov[1].iov_base, iov[1].iov_len);

... with do_something() being either flushing stdout or printing some kind
of warning to stderr (isatty?) or to syslog.
Any suggestion, corrections etc are obviously very welcome.

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.