Correct buffer end pointer in IO_wdefault_doallocate (BZ #26874)

An experimental build of GCC 11 with an enhanced -Warray-bounds
reports a bug in IO_wdefault_doallocate where the function forms
an invalid past-the-end pointer to an allocated wchar_t buffer
by failingf to consider the scaling by sizeof (wchar_t).

The fix path below corrects this problem.  It keeps the buffer
size the same as opposed to increasing it according to what other
code like it does.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

diff --git a/libio/wgenops.c b/libio/wgenops.c
index 3ae6995..106ddfd 100644 (file)
--- a/libio/wgenops.c
+++ b/libio/wgenops.c
@@ -379,12 +379,11 @@ libc_hidden_def (_IO_wdoallocbuf)
 int
 _IO_wdefault_doallocate (FILE *fp)
 {
-  wchar_t *buf;
-
-  buf = malloc (BUFSIZ);
+  wchar_t *buf = (wchar_t *)malloc (BUFSIZ);
   if (__glibc_unlikely (buf == NULL))
     return EOF;
-  _IO_wsetb (fp, buf, buf + BUFSIZ, 1);
+
+  _IO_wsetb (fp, buf, buf + BUFSIZ / sizeof *buf, 1);
   return 1;
 }
 libc_hidden_def (_IO_wdefault_doallocate)