re-fix vfprintf temporary buffer logic

commit b5a8b28915aad17b6f49ccacd6d3fef3890844d1 setup the write buffer
bound pointers for the temporary buffer manually to fix a buffer
overflow issue, but in doing so, caused vfprintf on unbuffered files
never to call __towrite, thereby failing to set the stream orientation
to byte-oriented, failing to clear any prior read mode, and failing to
produce an error when the stream is not writable.

revert the inline setup of the bounds pointers and instead zero them,
so that the underlying fwrite code will call __towrite to set them up.

diff --git a/src/stdio/vfprintf.c b/src/stdio/vfprintf.c
index 5e7be717333638bbef041a676199814811712925..af069d133c8dacd5d7172bd3512d4c5925760344 100644 (file)
--- a/src/stdio/vfprintf.c
+++ b/src/stdio/vfprintf.c
@@ -674,9 +674,9 @@ int vfprintf(FILE *restrict f, const char *restrict fmt, va_list ap)
        if (f->mode < 1) f->flags &= ~F_ERR;
        if (!f->buf_size) {
                saved_buf = f->buf;
-               f->wpos = f->wbase = f->buf = internal_buf;
+               f->buf = internal_buf;
                f->buf_size = sizeof internal_buf;
-               f->wend = internal_buf + sizeof internal_buf;
+               f->wpos = f->wbase = f->wend = 0;
        }
        ret = printf_core(f, fmt, &ap2, nl_arg, nl_type);
        if (saved_buf) {