Call __fortify_fatal if printf sees %n.
We've ignored %n for a long time, but that's dangerous too because it
makes it unclear whether the corresponding pointer argument should be
supplied or not.
Remove the ambiguity by just rejecting %n outright.
Bug: http://b/31832608
Test: ran tests
Change-Id: Ic046ad3436a30c6f8f580ea738bdcaeb01c858f8
diff --git a/libc/stdio/vfprintf.cpp b/libc/stdio/vfprintf.cpp
index 9182880..17e4372 100644
--- a/libc/stdio/vfprintf.cpp
+++ b/libc/stdio/vfprintf.cpp
@@ -449,26 +449,8 @@
lead = expt;
}
break;
-#ifndef NO_PRINTF_PERCENT_N
case 'n':
- if (flags & LLONGINT)
- *GETARG(long long*) = ret;
- else if (flags & LONGINT)
- *GETARG(long*) = ret;
- else if (flags & SHORTINT)
- *GETARG(short*) = ret;
- else if (flags & CHARINT)
- *GETARG(signed char*) = ret;
- else if (flags & PTRINT)
- *GETARG(ptrdiff_t*) = ret;
- else if (flags & SIZEINT)
- *GETARG(ssize_t*) = ret;
- else if (flags & MAXINT)
- *GETARG(intmax_t*) = ret;
- else
- *GETARG(int*) = ret;
- continue; /* no output */
-#endif /* NO_PRINTF_PERCENT_N */
+ __fortify_fatal("%%n not allowed on Android");
case 'O':
flags |= LONGINT;
/*FALLTHROUGH*/