handle UB for invalid fflush() operations and mixing input and output without intervening fflush() or repositioning

5 files changed, 33 insertions, 7 deletions

diff --git a/src/stdio/_stdio.h b/src/stdio/_stdio.h
index c69b3787..cf53179d 100644
--- a/src/stdio/_stdio.h
+++ b/src/stdio/_stdio.h
@@ -25,6 +25,7 @@
 #define ORIENT_WIDE (1)
 #define ORIENT_BYTE (-1)
 
+#define OP_NONE   (0)
 #define OP_INPUT  (1)
 #define OP_OUTPUT (2)
 
@@ -58,11 +59,13 @@ struct __FILE {
 	int nlocks;		/* in multithreaded, used by flockfile() */
 	int thread;		/* the owning thread if locked */
 
-	int orientation:2;	/* 0 = undetermind, < 0 = byte, > 0 = wide */
-	int operation:2;	/* TODO: previous operation, NONE, INPUT, OUTPUT (are there others?) */
-	int eof:1;		/* eof indicator */
-	int err:1;		/* error indicator */
-	int text:1;		/* is this a text file? */
+	unsigned int orientation:2;	/* 0 = undetermind, < 0 = byte, > 0 = wide */
+	unsigned int operation:2;	/* TODO: previous operation, NONE, INPUT, OUTPUT (are there others?) */
+	unsigned int eof:1;		/* eof indicator */
+	unsigned int err:1;		/* error indicator */
+	unsigned int text:1;		/* is this a text file? */
+	unsigned int read:1;		/* open for reading? */
+	unsigned int write:1;		/* open for writing? */
 
 	#ifdef _POSIX_C_SOURCE
 	pid_t pipe_pid;		/* if stream is a pipe, the child pid */
diff --git a/src/stdio/fflush.c b/src/stdio/fflush.c
index e13f8979..cb5f49c6 100644
--- a/src/stdio/fflush.c
+++ b/src/stdio/fflush.c
@@ -27,6 +27,14 @@ int fflush(FILE *stream)
 		return 0;
 	}
 
+	if (!stream->write) {
+		UNDEFINED("attempt to fflush() an input stream");
+	}
+
+	if (stream->read && stream->operation == OP_INPUT) {
+		UNDEFINED("attempt to fflush() an update stream after input");
+	}
+
 	if (stream->bpos == 0) {
 		return 0;
 	}
diff --git a/src/stdio/freopen.c b/src/stdio/freopen.c
index d431b0e3..f2238ff9 100644
--- a/src/stdio/freopen.c
+++ b/src/stdio/freopen.c
@@ -78,10 +78,12 @@ FILE * freopen(const char * restrict filename, const char * restrict mode, FILE
 	}
 
 	flockfile(stream);
-	fflush(stream);
+	if (stream->write) {
+		fflush(stream);
+	}
 
 	if (filename != NULL) {
-		fd = open(filename, openmode, 0);
+		fd = open(filename, openmode, 0755); /* TODO: umask */
 		if (fd < 0) {
 			/* open() already sets errno */
 			funlockfile(stream);
@@ -103,6 +105,8 @@ FILE * freopen(const char * restrict filename, const char * restrict mode, FILE
 	stream->nvalid_ftell = 0;
 
 	stream->text = !(strchr(mode, 'b'));
+	stream->read = ((openmode & O_RDONLY) == O_RDONLY) || ((openmode & O_RDWR) == O_RDWR);
+	stream->write = ((openmode & O_WRONLY) == O_WRONLY) || ((openmode & O_RDWR) == O_RDWR);
 
 	/*
 	RETURN_SUCCESS(ARGUMENT(stream));
diff --git a/src/stdio/getc_unlocked.c b/src/stdio/getc_unlocked.c
index 140e1a4d..0e68eb79 100644
--- a/src/stdio/getc_unlocked.c
+++ b/src/stdio/getc_unlocked.c
@@ -19,6 +19,12 @@ int getc_unlocked(FILE * stream)
 		return EOF;
 	}
 
+	if (stream->operation == OP_OUTPUT) {
+		UNDEFINED("attempted input on stream immediately after output");
+	}
+
+	stream->operation = OP_INPUT;
+
 	if (read(stream->fd, &c, sizeof(c)) != 1) {
 		stream->err = 1;
 		return EOF;
diff --git a/src/stdio/putc_unlocked.c b/src/stdio/putc_unlocked.c
index fffb2618..9a7b3a60 100644
--- a/src/stdio/putc_unlocked.c
+++ b/src/stdio/putc_unlocked.c
@@ -17,7 +17,12 @@ int putc_unlocked(int c, FILE *stream)
 
 	SIGNAL_SAFE(0);
 	ASSERT_NONNULL(stream);
+
+	if (stream->operation == OP_INPUT) {
+		UNDEFINED("attempted output on stream immediately after input");
+	}
 	
+	stream->operation = OP_OUTPUT;
 	stream->buf[stream->bpos++] = ch;
 	if (stream->bpos == stream->bsize ||
 		(stream->bmode == _IOLBF && ch == '\n') ||