Commit Graph

1239 Commits

Author SHA1 Message Date
Rich Felker
fad231b960 support ld80 pseudo-denormal invalid bit patterns; treat them as nan
this is silly, but it makes apps that read binary junk and interpret
it as ld80 "safer", and it gets gnulib to stop replacing printf...
2012-06-20 15:15:10 -04:00
Rich Felker
c21a19d5a5 fix ptsname_r to conform to the upcoming posix requirements
it should return the error code rather than 0/-1 and setting errno.
2012-06-20 15:11:27 -04:00
Rich Felker
cea106fb89 fix fwrite return value when full write does not succeed 2012-06-20 15:04:47 -04:00
Rich Felker
1af8c25504 avoid cancellation in pclose
at the point pclose might receive and act on cancellation, it has
already invalidated the FILE passed to it. thus, per musl's QOI
guarantees about cancellation and resource allocation/deallocation,
it's not a candidate for cancellation.

if it were required to be a cancellation point by posix, we would have
to switch the order of deallocation, but somehow still close the pipe
in order to trigger the child process to exit. i looked into doing
this, but the logic gets ugly, and i'm not sure the semantics are
conformant, so i'd rather just leave it alone unless there's a need to
change it.
2012-06-20 14:50:29 -04:00
Rich Felker
9799560f79 fix invalid memory access in pclose 2012-06-20 14:47:34 -04:00
Rich Felker
9c21f4342c make popen cancellation-safe
close was the only cancellation point called from popen, but it left
popen with major resource leaks if any call to close got cancelled.
the easiest, cheapest fix is just to use a non-cancellable close
function.
2012-06-20 14:39:50 -04:00
Rich Felker
f305467aad popen: handle issues with fd0/1 being closed
also check for failure of dup2 and abort the child rather than
reading/writing the wrong file.
2012-06-20 14:32:48 -04:00
Rich Felker
b3d7d062af duplocale: don't crash when called with LC_GLOBAL_LOCALE
posix has resolved to add this usage; for now, we just avoid writing
anything to the new locale object since it's not used anyway.
2012-06-20 13:48:57 -04:00
Rich Felker
f313a16224 make strerror_r behave nicer on failure
if the buffer is too short, at least return a partial string. this is
helpful if the caller is lazy and does not check for failure. care is
taken to avoid writing anything if the buffer length is zero, and to
always null-terminate when the buffer length is non-zero.
2012-06-20 12:07:18 -04:00
Rich Felker
839bff64a1 fix another oob pointer arithmetic issue in printf floating point
this one could never cause any problems unless the compiler/machine
goes to extra trouble to break oob pointer arithmetic, but it's best
to fix it anyway.
2012-06-20 09:28:54 -04:00
Rich Felker
82a4499e67 minor perror behavior fix
patch by nsz
2012-06-20 09:27:28 -04:00
Rich Felker
85a3ba3a28 fix localeconv values and implementation
dynamic-allocation of the structure is not valid; it can crash an
application if malloc fails. since localeconv is not specified to have
failure conditions, the object needs to have static storage duration.

need to review whether all the values are right or not still..
2012-06-19 22:44:08 -04:00
Rich Felker
ee96c50d4b fix mistake in length test in getlogin_r
this was actually dangerously wrong, but presumably nobody uses this
broken function anymore anyway..
2012-06-19 22:31:19 -04:00
Rich Felker
ee1f69a360 fix dummied-out fsync
if we eventually have build options, it might be nice to make an
option to dummy this out again, in case anybody needs a system-wide
disable for disk/ssd-thrashing, etc. that some daemons do when
logging...
2012-06-19 22:24:15 -04:00
Rich Felker
ca1773d864 fix dummied-out fdatasync 2012-06-19 22:22:16 -04:00
Rich Felker
914949d321 fix pointer overflow bug in floating point printf
large precision values could cause out-of-bounds pointer arithmetic in
computing the precision cutoff (used to avoid expensive long-precision
arithmetic when the result will be discarded). per the C standard,
this is undefined behavior. one would expect that it works anyway, and
in fact it did in most real-world cases, but it was randomly
(depending on aslr) crashing in i386 binaries running on x86_64
kernels. this is because linux puts the userspace stack near 4GB
(instead of near 3GB) when the kernel is 64-bit, leading to the
out-of-bounds pointer arithmetic overflowing past the end of address
space and giving a very low pointer value, which then compared lower
than a pointer it should have been higher than.

the new code rearranges the arithmetic so that no overflow can occur.

while this bug could crash printf with memory corruption, it's
unlikely to have security impact in real-world applications since the
ability to provide an extremely large field precision value under
attacker-control is required to trigger the bug.
2012-06-19 21:41:43 -04:00
Rich Felker
25c8444919 add vhangup syscall wrapper
request/patch by william haddonthethird, slightly modifed to add
_GNU_SOURCE feature test macro so that the compiler can verify the
prototype matches.
2012-06-19 15:32:13 -04:00
Rich Felker
5bc8e845bb include declarations for new stdio_ext functions (gnulib support) 2012-06-19 15:18:22 -04:00
Rich Felker
e15171b8d8 add new stdio extension functions to make gnulib happy
this is mildly ugly, but less ugly than gnulib trying to poke at the
definition of the FILE structure...
2012-06-19 01:35:23 -04:00
Rich Felker
a71e0af255 stdio: handle file position correctly at program exit
for seekable files, posix imposed requirements on the offset of the
underlying open file description after a stream is closed. this was
correctly handled (as a side effect of the unconditional fflush call)
when streams were explicitly closed by fclose, but was not handled
correctly at program exit time, where fflush(0) was being used.

the weak symbol hackery is to pull in __stdio_exit if either of
__toread or __towrite is used, but avoid calling it twice so we don't
have to keep extra state. the new __stdio_exit is a streamlined fflush
variant that avoids performing any unnecessary operations and which
never unlocks the files or open file list, so we can be sure no other
threads write new data to a stream's buffer after it's already
flushed.
2012-06-19 01:27:26 -04:00
Rich Felker
ca8a4e7fbd minor cleanup in fflush 2012-06-19 01:12:36 -04:00
Rich Felker
2499cd9d9b remove flush hook cruft that was never used from stdio
there is no need/use for a flush hook. the write function serves this
purpose already. i originally created the hook for implementing mem
streams based on a mistaken reading of posix, and later realized it
wasn't useful but never removed it until now.
2012-06-19 00:05:35 -04:00
Rich Felker
26710be714 fix multiple iconv bugs reading utf-16/32 and wchar_t 2012-06-18 21:41:38 -04:00
Rich Felker
673633c689 fix iconv dest utf-16: unavailable chars must be replaced; EILSEQ is wrong 2012-06-18 20:43:21 -04:00
Rich Felker
a2f149b5d1 fix erroneous utf-16 encoding with surrogates in iconv
apparently this was never tested before.
2012-06-18 20:29:41 -04:00
Rich Felker
deb90c79e5 change stdio_ext __freading/__fwriting semantics slightly
the old behavior was to only consider a stream to be "reading" or
"writing" if it had buffered, unread/unwritten data. this reportedly
differs from the traditional behavior of these functions, which is
essentially to return true as much as possible without creating the
possibility that both __freading and __fwriting could return true.

gnulib expects __fwriting to return true as soon as a file is opened
write-only, and possibly expects other cases that depend on the
traditional behavior. and since these functions exist mostly for
gnulib (does anything else use them??), they should match the expected
behavior to avoid even more ugly hacks and workarounds...
2012-06-17 21:24:58 -04:00
Rich Felker
3b43d10faf fdopen should set errno when it fails due to invalid mode string 2012-06-17 20:34:04 -04:00
Rich Felker
57d5fff5f7 header file fixes: multiple include guard consistency and correctness
one file was reusing another file's macro name, and many had
inconsistent underscores and application of SYS prefix, etc.

patch by Szabolcs Nagy (nsz)
2012-06-15 21:52:53 -04:00
Rich Felker
1dd6eee692 direct syscall to open in __init_security needs O_LARGEFILE
it probably does not matter for /dev/null, but this should be done
consistently anyway.
2012-06-14 23:58:40 -04:00
Rich Felker
ad5a332c75 reorder exit code to defer stdio flush until after dtors
this is required in case dtors use stdio.

also remove the old comments; one was cruft from when the code used to
be using function pointers and conditional calls, and has little
motivation now that we're using weak symbols. the other was just
complaining about having to support dtors even though the cost was
made essentially zero in the non-use case by the way it's done here.
2012-06-14 08:36:06 -04:00
Rich Felker
de05a2ac22 revert one change in time.h; no evidence BSD_SOURCE should expose these.. 2012-06-13 14:46:11 -04:00
Rich Felker
cf254c32ec fix feature test macros in time.h
stime is not _XOPEN_SOURCE, and some functions were missing with
_BSD_SOURCE..
2012-06-13 14:43:16 -04:00
Rich Felker
23be72ae45 add timegm function (inverse of gmtime), nonstandard 2012-06-13 14:41:52 -04:00
Rich Felker
2169265ec6 add init_module/delete_module syscall wrappers
these are not exposed publicly in any header, but the few programs
that use them (modutils/kmod, etc.) are declaring the functions
themselves rather than making the syscalls directly, and it doesn't
really hurt to have them (same as the capset junk).
2012-06-13 11:49:22 -04:00
Rich Felker
fbffcee63d add (currently stubbed due to stubbed strverscmp) versionsort function
based on patch by Emil Renner Berthing, with minor changes to dirent.h
for LFS64 and organization of declarations

this code should work unmodified once a real strverscmp is added, but
I've been hesitant to add it because the GNU strverscmp behavior is
harmful in a lot of cases (for instance if you have numeric filenames
in hex). at some point I plan on trying to design a variant of the
algorithm that behaves better on a mix of filename styles.
2012-06-13 11:14:38 -04:00
Rich Felker
e361019c24 add deprecated capabilities functions
these were left in glibc for binary compatibility after the public
part of the interface was removed, and libcap kept using them (with
its own copy of the header files) rather than just making the syscalls
directly. might as well add them since they're so small...
2012-06-13 11:04:31 -04:00
Rich Felker
6343ac8f5a fix char signedness bug (arm-specific) in dynamic linker 2012-06-09 21:20:44 -04:00
Rich Felker
819006a88b add pthread_attr_setstack interface (and get)
i originally omitted these (optional, per POSIX) interfaces because i
considered them backwards implementation details. however, someone
later brought to my attention a fairly legitimate use case: allocating
thread stacks in memory that's setup for sharing and/or fast transfer
between CPU and GPU so that the thread can move data to a GPU directly
from automatic-storage buffers without having to go through additional
buffer copies.

perhaps there are other situations in which these interfaces are
useful too.
2012-06-09 19:53:29 -04:00
Rich Felker
f457b1cb0d fix scanning of "-0x" pseudo-hex float (must give negative zero) 2012-06-08 11:17:49 -04:00
Rich Felker
3d649468c7 fix signedness errors in stdint.h constant macros
the types of these expressions must match the integer promotions.
unsigned 8- and 16-bit values promote to signed int, not unsigned int.
2012-06-08 11:11:44 -04:00
Rich Felker
63d40196b9 fix %ls breakage in last printf fix
signedness issue kept %ls with no precision from working at all
2012-06-08 10:36:43 -04:00
Rich Felker
6e9ff6a4cf fix printf %ls with precision limit over-read issue
printf was not printing too many characters, but it was reading one
too many wchar_t elements from the input. this could lead to crashes
if running off the page, or spurious failure if the conversion of the
extra wchar_t resulted in EILSEQ.
2012-06-08 10:32:59 -04:00
Rich Felker
1429ce9ba2 fix sysinfo, try 2. it seems to work this time. 2012-06-07 23:06:04 -04:00
Rich Felker
e86b18a63e sysinfo struct was utter nonsense; no idea where it came from.
this broke the busybox "free" utility (memory reporting) and possibly
other things like uptime.
2012-06-07 22:58:19 -04:00
Rich Felker
31eaad4796 fix scanf bug reading literals after width-limited field
the field width limit was not being cleared before reading the
literal, causing spurious failures in scanf in cases like "%2d:"
scanning "00:".
2012-06-07 22:52:41 -04:00
Rich Felker
498a100d05 check for ld support of -Bsymbolic-functions; disable shared if not avail
this issue affects the last gpl2 version of binutils, which some
people are still using out of aversion to gpl3. musl requires
-Bsymbolic-functions because it's the only way to make a libc.so
that's able to operate prior to dynamic linking but that still behaves
correctly with respect to global vars that may be moved to the main
program via copy relocations.
2012-06-07 00:32:22 -04:00
Rich Felker
f1fd7577ba use -nostdlib in linker tests to avoid possible missing crt/lib issues 2012-06-07 00:27:34 -04:00
Rich Felker
67a0383d07 avoid linking main program in linker tests
it's possible that the user has provided a compiler that does not have
any libc to link to, so linking a main program is a bad idea. instead,
generate an empty shared library with no dependencies.
2012-06-07 00:23:58 -04:00
Rich Felker
0c5efde8d0 make configure try to disable stack protector
in theory we could support stack protector in the libc itself, and
users wanting to experiment with such usage could add
-fstack-protector to CFLAGS intentionally. but to avoid breakage in
the default case, override broken distro-patched gcc that forces stack
protector on.
2012-06-06 22:00:08 -04:00
Rich Felker
08f70a30c0 add configure check for gnu linker hash style setting
some broken distro-provided toolchains have modified gcc to produce
only "gnu hash" dynamic hash table by default. as this is unsupported
by musl, that results in a non-working libc.so. we detect and switch
this on in configure rather than hard-coding it in the Makefile
because it's not supported by old binutils versions, but that might
not even be relevant since old binutils versions already fail from
-Bsymbolic-functions being missing. at some point I may review whether
this should just go in the Makefile...
2012-06-06 20:45:52 -04:00