summaryrefslogtreecommitdiff
path: root/stdlib
Commit message (Collapse)AuthorAgeFilesLines
* realpath: Avoid overwriting preexisting error (CVE-2021-3998)Siddhesh Poyarekar2022-01-241-1/+1
| | | | | | | | | | | Set errno and failure for paths that are too long only if no other error occurred earlier. Related: BZ #28770 Reviewed-by: Andreas Schwab <schwab@linux-m68k.org> Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> (cherry picked from commit 84d2d0fe20bdf94feed82b21b4d7d136db471f03)
* tst-realpath-toolong: Fix hurd buildSiddhesh Poyarekar2022-01-241-0/+4
| | | | | | | Define PATH_MAX to a constant if it isn't already defined, like in hurd. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> (cherry picked from commit 976db046bc3a3738f69255ae00b0a09b8e77fd9c)
* realpath: Set errno to ENAMETOOLONG for result larger than PATH_MAX [BZ #28770]Siddhesh Poyarekar2022-01-243-3/+61
| | | | | | | | | | | | | | | realpath returns an allocated string when the result exceeds PATH_MAX, which is unexpected when its second argument is not NULL. This results in the second argument (resolved) being uninitialized and also results in a memory leak since the caller expects resolved to be the same as the returned value. Return NULL and set errno to ENAMETOOLONG if the result exceeds PATH_MAX. This fixes [BZ #28770], which is CVE-2021-3998. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> (cherry picked from commit ee8d5e33adb284601c00c94687bc907e10aec9bb)
* support: Add capability to fork an sgid childSiddhesh Poyarekar2021-04-141-181/+18
| | | | | | | | | | | | | | | | | | | | | | Add a new function support_capture_subprogram_self_sgid that spawns an sgid child of the running program with its own image and returns the exit code of the child process. This functionality is used by at least three tests in the testsuite at the moment, so it makes sense to consolidate. There is also a new function support_subprogram_wait which should provide simple system() like functionality that does not set up file actions. This is useful in cases where only the return code of the spawned subprocess is interesting. This patch also ports tst-secure-getenv to this new function. A subsequent patch will port other tests. This also brings an important change to tst-secure-getenv behaviour. Now instead of succeeding, the test fails as UNSUPPORTED if it is unable to spawn a setgid child, which is how it should have been in the first place. Reviewed-by: Carlos O'Donell <carlos@redhat.com> (cherry picked from commit 716a3bdc41b2b4b864dc64475015ba51e35e1273)
* stdlib: Add testcase for BZ #26241Adhemerval Zanella2021-01-202-1/+103
| | | | | | | | | | | | | | | | | | Old implementation of realpath allocates a PATH_MAX using alloca for each symlink in the path, leading to MAXSYMLINKS times PATH_MAX maximum stack usage. The test create a symlink with __eloop_threshold() loops and creates a thread with minimum stack size (obtained through support_small_stack_thread_attribute). The thread issues a stack allocations that fill the thread allocated stack minus some slack plus and the realpath usage (which assumes a bounded stack usage). If realpath uses more than about 2 * PATH_MAX plus some slack it triggers a stackoverflow. Checked on x86_64-linux-gnu and i686-linux-gnu. Reviewed-by: DJ Delorie <dj@redhat.com>
* posix: Fix return value of system if shell can not be executed [BZ #27053]Adhemerval Zanella2021-01-111-0/+17
| | | | | | | | POSIX states that system returned code for failure to execute the shell shall be as if the shell had terminated using _exit(127). This behaviour was removed with 5fb7fc96350575. Checked on x86_64-linux-gnu.
* stdlib: Sync canonicalize with gnulib [BZ #10635] [BZ #26592] [BZ #26341] ↵Adhemerval Zanella2021-01-052-170/+387
| | | | | | | | | | | | | | | | | | | | | | | | [BZ #24970] It sync with gnulib version ae9fb3d66. The testcase for BZ#23741 (stdlib/test-bz22786.c) is adjusted to check also for ENOMEM. The patch fixes multiple realpath issues: - Portability fixes for errno clobbering on free (BZ#10635). The function does not call free directly anymore, although it might be done through scratch_buffer_free. The free errno clobbering is being tracked by BZ#17924. - Pointer arithmetic overflows in realpath (BZ#26592). - Realpath cyclically call __alloca(path_max) to consume too much stack space (BZ#26341). - Realpath mishandles EOVERFLOW; stat not needed anyway (BZ#24970). The check is done through faccessat now. Checked on x86_64-linux-gnu and i686-linux-gnu.
* Update copyright dates with scripts/update-copyrightsPaul Eggert2021-01-02208-208/+208
| | | | | | | | | | | | | | | | I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 6694 files FOO. I then removed trailing white space from benchtests/bench-pthread-locks.c and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this diagnostic from Savannah: remote: *** pre-commit check failed ... remote: *** error: lines with trailing whitespace found remote: error: hook declined to update refs/heads/master
* nonstring: Enable __FORTIFY_LEVEL=3Siddhesh Poyarekar2020-12-311-18/+24
| | | | | Use __builtin_dynamic_object_size in the remaining functions that don't have compiler builtins as is the case for string functions.
* getenv: Move call to strlen to the branch it's used in.Lode Willems2020-12-181-1/+1
| | | | | | | | | The len variable is only used in the else branch. We don't need the call to strlen if the name is 0 or 1 characters long. 2019-10-02 Lode Willems <Lode.Willems@UGent.be> * tdlib/getenv.c: Move the call to strlen into the branch it's used.
* Remove strtoimax, strtoumax, wcstoimax, wcstoumax inlinesJoseph Myers2020-12-141-118/+0
| | | | | | | | | | | | | inttypes.h has inline implementations of the strtoimax, strtoumax, wcstoimax and wcstoumax functions, despite the corresponding stdlib.h and wchar.h inlines having been removed in 2007 (commit 9b2e9577b228350b15d88303b00097dd58e8d29b). Remove those inlines, thereby eliminating all references to the corresponding __*_internal functions from installed headers (so they could be made into compat symbols in future if desired). Tested for x86_64 and x86.
* Fix spelling and grammar in several commentsJonny Grant2020-12-121-1/+1
|
* Make strtoimax, strtoumax, wcstoimax, wcstoumax into aliasesJoseph Myers2020-12-087-5/+2
| | | | | | | | | | | The functions strtoimax, strtoumax, wcstoimax, wcstoumax currently have three implementations each (wordsize-32, wordsize-64 and dummy implementation in stdlib/ using #error), defining the functions as thin wrappers round corresponding *_internal functions. Simplify the code by changing them into aliases of functions such as strtol and wcstoull. This is more consistent with how e.g. imaxdiv is handled. Tested for x86_64 and x86.
* Revert "Fix missing redirects in testsuite targets"Andreas Schwab2020-10-081-2/+2
| | | | | This reverts commit d5afb38503. The log files are actually created by the various shell scripts that drive the tests.
* Remove internal usage of extensible stat functionsAdhemerval Zanella2020-09-111-1/+1
| | | | | | | | | | | | It replaces the internal usage of __{f,l}xstat{at}{64} with the __{f,l}stat{at}{64}. It should not change the generate code since sys/stat.h explicit defines redirections to internal calls back to xstat* symbols. Checked with a build for all affected ABIs. I also check on x86_64-linux-gnu and i686-linux-gnu. Reviewed-by: Lukasz Majewski <lukma@denx.de>
* Fix typo in comment in bug 26137 fix.Joseph Myers2020-07-011-1/+1
|
* Fix strtod multiple-precision division bug (bug 26137).Joseph Myers2020-06-303-2/+3577
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug 26137 reports spurious "inexact" exceptions from strtod, on 32-bit systems only, for a decimal argument that is exactly 1 + 2^-32. In fact the same issue also appears for 1 + 2^-64 and 1 + 2^-96 as arguments to strtof128 on 32-bit systems, and 1 + 2^-64 as an argument to strtof128 on 64-bit systems. In FE_DOWNWARD or FE_TOWARDZERO mode, the return value is also incorrect. The problem is in the multiple-precision division logic used in the case of dividing by a denominator that occupies at least three GMP limbs. There was a comment "The division does not work if the upper limb of the two-limb mumerator is greater than the denominator.", but in fact there were problems for the case of equality (that is, where the high limbs are equal, offset by some multiple of the GMP limb size) as well. In such cases, the code used "quot = ~(mp_limb_t) 0;" (with subsequent correction if that is an overestimate), because udiv_qrnnd does not support the case of equality, but it's possible for the shifted numerator to be greater than or equal to the denominator, in which case that is an underestimate. To avoid that, this patch changes the ">" condition to ">=", meaning the first division is done with a zero high word. The tests added are all 1 + 2^-n for n from 1 to 113 except for those that were already present in tst-strtod-round-data. Tested for x86_64 and x86.
* random: range is not portably RAND_MAX [BZ #7003]John Marshall2020-06-301-1/+1
| | | | | | | On other platforms, RAND_MAX (which is the range of rand(3)) may differ from 2^31-1 (which is the range of random(3)). Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* mbstowcs: Document, test, and fix null pointer dst semantics (Bug 25219)Carlos O'Donell2020-06-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The function mbstowcs, by an XSI extension to POSIX, accepts a null pointer for the destination wchar_t array. This API behaviour allows you to use the function to compute the length of the required wchar_t array i.e. does the conversion without storing it and returns the number of wide characters required. We remove the __write_only__ markup for the first argument because it is not true since the destination may be a null pointer, and so the length argument may not apply. We remove the markup otherwise the new test case cannot be compiled with -Werror=nonnull. We add a new test case for mbstowcs which exercises the destination is a null pointer behaviour which we have now explicitly documented. The mbsrtowcs and mbsnrtowcs behave similarly, and mbsrtowcs is documented as doing this in C11, even if the standard doesn't come out and call out this specific use case. We add one note to each of mbsrtowcs and mbsnrtowcs to call out that they support a null pointer for the destination. The wcsrtombs function behaves similarly but in the other way around and allows you to use a null destination pointer to compute how many bytes you would need to convert the wide character input. We document this particular case also, but leave wcsnrtombs as a references to wcsrtombs, so the reader must still read the details of the semantics for wcsrtombs.
* improve out-of-bounds checking with GCC 10 attribute access [BZ #25219]Martin Sebor2020-05-042-10/+16
| | | | | | | | Adds the access attribute newly introduced in GCC 10 to the subset of function declarations that are already covered by _FORTIFY_SOURCE and that don't have corresponding GCC built-in equivalents. Reviewed-by: DJ Delorie <dj@redhat.com>
* Rename __LONG_DOUBLE_USES_FLOAT128 to __LDOUBLE_REDIRECTS_TO_FLOAT128_ABIPaul E. Murphy2020-04-303-3/+3
| | | | | | | | | | | | | | | Improve the commentary to aid future developers who will stumble upon this novel, yet not always perfect, mechanism to support alternative formats for long double. Likewise, rename __LONG_DOUBLE_USES_FLOAT128 to __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI now that development work has settled down. The command used was git grep -l __LONG_DOUBLE_USES_FLOAT128 ':!./ChangeLog*' | \ xargs sed -i 's/__LONG_DOUBLE_USES_FLOAT128/__LDOUBLE_REDIRECTS_TO_FLOAT128_ABI/g' Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
* Remove unused floating-point configuration from gmp-impl.h.Joseph Myers2020-04-281-50/+0
| | | | | | | | | | | | | | | This patch removes the IEEE_DOUBLE_BIG_ENDIAN and IEEE_DOUBLE_MIXED_ENDIAN macros from gmp-impl.h and gmp-mparam.h, and the ieee_double_extract union from gmp-impl.h. The macros were used only in defining the union, which was used nowhere in glibc. As GMP's gmp-impl.h is over 5000 lines, the file in glibc is so far from the GMP version that it doesn't seem to make sense to keep things there that are not relevant in glibc. (I expect there is plenty more in the header after this patch that is also not relevant in glibc and can be cleaned up later.) Tested with build-many-glibcs.py that installed stripped shared libraries are unchanged by this patch.
* Add GRND_INSECURE from Linux 5.6 to sys/random.hJoseph Myers2020-04-091-0/+1
| | | | | | | | | | This patch adds the GRND_INSECURE constant from Linux 5.6 to glibc's sys/random.h. This is also added to the documentation. The constant acts as a no-op for the Hurd implementation (as that doesn't check whether the flags are known), which is semantically fine, while older Linux kernels reject unknown flags with an EINVAL error. Tested for x86_64.
* stdlib: Move tst-system to tests-containerAdhemerval Zanella2020-03-252-5/+8
| | | | | | Fix some issues with different shell and error messages. Checked on x86_64-linux-gnu and i686-linux-gnu.
* posix: Fix system error return value [BZ #25715]Adhemerval Zanella2020-03-231-4/+118
| | | | | | | | It fixes 5fb7fc9635 when posix_spawn fails. Checked on x86_64-linux-gnu and i686-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* gcc PR 89877: miscompilation due to missing cc clobber in longlong.h macrosVineet Gupta2020-03-101-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | simple test such as below was failing. | void main(int argc, char *argv[]) | { | size_t total_time = 115424; // expected 115.424 | double secs = (double)total_time/(double)1000; | printf("%s %d %lf\n", "secs", total_time, secs); // prints 113.504 | printf("%d\n", (size_t)secs); | } The printf eventually called into glibc stdlib/divrem.c:__mpn_divrem() which uses the __arc__ specific inline asm macros from longlong.h which were causing miscompilation. include/ 2019-03-28 Vineet Gupta <vgupta@synopsys.com> PR 89877 * longlong.h [__arc__] (add_ssaaaa): Add cc clobber (sub_ddmmss): Likewise. Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
* Prepare redirections for IEEE long double on powerpc64leGabriel F. T. Gomes2020-02-173-2/+27
| | | | | | | | | | | | | | | | | | | | | | | | | All functions that have a format string, which can consume a long double argument, must have one version for each long double format supported on a platform. On powerpc64le, these functions currently have two versions (i.e.: long double with the same format as double, and long double with IBM Extended Precision format). Support for a third long double format option (i.e. long double with IEEE long double format) is being prepared and all the aforementioned functions now have a third version (not yet exported on the master branch, but the code is in). For these functions to get selected (during build time), references to them in user programs (or dependent libraries) must get redirected to the aforementioned new versions of the functions. This patch installs the header magic required to perform such redirections. Notice, however, that since the redirections only happen when __LONG_DOUBLE_USES_FLOAT128 is set to 1, and no platform (including powerpc64le) currently does it, no redirections actually happen. Redirections and the exporting of the new functions will happen at the same time (when powerpc64le adds ldbl-128ibm-compat to their Implies. Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com> Reviewed-by: Paul E. Murphy <murphyp@linux.vnet.ibm.com>
* stdlib: Reduce namespace pollution in <inttypes.h>Florian Weimer2020-02-171-24/+24
| | | | | | The namespace pollution results in conform test failures if the tests are run __USE_EXTERN_INLINES defined (e.g., when configuring with CC="gcc -O3" CXX="g++ -O3").
* Update copyright dates with scripts/update-copyrights.Joseph Myers2020-01-01208-208/+208
|
* hurd: Fix local PLTSamuel Thibault2019-12-131-2/+4
| | | | | | | | | | * include/sys/random.h (__getrandom): Add hidden prototype. * stdlib/getrandom.c (getrandom): Rename to hidden definition __getrandom. Add weak alias. * sysdeps/mach/hurd/getrandom.c (getrandom): Likewise. * sysdeps/unix/sysv/linux/getrandom.c (getrandom): Likewise. * sysdeps/mach/hurd/getentropy.c (getentropy): Use __getrandom instead of getrandom.
* Expand $(as-needed) and $(no-as-needed) throughout the build systemFlorian Weimer2019-12-031-1/+1
| | | | | | | | | Since commit a3cc4f48e94f32c9532ee36982ac00eb1e5719b0 ("Remove --as-needed configure test."), --as-needed support is no longer optional. The macros are not much shorter and do not provide documentary value, either, so this commit removes them.
* ldbl-128ibm-compat: Add strfmon_l with IEEE long double formatRajalakshmi Srinivasaraghavan2019-12-031-4/+27
| | | | | | | | | | | | Similarly to what has been done for printf-like functions, more specifically to the internal implementation in __vfprintf_internal, this patch extends __vstrfmon_l_internal to deal with long double values with binary128 format (as a third format option and reusing the float128 implementation). Tested for powerpc64le, powerpc64, x86_64, and with build-many-glibcs. Reviewed-by: Paul E. Murphy <murphyp@linux.ibm.com>
* Prefer https to http for gnu.org and fsf.org URLsPaul Eggert2019-09-07208-208/+208
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also, change sources.redhat.com to sourceware.org. This patch was automatically generated by running the following shell script, which uses GNU sed, and which avoids modifying files imported from upstream: sed -ri ' s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g ' \ $(find $(git ls-files) -prune -type f \ ! -name '*.po' \ ! -name 'ChangeLog*' \ ! -path COPYING ! -path COPYING.LIB \ ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \ ! -path manual/texinfo.tex ! -path scripts/config.guess \ ! -path scripts/config.sub ! -path scripts/install-sh \ ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \ ! -path INSTALL ! -path locale/programs/charmap-kw.h \ ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \ ! '(' -name configure \ -execdir test -f configure.ac -o -f configure.in ';' ')' \ ! '(' -name preconfigure \ -execdir test -f preconfigure.ac ';' ')' \ -print) and then by running 'make dist-prepare' to regenerate files built from the altered files, and then executing the following to cleanup: chmod a+x sysdeps/unix/sysv/linux/riscv/configure # Omit irrelevant whitespace and comment-only changes, # perhaps from a slightly-different Autoconf version. git checkout -f \ sysdeps/csky/configure \ sysdeps/hppa/configure \ sysdeps/riscv/configure \ sysdeps/unix/sysv/linux/csky/configure # Omit changes that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines git checkout -f \ sysdeps/powerpc/powerpc64/ppc-mcount.S \ sysdeps/unix/sysv/linux/s390/s390-64/syscall.S # Omit change that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
* Fix spellings of contributor names in comments and docPaul Eggert2019-08-231-1/+1
|
* Declare most TS 18661-1 interfaces for C2X.Joseph Myers2019-08-133-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | C2X adds the interfaces from TS 18661-1, and all except a handful in Annex F are unconditionally visible in C2X rather than only visible when __STDC_WANT_IEC_60559_BFP_EXT__ is defined. This patch updates glibc headers accordingly: most uses of __GLIBC_USE (IEC_60559_BFP_EXT) are changed to a new __GLIBC_USE (IEC_60559_BFP_EXT_C2X). (Regarding totalorder and totalordermag, the type-generic macros in tgmath.h will go away when the functions are changed to take pointer arguments.) * bits/libc-header-start.h (__GLIBC_USE_IEC_60559_BFP_EXT): Update comment. (__GLIBC_USE_IEC_60559_BFP_EXT_C2X): New macro. * bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Change to [__GLIBC_USE (IEC_60559_BFP_EXT_C2X)]. * include/limits.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise. * math/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise. * math/math.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise. * stdlib/bits/stdlib-ldbl.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise. * stdlib/stdint.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise. * stdlib/stdlib.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise. * sysdeps/aarch64/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise. * sysdeps/alpha/fpu/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise. * sysdeps/arm/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise. * sysdeps/csky/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise. * sysdeps/hppa/fpu/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise. * sysdeps/ia64/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise. * sysdeps/m68k/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise. * sysdeps/microblaze/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise. * sysdeps/mips/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise. * sysdeps/nios2/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise. * sysdeps/powerpc/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise. * sysdeps/riscv/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise. * sysdeps/s390/fpu/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise. * sysdeps/sh/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise. * sysdeps/sparc/fpu/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise. * sysdeps/x86/fpu/bits/fenv.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise. * math/bits/mathcalls.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise, except for totalorder, totalordermag, getpayload, setpayload and setpayloadsig. * math/tgmath.h [__GLIBC_USE (IEC_60559_BFP_EXT)]: Likewise, except for totalorder and totalordermag.
* malloc: make malloc fail with requests larger than PTRDIFF_MAX (BZ#23741)Adhemerval Zanella2019-04-181-5/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As discussed previously on libc-alpha [1], this patch follows up the idea and add both the __attribute_alloc_size__ on malloc functions (malloc, calloc, realloc, reallocarray, valloc, pvalloc, and memalign) and limit maximum requested allocation size to up PTRDIFF_MAX (taking into consideration internal padding and alignment). This aligns glibc with gcc expected size defined by default warning -Walloc-size-larger-than value which warns for allocation larger than PTRDIFF_MAX. It also aligns with gcc expectation regarding libc and expected size, such as described in PR#67999 [2] and previously discussed ISO C11 issues [3] on libc-alpha. From the RFC thread [4] and previous discussion, it seems that consensus is only to limit such requested size for malloc functions, not the system allocation one (mmap, sbrk, etc.). The implementation changes checked_request2size to check for both overflow and maximum object size up to PTRDIFF_MAX. No additional checks are done on sysmalloc, so it can still issue mmap with values larger than PTRDIFF_T depending on the requested size. The __attribute_alloc_size__ is for functions that return a pointer only, which means it cannot be applied to posix_memalign (see remarks in GCC PR#87683 [5]). The runtimes checks to limit maximum requested allocation size does applies to posix_memalign. Checked on x86_64-linux-gnu and i686-linux-gnu. [1] https://sourceware.org/ml/libc-alpha/2018-11/msg00223.html [2] https://gcc.gnu.org/bugzilla//show_bug.cgi?id=67999 [3] https://sourceware.org/ml/libc-alpha/2011-12/msg00066.html [4] https://sourceware.org/ml/libc-alpha/2018-11/msg00224.html [5] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87683 [BZ #23741] * malloc/hooks.c (malloc_check, realloc_check): Use __builtin_add_overflow on overflow check and adapt to checked_request2size change. * malloc/malloc.c (__libc_malloc, __libc_realloc, _mid_memalign, __libc_pvalloc, __libc_calloc, _int_memalign): Limit maximum allocation size to PTRDIFF_MAX. (REQUEST_OUT_OF_RANGE): Remove macro. (checked_request2size): Change to inline function and limit maximum requested size to PTRDIFF_MAX. (__libc_malloc, __libc_realloc, _int_malloc, _int_memalign): Limit maximum allocation size to PTRDIFF_MAX. (_mid_memalign): Use _int_memalign call for overflow check. (__libc_pvalloc): Use __builtin_add_overflow on overflow check. (__libc_calloc): Use __builtin_mul_overflow for overflow check and limit maximum requested size to PTRDIFF_MAX. * malloc/malloc.h (malloc, calloc, realloc, reallocarray, memalign, valloc, pvalloc): Add __attribute_alloc_size__. * stdlib/stdlib.h (malloc, realloc, reallocarray, valloc): Likewise. * malloc/tst-malloc-too-large.c (do_test): Add check for allocation larger than PTRDIFF_MAX. * malloc/tst-memalign.c (do_test): Disable -Walloc-size-larger-than= around tests of malloc with negative sizes. * malloc/tst-posix_memalign.c (do_test): Likewise. * malloc/tst-pvalloc.c (do_test): Likewise. * malloc/tst-valloc.c (do_test): Likewise. * malloc/tst-reallocarray.c (do_test): Replace call to reallocarray with resulting size allocation larger than PTRDIFF_MAX with reallocarray_nowarn. (reallocarray_nowarn): New function. * NEWS: Mention the malloc function semantic change.
* stdlib/tst-secure-getenv: handle >64 groupsMike Gerow2019-04-171-4/+15
| | | | | | | This test would fail unnecessarily if the user running it had more than 64 groups since getgroups returns EINVAL if the size provided is less than the number of supplementary group IDs. Instead dynamically determine the number of supplementary groups the user has.
* Move inttypes.h and stdint.h to stdlib.Zack Weinberg2019-03-132-0/+753
| | | | | | | | | | | | | | inttypes.h and stdint.h are in sysdeps/generic, but there are no other versions of these headers anywhere in the source tree, so they aren’t actually system-dependent. Move them to the subdirectory that installs them (stdlib). Reviewed-by: Joseph Myers <joseph@codesourcery.com> * sysdeps/generic/inttypes.h, sysdeps/generic/stdint.h: Move to stdlib. * include/inttypes.h: Adjust to match. * include/stdint.h: New wrapper.
* Add some spaces before '('.Joseph Myers2019-02-274-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes various places where a space should have been present before '(' in accordance with the GNU Coding Standards. Most but not all of the fixes in this patch are for calls to sizeof (but it's not exhaustive regarding such calls that should be fixed). Tested for x86_64, and with build-many-glibcs.py. * benchtests/bench-strcpy.c (do_test): Use space before '('. * benchtests/bench-string.h (cmdline_process_function): Likewise. * benchtests/bench-strlen.c (do_test): Likewise. (test_main): Likewise. * catgets/gencat.c (read_old): Likewise. * elf/cache.c (load_aux_cache): Likewise. * iconvdata/bug-iconv8.c (do_test): Likewise. * math/test-tgmath-ret.c (do_test): Likewise. * nis/nis_call.c (rec_dirsearch): Likewise. * nis/nis_findserv.c (__nis_findfastest_with_timeout): Likewise. * nptl/tst-audit-threads.c (do_test): Likewise. * nptl/tst-cancel4-common.h (set_socket_buffer): Likewise. * nss/nss_test1.c (init): Likewise. * nss/test-netdb.c (test_hosts): Likewise. * posix/execvpe.c (maybe_script_execute): Likewise. * stdio-common/tst-fmemopen4.c (do_test): Likewise. * stdio-common/tst-printf.c (do_test): Likewise. * stdio-common/vfscanf-internal.c (__vfscanf_internal): Likewise. * stdlib/fmtmsg.c (NKEYWORDS): Likewise. * stdlib/qsort.c (STACK_SIZE): Likewise. * stdlib/test-canon.c (do_test): Likewise. * stdlib/tst-swapcontext1.c (do_test): Likewise. * string/memcmp.c (OPSIZ): Likewise. * string/test-strcpy.c (do_test): Likewise. (do_random_tests): Likewise. * string/test-strlen.c (do_test): Likewise. (test_main): Likewise. * string/test-strrchr.c (do_test): Likewise. (do_random_tests): Likewise. * string/tester.c (test_memrchr): Likewise. (test_memchr): Likewise. * sysdeps/generic/memcopy.h (OPSIZ): Likewise. * sysdeps/generic/unwind-dw2.c (execute_stack_op): Likewise. * sysdeps/generic/unwind-pe.h (read_sleb128): Likewise. (read_encoded_value_with_base): Likewise. * sysdeps/hppa/dl-machine.h (elf_machine_runtime_setup): Likewise. * sysdeps/hppa/fpu/feupdateenv.c (__feupdateenv): Likewise. * sysdeps/ia64/fpu/sfp-machine.h (TI_BITS): Likewise. * sysdeps/mach/hurd/spawni.c (__spawni): Likewise. * sysdeps/posix/spawni.c (maybe_script_execute): Likewise. * sysdeps/powerpc/fpu/tst-setcontext-fpscr.c (query_auxv): Likewise. * sysdeps/unix/sysv/linux/aarch64/bits/procfs.h (ELF_NGREG): Likewise. * sysdeps/unix/sysv/linux/arm/bits/procfs.h (ELF_NGREG): Likewise. * sysdeps/unix/sysv/linux/arm/ioperm.c (init_iosys): Likewise. * sysdeps/unix/sysv/linux/csky/bits/procfs.h (ELF_NGREG): Likewise. * sysdeps/unix/sysv/linux/m68k/bits/procfs.h (ELF_NGREG): Likewise. * sysdeps/unix/sysv/linux/nios2/bits/procfs.h (ELF_NGREG): Likewise. * sysdeps/unix/sysv/linux/spawni.c (maybe_script_execute): Likewise. * sysdeps/unix/sysv/linux/x86/bits/procfs.h (ELF_NGREG): Likewise. * sysdeps/unix/sysv/linux/x86/bits/sigcontext.h (FP_XSTATE_MAGIC2_SIZE): Likewise. * sysdeps/x86/fpu/sfp-machine.h (TI_BITS): Likewise. * time/test_time.c (main): Likewise.
* Break some lines before not after operators.Joseph Myers2019-02-223-24/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The GNU Coding Standards specify that line breaks in expressions should go before an operator, not after one. This patch fixes various code to do this. It only changes code that appears to be mostly following GNU style anyway, not files and directories with substantially different formatting. It is not exhaustive even for files using GNU style (for example, changes to sysdeps files are deferred for subsequent cleanups). Some files changed are shared with gnulib, but most are specific to glibc. Changes were made manually, with places to change found by grep (so some cases, e.g. where the operator was followed by a comment at end of line, are particularly liable to have been missed by grep, but I did include cases where the operator was followed by backslash-newline). This patch generally does not attempt to address other coding style issues in the expressions changed (for example, missing spaces before '(', or lack of parentheses to ensure indentation of continuation lines properly reflects operator precedence). Tested for x86_64, and with build-many-glibcs.py. * benchtests/bench-memmem.c (simple_memmem): Break lines before rather than after operators. * benchtests/bench-skeleton.c (TIMESPEC_AFTER): Likewise. * crypt/md5.c (md5_finish_ctx): Likewise. * crypt/sha256.c (__sha256_finish_ctx): Likewise. * crypt/sha512.c (__sha512_finish_ctx): Likewise. * elf/cache.c (load_aux_cache): Likewise. * elf/dl-load.c (open_verify): Likewise. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * elf/readelflib.c (process_elf_file): Likewise. * elf/rtld.c (dl_main): Likewise. * elf/sprof.c (generate_call_graph): Likewise. * hurd/ctty-input.c (_hurd_ctty_input): Likewise. * hurd/ctty-output.c (_hurd_ctty_output): Likewise. * hurd/dtable.c (reauth_dtable): Likewise. * hurd/getdport.c (__getdport): Likewise. * hurd/hurd/signal.h (_hurd_interrupted_rpc_timeout): Likewise. * hurd/hurd/sigpreempt.h (HURD_PREEMPT_SIGNAL_P): Likewise. * hurd/hurdfault.c (_hurdsig_fault_catch_exception_raise): Likewise. * hurd/hurdioctl.c (fioctl): Likewise. * hurd/hurdselect.c (_hurd_select): Likewise. * hurd/hurdsig.c (_hurdsig_abort_rpcs): Likewise. (STOPSIGS): Likewise. * hurd/hurdstartup.c (_hurd_startup): Likewise. * hurd/intr-msg.c (_hurd_intr_rpc_mach_msg): Likewise. * hurd/lookup-retry.c (__hurd_file_name_lookup_retry): Likewise. * hurd/msgportdemux.c (msgport_server): Likewise. * hurd/setauth.c (_hurd_setauth): Likewise. * include/features.h (__GLIBC_USE_DEPRECATED_SCANF): Likewise. * libio/libioP.h [IO_DEBUG] (CHECK_FILE): Likewise. * locale/programs/ld-ctype.c (set_class_defaults): Likewise. * localedata/tests-mbwc/tst_swscanf.c (tst_swscanf): Likewise. * login/tst-utmp.c (do_check): Likewise. (simulate_login): Likewise. * mach/lowlevellock.h (lll_lock): Likewise. (lll_trylock): Likewise. * math/test-fenv.c (ALL_EXC): Likewise. * math/test-fenvinline.c (ALL_EXC): Likewise. * misc/sys/cdefs.h (__attribute_deprecated_msg__): Likewise. * nis/nis_call.c (__do_niscall3): Likewise. * nis/nis_callback.c (cb_prog_1): Likewise. * nis/nis_defaults.c (searchaccess): Likewise. * nis/nis_findserv.c (__nis_findfastest_with_timeout): Likewise. * nis/nis_ismember.c (internal_ismember): Likewise. * nis/nis_local_names.c (nis_local_principal): Likewise. * nis/nss_nis/nis-rpc.c (_nss_nis_getrpcbyname_r): Likewise. * nis/nss_nisplus/nisplus-netgrp.c (_nss_nisplus_getnetgrent_r): Likewise. * nis/ypclnt.c (yp_match): Likewise. (yp_first): Likewise. (yp_next): Likewise. (yp_master): Likewise. (yp_order): Likewise. * nscd/hstcache.c (cache_addhst): Likewise. * nscd/initgrcache.c (addinitgroupsX): Likewise. * nss/nss_compat/compat-pwd.c (copy_pwd_changes): Likewise. (internal_getpwuid_r): Likewise. * nss/nss_compat/compat-spwd.c (copy_spwd_changes): Likewise. * posix/glob.h (__GLOB_FLAGS): Likewise. * posix/regcomp.c (peek_token): Likewise. (peek_token_bracket): Likewise. (parse_expression): Likewise. * posix/regexec.c (sift_states_iter_mb): Likewise. (check_node_accept_bytes): Likewise. * posix/tst-spawn3.c (do_test): Likewise. * posix/wordexp-test.c (testit): Likewise. * posix/wordexp.c (parse_tilde): Likewise. (exec_comm): Likewise. * posix/wordexp.h (__WRDE_FLAGS): Likewise. * resource/vtimes.c (TIMEVAL_TO_VTIMES): Likewise. * setjmp/sigjmp.c (__sigjmp_save): Likewise. * stdio-common/printf_fp.c (__printf_fp_l): Likewise. * stdio-common/tst-fileno.c (do_test): Likewise. * stdio-common/vfprintf-internal.c (vfprintf): Likewise. * stdlib/strfmon_l.c (__vstrfmon_l_internal): Likewise. * stdlib/strtod_l.c (round_and_return): Likewise. (____STRTOF_INTERNAL): Likewise. * stdlib/tst-strfrom.h (TEST_STRFROM): Likewise. * string/strcspn.c (STRCSPN): Likewise. * string/test-memmem.c (simple_memmem): Likewise. * termios/tcsetattr.c (tcsetattr): Likewise. * time/alt_digit.c (_nl_parse_alt_digit): Likewise. * time/asctime.c (asctime_internal): Likewise. * time/strptime_l.c (__strptime_internal): Likewise. * time/sys/time.h (timercmp): Likewise. * time/tzfile.c (__tzfile_compute): Likewise.
* testsuite: stdlib/isomac.c: add missing includeAurelien Jarno2019-02-031-0/+1
| | | | | | | | | | | | | | | | | When running the testsuite, building stdlib/isomac.c outputs the following warning: gcc -O -D_GNU_SOURCE -DIS_IN_build -include /home/aurel32/glibc-build/config.h isomac.c -o /home/aurel32/glibc-build/stdlib/isomac isomac.c: In function ‘get_null_defines’: isomac.c:260:3: warning: implicit declaration of function ‘close’; did you mean ‘pclose’? [-Wimplicit-function-declaration] close (fd); ^~~~~ pclose Fix that by adding the <unistd.h> include. Changelog: * stdlib/isomac.c: Include <unistd.h>.
* Update copyright dates with scripts/update-copyrights.Joseph Myers2019-01-01206-206/+206
| | | | | | | * All files with FSF copyright notices: Update copyright dates using scripts/update-copyrights. * locale/programs/charmap-kw.h: Regenerated. * locale/programs/locfile-kw.h: Likewise.
* Update longlong.h.Joseph Myers2018-12-211-58/+57
| | | | | | | | | | | | | This patch updates longlong.h from GCC. There were no local changes in glibc (the previous version was identical to the r232143 GCC version, apart from copyright dates which had been updated in both places), so this patch makes it identical to the version in GCC again. Tested for x86_64 and x86. Also tested with build-many-glibcs.py for its RISC-V configurations, as the glibc architecture with the most substantial changes in longlong.h in this patch. * stdlib/longlong.h: Update from GCC.
* Add __v*printf_internal with flags argumentsZack Weinberg2018-12-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are a lot more printf variants than there are scanf variants, and the code for setting up and tearing down their custom FILE variants around the call to __vf(w)printf is more complicated and variable. Therefore, I have added _internal versions of all the v*printf variants, rather than introducing helper routines so that they can all directly call __vf(w)printf_internal, as was done with scanf. As with the scanf changes, in this patch the _internal functions still look at the environmental mode bits and all callers pass 0 for the flags parameter. Several of the affected public functions had _IO_ name aliases that were not exported (but, in one case, appeared in libio.h anyway); I was originally planning to leave them as aliases to avoid having to touch internal callers, but it turns out ldbl_*_alias only work for exported symbols, so they've all been removed instead. It also turns out there were hardly any internal callers. _IO_vsprintf and _IO_vfprintf *are* exported, so those two stick around. Summary for the changes to each of the affected symbols: _IO_vfprintf, _IO_vsprintf: All internal calls removed, thus the internal declarations, as well as uses of libc_hidden_proto and libc_hidden_def, were also removed. The external symbol is now exposed via uses of ldbl_strong_alias to __vfprintf_internal and __vsprintf_internal, respectively. _IO_vasprintf, _IO_vdprintf, _IO_vsnprintf, _IO_vfwprintf, _IO_vswprintf, _IO_obstack_vprintf, _IO_obstack_printf: All internal calls removed, thus declaration in internal headers were also removed. They were never exported, so there are no aliases tying them to the internal functions. I.e.: entirely gone. __vsnprintf: Internal calls were always preceded by macros such as #define __vsnprintf _IO_vsnprintf, and #define __vsnprintf vsnprintf The macros were removed and their uses replaced with calls to the new internal function __vsnprintf_internal. Since there were no internal calls, the internal declaration was also removed. The external symbol is preserved with ldbl_weak_alias to ___vsnprintf. __vfwprintf: All internal calls converted into calls to __vfwprintf_internal, thus the internal declaration was removed. The function is now a wrapper that calls __vfwprintf_internal. The external symbol is preserved. __vswprintf: Similarly, but no external symbol. __vasprintf, __vdprintf, __vfprintf, __vsprintf: New internal wrappers. Not exported. vasprintf, vdprintf, vfprintf, vsprintf, vsnprintf, vfwprintf, vswprintf, obstack_vprintf, obstack_printf: These functions used to be aliases to the respective _IO_* function, they are now aliases to their respective __* functions. Tested for powerpc and powerpc64le.
* stdlib: assert on NULL function pointer in atexit etc. [BZ #20544]Paul Pluzhnikov2018-11-304-1/+125
|
* Use STRFMON_LDBL_IS_DBL instead of __ldbl_is_dbl.Zack Weinberg2018-11-162-5/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | On platforms where long double used to have the same format as double, but later switched to a different format (alpha, s390, sparc, and powerpc), accessing the older behavior is possible and it happens via __nldbl_* functions (not on the API, but accessible from header redirection and from compat symbols). These functions write to the global flag __ldbl_is_dbl, which tells other functions that long double variables should be handled as double. This patch takes the first step towards removing this global flag and creates __vstrfmon_l_internal, which takes an explicit flags parameter. This change arguably makes the generated code slightly worse on architectures where __ldbl_is_dbl is never true; right now, on those architectures, it's a compile-time constant; after this change, the compiler could theoretically prove that __vstrfmon_l_internal was never called with a nonzero flags argument, but it would probably need LTO to do it. This is not performance critical code and I tend to think that the maintainability benefits of removing action at a distance are worth it. However, we _could_ wrap the runtime flag check with a macro that was defined to ignore its argument and always return false on architectures where __ldbl_is_dbl is never true, if people think the codegen benefits are important. Tested for powerpc and powerpc64le.
* stdlib/test-bz22786: Avoid memory leaks in the test itselfFlorian Weimer2018-10-301-2/+4
|
* stdlib/tst-strtod-overflow: Switch to support_blob_repeatFlorian Weimer2018-10-301-6/+10
| | | | This is another test with an avoidable large memory allocation.
* stdlib/test-bz22786: Avoid spurious test failures using alias mappingsFlorian Weimer2018-10-301-10/+6
| | | | | | | | On systems without enough random-access memory, stdlib/test-bz22786 will go deeply into swap and time out, even with a substantial TIMEOUTFACTOR. This commit adds a facility to construct repeating strings with alias mappings, so that the requirement for physical memory, and uses it in stdlib/test-bz22786.
* Y2038: Add 64-bit time for all architecturesAlbert ARIBAUD (3ADEV)2018-10-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | glibc support for 64-bit time_t on 32-bit architectures will involve: - Using 64-bit times inside glibc, with conversions to and from 32-bit times taking place as necessary for interfaces using such times. - Adding 64-bit-time support in the glibc public API. This support should be dynamic, i.e. glibc should provide both 32-bit and 64-bit implementations and let user code choose at compile time whether to use the 32-bit or 64-bit interfaces. This requires a glibc-internal name for a type for times that are always 64-bit. Based on __TIMESIZE, a new macro is defined, __TIME64_T_TYPE, which is always the right __*_T_TYPE to hold a 64-bit-time. __TIME64_T_TYPE equals __TIME_T_TYPE if __TIMESIZE equals 64 and equals __SQUAD_T_TYPE otherwise. __time64_t can then replace uses of internal_time_t. This patch was tested by running 'make check' on branch master then applying this patch and its predecessor and running 'make check' again, and checking that both 'make check' yield identical results. This was done on x86_64-linux-gnu and i686-linux-gnu. * bits/time64.h: New file. * include/time.h: Replace internal_time_t with __time64_t. * posix/bits/types (__time64_t): Add. * stdlib/Makefile: Add bits/time64.h to includes. * time/tzfile.c: Replace internal_time_t with __time64_t.