about summary refs log tree commit diff
path: root/libio
Commit message (Collapse)AuthorAgeFilesLines
* Make sure that the fortified function conditionals are constantSiddhesh Poyarekar2022-03-111-63/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In _FORTIFY_SOURCE=3, the size expression may be non-constant, resulting in branches in the inline functions remaining intact and causing a tiny overhead. Clang (and in future, gcc) make sure that the -1 case is always safe, i.e. any comparison of the generated expression with (size_t)-1 is always false so that bit is taken care of. The rest is avoidable since we want the _chk variant whenever we have a size expression and it's not -1. Rework the conditionals in a uniform way to clearly indicate two conditions at compile time: - Either the size is unknown (-1) or we know at compile time that the operation length is less than the object size. We can call the original function in this case. It could be that either the length, object size or both are non-constant, but the compiler, through range analysis, is able to fold the *comparison* to a constant. - The size and length are known and the compiler can see at compile time that operation length > object size. This is valid grounds for a warning at compile time, followed by emitting the _chk variant. For everything else, emit the _chk variant. This simplifies most of the fortified function implementations and at the same time, ensures that only one call from _chk or the regular function is emitted. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> (cherry picked from commit a643f60c53876be0d57b4b7373770e6cb356fd13)
* Don't add access size hints to fortifiable functionsSiddhesh Poyarekar2022-03-112-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the context of a function definition, the size hints imply that the size of an object pointed to by one parameter is another parameter. This doesn't make sense for the fortified versions of the functions since that's the bit it's trying to validate. This is harmless with __builtin_object_size since it has fairly simple semantics when it comes to objects passed as function parameters. With __builtin_dynamic_object_size we could (as my patchset for gcc[1] already does) use the access attribute to determine the object size in the general case but it misleads the fortified functions. Basically the problem occurs when access attributes are present on regular functions that have inline fortified definitions to generate _chk variants; the attributes get inherited by these definitions, causing problems when analyzing them. For example with poll(fds, nfds, timeout), nfds is hinted using the __attr_access as being the size of fds. Now, when analyzing the inline function definition in bits/poll2.h, the compiler sees that nfds is the size of fds and tries to use that information in the function body. In _FORTIFY_SOURCE=3 case, where the object size could be a non-constant expression, this information results in the conclusion that nfds is the size of fds, which defeats the purpose of the implementation because we're trying to check here if nfds does indeed represent the size of fds. Hence for this case, it is best to not have the access attribute. With the attributes gone, the expression evaluation should get delayed until the function is actually inlined into its destinations. Disable the access attribute for fortified function inline functions when building at _FORTIFY_SOURCE=3 to make this work better. The access attributes remain for the _chk variants since they can be used by the compiler to warn when the caller is passing invalid arguments. [1] https://gcc.gnu.org/pipermail/gcc-patches/2021-October/581125.html Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> (cherry picked from commit e938c02748402c50f60ba0eb983273e7b52937d1)
* Move malloc hooks into a compat DSOSiddhesh Poyarekar2021-07-221-4/+8
| | | | | | | | | | | | | | | | | | | | | | | | Remove all malloc hook uses from core malloc functions and move it into a new library libc_malloc_debug.so. With this, the hooks now no longer have any effect on the core library. libc_malloc_debug.so is a malloc interposer that needs to be preloaded to get hooks functionality back so that the debugging features that depend on the hooks, i.e. malloc-check, mcheck and mtrace work again. Without the preloaded DSO these debugging features will be nops. These features will be ported away from hooks in subsequent patches. Similarly, legacy applications that need hooks functionality need to preload libc_malloc_debug.so. The symbols exported by libc_malloc_debug.so are maintained at exactly the same version as libc.so. Finally, static binaries will no longer be able to use malloc debugging features since they cannot preload the debugging DSO. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* libio: Replace internal _IO_getdelim symbol with __getdelimFlorian Weimer2021-07-072-5/+3
| | | | | | | __getdelim is exported, _IO_getdelim is not. Add a hidden prototype for __getdelim. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* libio: Add hidden prototype for ungetcFlorian Weimer2021-07-071-3/+3
| | | | | | And make ungetc the primary symbol, with _IO_ungetc as an alias. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Use 64 bit time_t stat internallyAdhemerval Zanella2021-06-224-7/+7
| | | | | | | | | | For the legacy ABI with supports 32-bit time_t it calls the 64-bit time directly, since the LFS symbols calls the 64-bit time_t ones internally. Checked on i686-linux-gnu and x86_64-linux-gnu. Reviewed-by: Lukasz Majewski <lukma@denx.de>
* libio: Assume _IO_lock_inexpensiveAdhemerval Zanella2021-06-041-9/+2
| | | | It is already set by both Linux and Hurd.
* Add missing symbols to Version filesFlorian Weimer2021-06-021-0/+3
| | | | | | | | | Some symbols have explicit versioned_symbol or compat_symbol markers in the sources, but no corresponding entry in the Versions files. This presently works because the local: * directive is only applied to the base version. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* stdio-common: Remove _IO_vfwscanfFlorian Weimer2021-06-011-2/+0
| | | | | | | | | The symbol has never been exported, so no compatibility symbol is needed. Removing this file prevents ld from creation an exported symbol in case GLIBC_2_0 expands to a symbol version which does not have a local: *; directive in the symbol version map file. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Enable support for GCC 11 -Wmismatched-dealloc.Martin Sebor2021-05-166-25/+174
| | | | | | | | | | | | | | | | | | | | | | | To help detect common kinds of memory (and other resource) management bugs, GCC 11 adds support for the detection of mismatched calls to allocation and deallocation functions. At each call site to a known deallocation function GCC checks the set of allocation functions the former can be paired with and, if the two don't match, issues a -Wmismatched-dealloc warning (something similar happens in C++ for mismatched calls to new and delete). GCC also uses the same mechanism to detect attempts to deallocate objects not allocated by any allocation function (or pointers past the first byte into allocated objects) by -Wfree-nonheap-object. This support is enabled for built-in functions like malloc and free. To extend it beyond those, GCC extends attribute malloc to designate a deallocation function to which pointers returned from the allocation function may be passed to deallocate the allocated objects. Another, optional argument designates the positional argument to which the pointer must be passed. This change is the first step in enabling this extended support for Glibc.
* Annotate additional APIs with GCC attribute access.Martin Sebor2021-05-061-4/+6
| | | | | | | | | | | | | | | | This change continues the improvements to compile-time out of bounds checking by decorating more APIs with either attribute access, or by explicitly providing the array bound in APIs such as tmpnam() that expect arrays of some minimum size as arguments. (The latter feature is new in GCC 11.) The only effects of the attribute and/or the array bound is to check and diagnose calls to the functions that fail to provide a sufficient number of elements, and the definitions of the functions that access elements outside the specified bounds. (There is no interplay with _FORTIFY_SOURCE here yet.) Tested with GCC 7 through 11 on x86_64-linux.
* nptl: Move pthread_setcancelstate into libcFlorian Weimer2021-04-211-3/+2
| | | | | | | | No new symbol version is required because there was a forwarder. The symbol has been moved using scripts/move-symbol-to-libc.py. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Set the retain attribute on _elf_set_element if CC supports [BZ #27492]Fangrui Song2021-04-169-0/+69
| | | | | | | | | | | | | | | | | | | | | | So that text_set_element/data_set_element/bss_set_element defined variables will be retained by the linker. Note: 'used' and 'retain' are orthogonal: 'used' makes sure the variable will not be optimized out; 'retain' prevents section garbage collection if the linker support SHF_GNU_RETAIN. GNU ld 2.37 and LLD 13 will support -z start-stop-gc which allow C identifier name sections to be GCed even if there are live __start_/__stop_ references. Without the change, there are some static linking problems, e.g. _IO_cleanup (libio/genops.c) may be discarded by ld --gc-sections, so stdout is not flushed on exit. Note: GCC may warning 'retain' attribute ignored while __has_attribute(retain) is 1 (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99587). Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
* libio: Update license on test caseSiddhesh Poyarekar2021-03-301-9/+10
| | | | | | | | | | About a decade ago, I accidentally wrote the GPLv3 license text on the test case when the rest of glibc source is LGPL v2.1 or later. As original author of the test (and there are no other legally significant changes to the test) I propose to update the license text to be consistent with the project. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* Correct buffer end pointer in IO_wdefault_doallocate (BZ #26874)Martin Sebor2021-03-011-4/+3
| | | | | | | | | | | | | An experimental build of GCC 11 with an enhanced -Warray-bounds reports a bug in IO_wdefault_doallocate where the function forms an invalid past-the-end pointer to an allocated wchar_t buffer by failingf to consider the scaling by sizeof (wchar_t). The fix path below corrects this problem. It keeps the buffer size the same as opposed to increasing it according to what other code like it does. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Update copyright dates with scripts/update-copyrightsPaul Eggert2021-01-02174-174/+174
| | | | | | | | | | | | | | | | I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 6694 files FOO. I then removed trailing white space from benchtests/bench-pthread-locks.c and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this diagnostic from Savannah: remote: *** pre-commit check failed ... remote: *** error: lines with trailing whitespace found remote: error: hook declined to update refs/heads/master
* nonstring: Enable __FORTIFY_LEVEL=3Siddhesh Poyarekar2020-12-312-29/+35
| | | | | Use __builtin_dynamic_object_size in the remaining functions that don't have compiler builtins as is the case for string functions.
* Revert "Fix missing redirects in testsuite targets"Andreas Schwab2020-10-081-1/+1
| | | | | This reverts commit d5afb38503. The log files are actually created by the various shell scripts that drive the tests.
* Remove internal usage of extensible stat functionsAdhemerval Zanella2020-09-111-1/+1
| | | | | | | | | | | | It replaces the internal usage of __{f,l}xstat{at}{64} with the __{f,l}stat{at}{64}. It should not change the generate code since sys/stat.h explicit defines redirections to internal calls back to xstat* symbols. Checked with a build for all affected ABIs. I also check on x86_64-linux-gnu and i686-linux-gnu. Reviewed-by: Lukasz Majewski <lukma@denx.de>
* Fix namespace violation in stdio.h and sys/stat.h if build with ↵Stefan Liebler2020-08-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | optimization. [BZ #26376] If build with optimization, stdio.h and sys/stat.h are defining some inlining functions. This leads to test fails if glibc is build with the following commands. (Note that the conformtests usually builds without optimization or other CFLAGS): <glibc>/configure CC="gcc -O3" --prefix=/usr make make subdirs=conform check - FAIL: conform/XPG4/stdio.h/conform - FAIL: conform/XPG42/stdio.h/conform out-files: ... PASSCOMBINED: Availability of variable optopt PASSCOMBINED: Type of variable optopt Namespace violation: "getc_unlocked" Namespace violation: "getchar_unlocked" Namespace violation: "putc_unlocked" Namespace violation: "putchar_unlocked" FAIL: Namespace of <stdio.h> ---------------------------------------------------------------------------- Total number of tests : 168 Number of failed tests : 1 Number of xfailed tests : 0 Number of skipped tests : 0 - FAIL: conform/POSIX2008/sys/stat.h/conform out-file: ... PASSCOMBINED: Availability of function utimensat PASSCOMBINED: Type of function utimensat Namespace violation: "mknodat" FAIL: Namespace of <sys/stat.h> ---------------------------------------------------------------------------- Total number of tests : 97 Number of failed tests : 1 Number of xfailed tests : 0 Number of skipped tests : 0 For getc_unlocked, getchar_unlocked, putc_unlocked, putchar_unlocked in stdio.h, those are defined "# ifdef __USE_POSIX" instead of "#ifdef __USE_POSIX199506" for the non-inlining declaration. See also "Bug 20014 - stdio.h namespace for pre-threads POSIX" (https://sourceware.org/bugzilla/show_bug.cgi?id=20014). For mknodat in sys/stat.h, those are defined "# ifdef __USE_ATFILE" instead of the additional guard "# if defined __USE_MISC || defined __USE_XOPEN_EXTENDED".
* libio: Remove __libc_readline_unlockedFlorian Weimer2020-07-214-410/+2
| | | | | | | | | | | __nss_readline supersedes it. This reverts part of commit 3f5e3f5d066dcffb80af48ae2cf35a01a85a8f10 ("libio: Implement internal function __libc_readline_unlocked"). The internal aliases __fseeko64 and __ftello64 are preserved because they are needed by __nss_readline as well. Tested-by: Carlos O'Donell <carlos@redhat.com> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* signal: Move sys_errlist to a compat symbolAdhemerval Zanella2020-07-072-7/+1
| | | | | | | | | | | | | | | | | | | | The symbol is deprecated by strerror since its usage imposes some issues such as copy relocations. Its internal name is also changed to _sys_errlist_internal to avoid static linking usage. The compat code is also refactored by removing the over enginered errlist-compat.c generation from manual entried and extra comment token in linker script file. It disantangle the code generation from manual and simplify both Linux and Hurd compat code. The definitions from errlist.c are moved to errlist.h and a new test is added to avoid a new errno entry without an associated one in manual. Checked on x86_64-linux-gnu and i686-linux-gnu. I also run a check-abi on all affected platforms. Tested-by: Carlos O'Donell <carlos@redhat.com> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* improve out-of-bounds checking with GCC 10 attribute access [BZ #25219]Martin Sebor2020-05-042-11/+19
| | | | | | | | Adds the access attribute newly introduced in GCC 10 to the subset of function declarations that are already covered by _FORTIFY_SOURCE and that don't have corresponding GCC built-in equivalents. Reviewed-by: DJ Delorie <dj@redhat.com>
* Rename __LONG_DOUBLE_USES_FLOAT128 to __LDOUBLE_REDIRECTS_TO_FLOAT128_ABIPaul E. Murphy2020-04-302-6/+6
| | | | | | | | | | | | | | | Improve the commentary to aid future developers who will stumble upon this novel, yet not always perfect, mechanism to support alternative formats for long double. Likewise, rename __LONG_DOUBLE_USES_FLOAT128 to __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI now that development work has settled down. The command used was git grep -l __LONG_DOUBLE_USES_FLOAT128 ':!./ChangeLog*' | \ xargs sed -i 's/__LONG_DOUBLE_USES_FLOAT128/__LDOUBLE_REDIRECTS_TO_FLOAT128_ABI/g' Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
* <fd_to_filename.h>: Add type safety and port to HurdFlorian Weimer2020-02-182-4/+4
| | | | | | | | | The new type struct fd_to_filename makes the allocation of the backing storage explicit. Hurd uses /dev/fd, not /proc/self/fd. Co-Authored-By: Paul Eggert <eggert@cs.ucla.edu>
* Prepare redirections for IEEE long double on powerpc64leGabriel F. T. Gomes2020-02-172-20/+42
| | | | | | | | | | | | | | | | | | | | | | | | | All functions that have a format string, which can consume a long double argument, must have one version for each long double format supported on a platform. On powerpc64le, these functions currently have two versions (i.e.: long double with the same format as double, and long double with IBM Extended Precision format). Support for a third long double format option (i.e. long double with IEEE long double format) is being prepared and all the aforementioned functions now have a third version (not yet exported on the master branch, but the code is in). For these functions to get selected (during build time), references to them in user programs (or dependent libraries) must get redirected to the aforementioned new versions of the functions. This patch installs the header magic required to perform such redirections. Notice, however, that since the redirections only happen when __LONG_DOUBLE_USES_FLOAT128 is set to 1, and no platform (including powerpc64le) currently does it, no redirections actually happen. Redirections and the exporting of the new functions will happen at the same time (when powerpc64le adds ldbl-128ibm-compat to their Implies. Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com> Reviewed-by: Paul E. Murphy <murphyp@linux.vnet.ibm.com>
* Update copyright dates with scripts/update-copyrights.Joseph Myers2020-01-01176-176/+176
|
* Remove __waitpid_nocancelAdhemerval Zanella2019-12-191-1/+5
| | | | | | | | | It enables and disables cancellation with pthread_setcancelstate before calling the waitpid. It simplifies the waitpid implementation for architectures that do not provide either __NR_waitpid or __NR_wait4. Checked on x86_64-linux-gnu.
* libio: Disable vtable validation for pre-2.1 interposed handles [BZ #25203]Florian Weimer2019-11-271-0/+5
| | | | | | | | | | | | Commit c402355dfa7807b8e0adb27c009135a7e2b9f1b0 ("libio: Disable vtable validation in case of interposition [BZ #23313]") only covered the interposable glibc 2.1 handles, in libio/stdfiles.c. The parallel code in libio/oldstdfiles.c needs similar detection logic. Fixes (again) commit db3476aff19b75c4fdefbe65fcd5f0a90588ba51 ("libio: Implement vtable verification [BZ #20191]"). Change-Id: Ief6f9f17e91d1f7263421c56a7dc018f4f595c21
* Use DEPRECATED_SCANF macro for remaining C99-compliant scanf functionsGabriel F. T. Gomes2019-11-221-2/+0
| | | | | | | | | | | | | | | | | | | | When the commit commit 03992356e6fedc5a5e9d32df96c1a2c79ea28a8f Author: Zack Weinberg <zackw@panix.com> Date: Sat Feb 10 11:58:35 2018 -0500 Use C99-compliant scanf under _GNU_SOURCE with modern compilers. added the DEPRECATED_SCANF macro to select when redirections of *scanf functions to their ISO C99 compliant versions should happen, it accidentally missed doing it for vfwscanf, vwscanf, and vswscanf. Tested for powerpc64le and with build-many-glibcs (i686-linux-gnu and nios2-linux-gnu are failing with current master, and with this patch, but I didn't see a regression). Change-Id: I706b344a3fb50be017cdab9251d9da18a3ba8c60
* Redefine _IO_iconv_t to store a single gconv step pointer [BZ #25097]Florian Weimer2019-11-134-63/+52
| | | | | | | | | | | | | | libio can only deal with gconv conversions which consist of a single step. Not using __gconv_info simplifies the data structures somewhat. This eliminates a new GCC 10 warning about subscribing an inner zero-length array. Tested on x86_64-linux-gnu with mainline GCC. Built with build-many-glibcs.py, also with mainline GCC. Due to GCC PR 92039, there are failures left on 32-bit architectures with float128 support. Change-Id: I8b4c489b619a53154712ff32e1b6f13bb92d4203
* libio/tst-fopenloc: Use xsetlocale, xfopen, and xfcloseArjun Shankar2019-11-111-13/+7
|
* Prefer https to http for gnu.org and fsf.org URLsPaul Eggert2019-09-07175-175/+175
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also, change sources.redhat.com to sourceware.org. This patch was automatically generated by running the following shell script, which uses GNU sed, and which avoids modifying files imported from upstream: sed -ri ' s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g ' \ $(find $(git ls-files) -prune -type f \ ! -name '*.po' \ ! -name 'ChangeLog*' \ ! -path COPYING ! -path COPYING.LIB \ ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \ ! -path manual/texinfo.tex ! -path scripts/config.guess \ ! -path scripts/config.sub ! -path scripts/install-sh \ ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \ ! -path INSTALL ! -path locale/programs/charmap-kw.h \ ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \ ! '(' -name configure \ -execdir test -f configure.ac -o -f configure.in ';' ')' \ ! '(' -name preconfigure \ -execdir test -f preconfigure.ac ';' ')' \ -print) and then by running 'make dist-prepare' to regenerate files built from the altered files, and then executing the following to cleanup: chmod a+x sysdeps/unix/sysv/linux/riscv/configure # Omit irrelevant whitespace and comment-only changes, # perhaps from a slightly-different Autoconf version. git checkout -f \ sysdeps/csky/configure \ sysdeps/hppa/configure \ sysdeps/riscv/configure \ sysdeps/unix/sysv/linux/csky/configure # Omit changes that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines git checkout -f \ sysdeps/powerpc/powerpc64/ppc-mcount.S \ sysdeps/unix/sysv/linux/s390/s390-64/syscall.S # Omit change that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
* iconv: Revert steps array reference counting changesFlorian Weimer2019-07-314-115/+8
| | | | | | | | | | | | | | | The changes introduce a memory leak for gconv steps arrays whose first element is an internal conversion, which has a fixed reference count which is not decremented. As a result, after the change in commit 50ce3eae5ba304650459d4441d7d246a7cefc26f, the steps array is never freed, resulting in an unbounded memory leak. This reverts commit 50ce3eae5ba304650459d4441d7d246a7cefc26f ("gconv: Check reference count in __gconv_release_cache [BZ #24677]") and commit 7e740ab2e7be7d83b75513aa406e0b10875f7f9c ("libio: Fix gconv-related memory leak [BZ #24583]"). It reintroduces bug 24583. (Bug 24677 was just a regression caused by the second commit.)
* Prepare vfprintf to use __printf_fp/__printf_fphex with float128 argGabriel F. T. Gomes2019-06-271-4/+16
| | | | | | | | | | | | | | | | | | | | | | | | On powerpc64le, long double can currently take two formats: the same as double (-mlong-double-64) or IBM Extended Precision (default with -mlong-double-128 or explicitly with -mabi=ibmlongdouble). The internal implementation of printf-like functions is aware of these possibilities and properly parses floating-point values from the variable arguments, before making calls to __printf_fp and __printf_fphex. These functions are also aware of the format possibilities and know how to convert both formats to string. When library support for TS 18661-3 was added to glibc, __printf_fp and __printf_fphex were extended with support for an additional type (__float128/_Float128) with a different format (binary128). Now that powerpc64le is getting support for its third long double format, and taking into account that this format is the same as the format of __float128/_Float128, this patch extends __vfprintf_internal to properly call __printf_fp and __printf_fphex with this new format. Tested for powerpc64le (with additional patches to actually enable the use of these preparations) and for x86_64. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* libio: do not attempt to free wide buffers of legacy streams [BZ #24228]Dmitry V. Levin2019-06-204-5/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit a601b74d31ca086de38441d316a3dee24c866305 aka glibc-2.23~693 ("In preparation for fixing BZ#16734, fix failure in misc/tst-error1-mem when _G_HAVE_MMAP is turned off.") introduced a regression: _IO_unbuffer_all now invokes _IO_wsetb to free wide buffers of all files, including legacy standard files which are small statically allocated objects that do not have wide buffers and the _mode member, causing memory corruption. Another memory corruption in _IO_unbuffer_all happens when -1 is assigned to the _mode member of legacy standard files that do not have it. [BZ #24228] * libio/genops.c (_IO_unbuffer_all) [SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_1)]: Do not attempt to free wide buffers and access _IO_FILE_complete members of legacy libio streams. * libio/tst-bz24228.c: New file. * libio/tst-bz24228.map: Likewise. * libio/Makefile [build-shared] (tests): Add tst-bz24228. [build-shared] (generated): Add tst-bz24228.mtrace and tst-bz24228.check. [run-built-tests && build-shared] (tests-special): Add $(objpfx)tst-bz24228-mem.out. (LDFLAGS-tst-bz24228, tst-bz24228-ENV): New variables. ($(objpfx)tst-bz24228-mem.out): New rule.
* libio: freopen of default streams crashes in old programs [BZ #24632]Florian Weimer2019-06-122-1/+6
| | | | As seen with very old i386 GCC binaries.
* libio: Fix gconv-related memory leak [BZ #24583]Florian Weimer2019-05-214-8/+115
| | | | | | | struct gconv_fcts for the C locale is statically allocated, and __gconv_close_transform deallocates the steps object. Therefore this commit introduces __wcsmbs_close_conv to avoid freeing the statically allocated steps objects.
* libio: Remove codecvt vtable [BZ #24588]Florian Weimer2019-05-209-205/+92
| | | | | | | | | | | | | | The codecvt vtable is not a real vtable because it also contains the conversion state data. Furthermore, wide stream support was added to GCC 3.0, after a C++ ABI bump, so there is no compatibility requirement with libstdc++. This change removes several unmangled function pointers which could be used with a corrupted FILE object to redirect execution. (libio vtable verification did not cover the codecvt vtable.) Reviewed-by: Yann Droneaud <ydroneaud@opteya.com> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Fix crash in _IO_wfile_sync (bug 20568)Andreas Schwab2019-05-154-3/+46
| | | | | | When computing the length of the converted part of the stdio buffer, use the number of consumed wide characters, not the (negative) distance to the end of the wide buffer.
* Break more lines before not after operators.Joseph Myers2019-02-251-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch makes further coding style fixes where code was breaking lines after an operator, contrary to the GNU Coding Standards. As with the previous patch, it is limited to files following a reasonable approximation to GNU style already, and is not exhaustive; more such issues remain to be fixed. Tested for x86_64, and with build-many-glibcs.py. * dirent/dirent.h [!_DIRENT_HAVE_D_NAMLEN && _DIRENT_HAVE_D_RECLEN] (_D_ALLOC_NAMLEN): Break lines before rather than after operators. * elf/cache.c (print_cache): Likewise. * gshadow/fgetsgent_r.c (__fgetsgent_r): Likewise. * htl/pt-getattr.c (__pthread_getattr_np): Likewise. * hurd/hurdinit.c (_hurd_setproc): Likewise. * hurd/hurdkill.c (_hurd_sig_post): Likewise. * hurd/hurdlookup.c (__file_name_lookup_under): Likewise. * hurd/hurdsig.c (_hurd_internal_post_signal): Likewise. (reauth_proc): Likewise. * hurd/lookup-at.c (__file_name_lookup_at): Likewise. (__file_name_split_at): Likewise. (__directory_name_split_at): Likewise. * hurd/lookup-retry.c (__hurd_file_name_lookup_retry): Likewise. * hurd/port2fd.c (_hurd_port2fd): Likewise. * iconv/gconv_dl.c (do_print): Likewise. * inet/netinet/in.h (struct sockaddr_in): Likewise. * libio/wstrops.c (_IO_wstr_seekoff): Likewise. * locale/setlocale.c (new_composite_name): Likewise. * malloc/memusagestat.c (main): Likewise. * misc/fstab.c (fstab_convert): Likewise. * nptl/pthread_mutex_unlock.c (__pthread_mutex_unlock_usercnt): Likewise. * nss/nss_compat/compat-grp.c (getgrent_next_nss): Likewise. (getgrent_next_file): Likewise. (internal_getgrnam_r): Likewise. (internal_getgrgid_r): Likewise. * nss/nss_compat/compat-initgroups.c (getgrent_next_nss): Likewise. (internal_getgrent_r): Likewise. * nss/nss_compat/compat-pwd.c (getpwent_next_nss_netgr): Likewise. (getpwent_next_nss): Likewise. (getpwent_next_file): Likewise. (internal_getpwnam_r): Likewise. (internal_getpwuid_r): Likewise. * nss/nss_compat/compat-spwd.c (getspent_next_nss_netgr): Likewise. (getspent_next_nss): Likewise. (internal_getspnam_r): Likewise. * pwd/fgetpwent_r.c (__fgetpwent_r): Likewise. * shadow/fgetspent_r.c (__fgetspent_r): Likewise. * string/strchr.c (STRCHR): Likewise. * string/strchrnul.c (STRCHRNUL): Likewise. * sysdeps/aarch64/fpu/fpu_control.h (_FPU_FPCR_IEEE): Likewise. * sysdeps/aarch64/sfp-machine.h (_FP_CHOOSENAN): Likewise. * sysdeps/csky/dl-machine.h (elf_machine_rela): Likewise. * sysdeps/generic/memcopy.h (PAGE_COPY_FWD_MAYBE): Likewise. * sysdeps/generic/symbol-hacks.h (__stack_chk_fail_local): Likewise. * sysdeps/gnu/netinet/ip_icmp.h (ICMP_INFOTYPE): Likewise. * sysdeps/gnu/updwtmp.c (TRANSFORM_UTMP_FILE_NAME): Likewise. * sysdeps/gnu/utmp_file.c (TRANSFORM_UTMP_FILE_NAME): Likewise. * sysdeps/hppa/jmpbuf-unwind.h (_JMPBUF_UNWINDS): Likewise. * sysdeps/mach/hurd/bits/stat.h (S_ISPARE): Likewise. * sysdeps/mach/hurd/dl-sysdep.c (_dl_sysdep_start): Likewise. (open_file): Likewise. * sysdeps/mach/hurd/htl/pt-mutexattr-setprotocol.c (pthread_mutexattr_setprotocol): Likewise. * sysdeps/mach/hurd/ioctl.c (__ioctl): Likewise. * sysdeps/mach/hurd/mmap.c (__mmap): Likewise. * sysdeps/mach/hurd/ptrace.c (ptrace): Likewise. * sysdeps/mach/hurd/spawni.c (__spawni): Likewise. * sysdeps/microblaze/dl-machine.h (elf_machine_type_class): Likewise. (elf_machine_rela): Likewise. * sysdeps/mips/mips32/sfp-machine.h (_FP_CHOOSENAN): Likewise. * sysdeps/mips/mips64/sfp-machine.h (_FP_CHOOSENAN): Likewise. * sysdeps/mips/sys/asm.h (multiple #if conditionals): Likewise. * sysdeps/posix/rename.c (rename): Likewise. * sysdeps/powerpc/novmx-sigjmp.c (__novmx__sigjmp_save): Likewise. * sysdeps/powerpc/sigjmp.c (__vmx__sigjmp_save): Likewise. * sysdeps/s390/fpu/fenv_libc.h (FPC_VALID_MASK): Likewise. * sysdeps/s390/utf8-utf16-z9.c (gconv_end): Likewise. * sysdeps/unix/grantpt.c (grantpt): Likewise. * sysdeps/unix/sysv/linux/a.out.h (N_TXTOFF): Likewise. * sysdeps/unix/sysv/linux/updwtmp.c (TRANSFORM_UTMP_FILE_NAME): Likewise. * sysdeps/unix/sysv/linux/utmp_file.c (TRANSFORM_UTMP_FILE_NAME): Likewise. * sysdeps/x86/cpu-features.c (get_common_indices): Likewise. * time/tzfile.c (__tzfile_compute): Likewise.
* Break some lines before not after operators.Joseph Myers2019-02-221-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The GNU Coding Standards specify that line breaks in expressions should go before an operator, not after one. This patch fixes various code to do this. It only changes code that appears to be mostly following GNU style anyway, not files and directories with substantially different formatting. It is not exhaustive even for files using GNU style (for example, changes to sysdeps files are deferred for subsequent cleanups). Some files changed are shared with gnulib, but most are specific to glibc. Changes were made manually, with places to change found by grep (so some cases, e.g. where the operator was followed by a comment at end of line, are particularly liable to have been missed by grep, but I did include cases where the operator was followed by backslash-newline). This patch generally does not attempt to address other coding style issues in the expressions changed (for example, missing spaces before '(', or lack of parentheses to ensure indentation of continuation lines properly reflects operator precedence). Tested for x86_64, and with build-many-glibcs.py. * benchtests/bench-memmem.c (simple_memmem): Break lines before rather than after operators. * benchtests/bench-skeleton.c (TIMESPEC_AFTER): Likewise. * crypt/md5.c (md5_finish_ctx): Likewise. * crypt/sha256.c (__sha256_finish_ctx): Likewise. * crypt/sha512.c (__sha512_finish_ctx): Likewise. * elf/cache.c (load_aux_cache): Likewise. * elf/dl-load.c (open_verify): Likewise. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * elf/readelflib.c (process_elf_file): Likewise. * elf/rtld.c (dl_main): Likewise. * elf/sprof.c (generate_call_graph): Likewise. * hurd/ctty-input.c (_hurd_ctty_input): Likewise. * hurd/ctty-output.c (_hurd_ctty_output): Likewise. * hurd/dtable.c (reauth_dtable): Likewise. * hurd/getdport.c (__getdport): Likewise. * hurd/hurd/signal.h (_hurd_interrupted_rpc_timeout): Likewise. * hurd/hurd/sigpreempt.h (HURD_PREEMPT_SIGNAL_P): Likewise. * hurd/hurdfault.c (_hurdsig_fault_catch_exception_raise): Likewise. * hurd/hurdioctl.c (fioctl): Likewise. * hurd/hurdselect.c (_hurd_select): Likewise. * hurd/hurdsig.c (_hurdsig_abort_rpcs): Likewise. (STOPSIGS): Likewise. * hurd/hurdstartup.c (_hurd_startup): Likewise. * hurd/intr-msg.c (_hurd_intr_rpc_mach_msg): Likewise. * hurd/lookup-retry.c (__hurd_file_name_lookup_retry): Likewise. * hurd/msgportdemux.c (msgport_server): Likewise. * hurd/setauth.c (_hurd_setauth): Likewise. * include/features.h (__GLIBC_USE_DEPRECATED_SCANF): Likewise. * libio/libioP.h [IO_DEBUG] (CHECK_FILE): Likewise. * locale/programs/ld-ctype.c (set_class_defaults): Likewise. * localedata/tests-mbwc/tst_swscanf.c (tst_swscanf): Likewise. * login/tst-utmp.c (do_check): Likewise. (simulate_login): Likewise. * mach/lowlevellock.h (lll_lock): Likewise. (lll_trylock): Likewise. * math/test-fenv.c (ALL_EXC): Likewise. * math/test-fenvinline.c (ALL_EXC): Likewise. * misc/sys/cdefs.h (__attribute_deprecated_msg__): Likewise. * nis/nis_call.c (__do_niscall3): Likewise. * nis/nis_callback.c (cb_prog_1): Likewise. * nis/nis_defaults.c (searchaccess): Likewise. * nis/nis_findserv.c (__nis_findfastest_with_timeout): Likewise. * nis/nis_ismember.c (internal_ismember): Likewise. * nis/nis_local_names.c (nis_local_principal): Likewise. * nis/nss_nis/nis-rpc.c (_nss_nis_getrpcbyname_r): Likewise. * nis/nss_nisplus/nisplus-netgrp.c (_nss_nisplus_getnetgrent_r): Likewise. * nis/ypclnt.c (yp_match): Likewise. (yp_first): Likewise. (yp_next): Likewise. (yp_master): Likewise. (yp_order): Likewise. * nscd/hstcache.c (cache_addhst): Likewise. * nscd/initgrcache.c (addinitgroupsX): Likewise. * nss/nss_compat/compat-pwd.c (copy_pwd_changes): Likewise. (internal_getpwuid_r): Likewise. * nss/nss_compat/compat-spwd.c (copy_spwd_changes): Likewise. * posix/glob.h (__GLOB_FLAGS): Likewise. * posix/regcomp.c (peek_token): Likewise. (peek_token_bracket): Likewise. (parse_expression): Likewise. * posix/regexec.c (sift_states_iter_mb): Likewise. (check_node_accept_bytes): Likewise. * posix/tst-spawn3.c (do_test): Likewise. * posix/wordexp-test.c (testit): Likewise. * posix/wordexp.c (parse_tilde): Likewise. (exec_comm): Likewise. * posix/wordexp.h (__WRDE_FLAGS): Likewise. * resource/vtimes.c (TIMEVAL_TO_VTIMES): Likewise. * setjmp/sigjmp.c (__sigjmp_save): Likewise. * stdio-common/printf_fp.c (__printf_fp_l): Likewise. * stdio-common/tst-fileno.c (do_test): Likewise. * stdio-common/vfprintf-internal.c (vfprintf): Likewise. * stdlib/strfmon_l.c (__vstrfmon_l_internal): Likewise. * stdlib/strtod_l.c (round_and_return): Likewise. (____STRTOF_INTERNAL): Likewise. * stdlib/tst-strfrom.h (TEST_STRFROM): Likewise. * string/strcspn.c (STRCSPN): Likewise. * string/test-memmem.c (simple_memmem): Likewise. * termios/tcsetattr.c (tcsetattr): Likewise. * time/alt_digit.c (_nl_parse_alt_digit): Likewise. * time/asctime.c (asctime_internal): Likewise. * time/strptime_l.c (__strptime_internal): Likewise. * time/sys/time.h (timercmp): Likewise. * time/tzfile.c (__tzfile_compute): Likewise.
* libio: Eliminate _IO_stdin, _IO_stdout, _IO_stderrFlorian Weimer2019-02-1810-51/+44
| | | | | | | | | | | | | These variables are only used to determine if a stdio stream is a pre-allocated stream, but it is possible to do so by comparing a FILE * to all pre-allocated stream objects. As a result, it is not necessary to keep those pointers in separate variables. Behavior with symbol interposition is unchanged because _IO_stdin_, _IO_stdout_, _IO_stderr_ are exported, and refer to objects outside of libc if symbol interposition or copy relocations are involved. (The removed variables _IO_stdin, _IO_stdout, _IO_stderr were not exported, of course.)
* Fix -Wempty-body warnings in glibc.Joseph Myers2019-02-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | One group of warnings seen building glibc with -Wextra is -Wempty-body warnings about an 'if' body (or in one case an 'else' body) that is just a semicolon, "warning: suggest braces around empty body in an 'if' statement [-Wempty-body]" - I think the point of the warning being to make it more visible whether an 'if' body is actually present or not. This patch fixes such warnings in glibc. There's one place, with a semicolon at the end of a comment, where this is clearly making the presence of an 'else' body more visible. The other cases involve macro definitions expanding to nothing. While there's no issue there with visibility at the call sites, I think it's still cleaner to have a macro that expands to something nonempty appropriate for the context - so do {} while (0) if it's only intended to be usable as a statement, or ((void) 0) where the macro definition is an alternative to a call to a function returning void, so this patch makes those changes. Tested for x86_64. * catgets/gencat.c (normalize_line): Use braces around empty 'else' body. * include/stap-probe.h [!USE_STAP_PROBE && !__ASSEMBLER__] (STAP_PROBE0): Use do {} while (0) for do-nothing definition. [!USE_STAP_PROBE && !__ASSEMBLER__] (STAP_PROBE1): Likewise. [!USE_STAP_PROBE && !__ASSEMBLER__] (STAP_PROBE2): Likewise. [!USE_STAP_PROBE && !__ASSEMBLER__] (STAP_PROBE3): Likewise. [!USE_STAP_PROBE && !__ASSEMBLER__] (STAP_PROBE4): Likewise. * libio/libio.h (_IO_funlockfile): Use ((void) 0) for do-nothing definition.
* Fix wide char format specifier in libio/tst-bz24153.c.Stefan Liebler2019-02-061-2/+2
| | | | | | | | | | | | | | | | | | | | On big endian systems the test fails with: tst-bz24153.c:88: numeric comparison failure left: 1660944385 (0x63000001); from: ch right: 99 (0x63); from: L'c' tst-bz24153.c:90: numeric comparison failure left: 1677721601 (0x64000001); from: ch right: 100 (0x64); from: L'd' error: 2 test failures One 'char' ("%c") is stored to the 'wchar_t *': ch = 0x00000001 | 0x63000000 This patch is using "%lc" as format specifier to read a wchar_t. ChangeLog: * libio/tst-bz24153.c (wide): Use wide char format specifier.
* libio: Use stdin consistently for input functions [BZ #24153]Florian Weimer2019-02-039-21/+135
| | | | | The internal _IO_stdin_ variable is not updated when the application assigns to stdin, which is a GNU extension.
* libio: use stdout in puts and putchar, etc [BZ #24051].Paul Pluzhnikov2019-01-319-25/+106
| | | | | | | | | GLIBC explicitly allows one to assign a new FILE pointer to stdout and other standard streams. printf and wprintf were honouring assignment to stdout and using the new value, but puts, putchar, and wide char variants did not. The stdout part is fixed here. The stdin part will be fixed in a followup.
* Use C99-compliant scanf under _GNU_SOURCE with modern compilers.Zack Weinberg2019-01-039-19/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The only difference between noncompliant and C99-compliant scanf is that the former accepts the archaic GNU extension '%as' (also %aS and %a[...]) meaning to allocate space for the input string with malloc. This extension conflicts with C99's use of %a as a format _type_ meaning to read a floating-point number; POSIX.1-2008 standardized equivalent functionality using the modifier letter 'm' instead (%ms, %mS, %m[...]). The extension was already disabled in most conformance modes: specifically, any mode that doesn't involve _GNU_SOURCE and _does_ involve either strict conformance to C99 or loose conformance to both C99 and POSIX.1-2001 would get the C99-compliant scanf. With compilers new enough to use -std=gnu11 instead of -std=gnu89, or equivalent, that includes the default mode. With this patch, we now provide C99-compliant scanf in all configurations except when _GNU_SOURCE is defined *and* __STDC_VERSION__ or __cplusplus (whichever is relevant) indicates C89/C++98. This leaves the old scanf available under e.g. -std=c89 -D_GNU_SOURCE, but removes it from e.g. -std=gnu11 -D_GNU_SOURCE (it was already not present under -std=gnu11 without -D_GNU_SOURCE) and from -std=gnu89 without -D_GNU_SOURCE. There needs to be an internal override so we can compile the noncompliant scanf itself. This is the same problem we had when we removed 'gets' from _GNU_SOURCE and it's dealt with the same way: there's a new __GLIBC_USE symbol, DEPRECATED_SCANF, which defaults to off under the appropriate conditions for external code, but can be overridden by individual files within stdio. We also run into problems with PLT bypass for internal uses of sscanf, because libc_hidden_proto uses __REDIRECT and so does the logic in stdio.h for choosing which implementation of scanf to use; __REDIRECT isn't transitive, so include/stdio.h needs to bridge the gap with a macro. As far as I can tell, sscanf is the only function in this family that's internally called by unrelated code. Finally, there are several tests in stdio-common that use the extension. bug21.c is a regression test for a crash; it still exercises the relevant code when changed to use %ms instead of %as. scanf14.c through scanf17.c are more complicated since they are actually testing the subtleties of the extension - under what circumstances is 'a' treated as a modifier letter, etc. I changed all of them to use %ms instead of %as as well, but duplicated scanf14.c and scanf16.c as scanf14a.c and scanf16a.c. These still use %as and are compiled with -std=gnu89 to access the old extension. A bunch of diagnostic overrides and manual workarounds for the old stdio.h behavior become unnecessary. Yay! * include/features.h (__GLIBC_USE_DEPRECATED_SCANF): New __GLIBC_USE parameter. Only use deprecated scanf when __USE_GNU is defined and __STDC_VERSION__ is less than 199901L or __cplusplus is less than 201103L, whichever is relevant for the language being compiled. * libio/stdio.h, libio/bits/stdio-ldbl.h: Decide whether to redirect scanf, fscanf, sscanf, vscanf, vfscanf, and vsscanf to their __isoc99_ variants based only on __GLIBC_USE (DEPRECATED_SCANF). * wcsmbs/wchar.h: wcsmbs/bits/wchar-ldbl.h: Likewise for wscanf, fwscanf, swscanf, vwscanf, vfwscanf, and vswscanf. * libio/iovsscanf.c * libio/fwscanf.c * libio/iovswscanf.c * libio/swscanf.c * libio/vscanf.c * libio/vwscanf.c * libio/wscanf.c * stdio-common/fscanf.c * stdio-common/scanf.c * stdio-common/vfscanf.c * stdio-common/vfwscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-compat.c * sysdeps/ieee754/ldbl-opt/nldbl-fscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-fwscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-iovfscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-scanf.c * sysdeps/ieee754/ldbl-opt/nldbl-sscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-swscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-vfscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-vfwscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-vscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-vsscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-vswscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-vwscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-wscanf.c: Override __GLIBC_USE_DEPRECATED_SCANF to 1. * stdio-common/sscanf.c: Likewise. Remove ldbl_hidden_def for __sscanf. * stdio-common/isoc99_sscanf.c: Add libc_hidden_def for __isoc99_sscanf. * include/stdio.h: Provide libc_hidden_proto for __isoc99_sscanf, not sscanf. [!__GLIBC_USE (DEPRECATED_SCANF)]: Define sscanf as __isoc99_scanf with a preprocessor macro. * stdio-common/bug21.c, stdio-common/scanf14.c: Use %ms instead of %as, %mS instead of %aS, %m[] instead of %a[]; remove DIAG_IGNORE_NEEDS_COMMENT for -Wformat. * stdio-common/scanf16.c: Likewise. Add __attribute__ ((format (scanf))) to xscanf, xfscanf, xsscanf. * stdio-common/scanf14a.c: New copy of scanf14.c which still uses %as, %aS, %a[]. Remove DIAG_IGNORE_NEEDS_COMMENT for -Wformat. * stdio-common/scanf16a.c: New copy of scanf16.c which still uses %as, %aS, %a[]. Add __attribute__ ((format (scanf))) to xscanf, xfscanf, xsscanf. * stdio-common/scanf15.c, stdio-common/scanf17.c: No need to override feature selection macros or provide definitions of u_char etc. * stdio-common/Makefile (tests): Add scanf14a and scanf16a. (CFLAGS-scanf15.c, CFLAGS-scanf17.c): Remove. (CFLAGS-scanf14a.c, CFLAGS-scanf16a.c): New. Compile these files with -std=gnu89.
* Set behavior of sprintf-like functions with overlapping source and destinationGabriel F. T. Gomes2019-01-025-4/+127
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to ISO C99, passing the same buffer as source and destination to sprintf, snprintf, vsprintf, or vsnprintf has undefined behavior. Until the commit commit 4e2f43f842ef5e253cc23383645adbaa03cedb86 Author: Zack Weinberg <zackw@panix.com> Date: Wed Mar 7 14:32:03 2018 -0500 Use PRINTF_FORTIFY instead of _IO_FLAGS2_FORTIFY (bug 11319) a call to sprintf or vsprintf with overlapping buffers, for instance vsprintf (buf, "%sTEXT", buf), would append `TEXT' into buf, while a call to snprintf or vsnprintf would override the contents of buf. After the aforementioned commit, the behavior of sprintf and vsprintf changed (so that they also override the contents of buf). This patch reverts this behavioral change, because it will likely break applications that rely on the previous behavior, even though it is undefined by ISO C. As noted by Szabolcs Nagy, this is used in SPEC2017 507.cactuBSSN_r/src/PUGH/PughUtils.c: sprintf(mess," Size:"); for (i=0;i<dim+1;i++) { sprintf(mess,"%s %d",mess,pughGH->GFExtras[dim]->nsize[i]); } More important to notice is the fact that the overwriting of the destination buffer is not the only behavior affected by the refactoring. Before the refactoring, sprintf and vsprintf would use _IO_str_jumps, whereas __sprintf_chk and __vsprintf_chk would use _IO_str_chk_jumps. After the refactoring, all use _IO_str_chk_jumps, which would make sprintf and vsprintf report buffer overflows and terminate the program. This patch also reverts this behavior, by installing the appropriate jump table for each *sprintf functions. Apart from reverting the changes, this patch adds a test case that has the old behavior hardcoded, so that regressions are noticed if something else unintentionally changes the behavior. Tested for powerpc64le.
* Update copyright dates with scripts/update-copyrights.Joseph Myers2019-01-01171-171/+171
| | | | | | | * All files with FSF copyright notices: Update copyright dates using scripts/update-copyrights. * locale/programs/charmap-kw.h: Regenerated. * locale/programs/locfile-kw.h: Likewise.