about summary refs log tree commit diff
path: root/stdio-common
Commit message (Collapse)AuthorAgeFilesLines
* stdio-common: Add wide stream coverage to tst-vfprintf-user-typeFlorian Weimer2022-03-181-27/+93
| | | | | | And use TEST_COMPARE_STRING for the narrow tests. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* stdio-common: Generate ja_JP.EUC-JP localeFlorian Weimer2022-03-171-0/+1
| | | | It is needed by tst-swprintf.
* stdio-common: Re-flow and sort Makefile variablesFlorian Weimer2022-03-171-66/+217
|
* Update copyright dates with scripts/update-copyrightsPaul Eggert2022-01-01122-122/+122
| | | | | | | | | | | | | | | | | | | | | | | I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 7061 files FOO. I then removed trailing white space from math/tgmath.h, support/tst-support-open-dev-null-range.c, and sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following obscure pre-commit check failure diagnostics from Savannah. I don't know why I run into these diagnostics whereas others evidently do not. remote: *** 912-#endif remote: *** 913: remote: *** 914- remote: *** error: lines with trailing whitespace found ... remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
* stdio-common: Fix %m sprintf test output for GNU/HurdSamuel Thibault2021-12-271-0/+10
| | | | | GNU/Hurd has slightly different error messages for undefined numbers, due to the notion of error subsystems.
* stdio: Implement %#m for vfprintf and related functionsFlorian Weimer2021-12-233-6/+116
| | | | | | | | | %#m prints errno as an error constant if one is available, or a decimal number as a fallback. This intends to address the gap that strerrorname_np does not work well with printf for unknown error codes due to its NULL return values in those cases. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Support C2X printf %b, %BJoseph Myers2021-11-107-21/+193
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | C2X adds a printf %b format (see <http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2630.pdf>, accepted for C2X), for outputting integers in binary. It also has recommended practice for a corresponding %B format (like %b, but %#B starts the output with 0B instead of 0b). Add support for these formats to glibc. One existing test uses %b as an example of an unknown format, to test how glibc printf handles unknown formats; change that to %v. Use of %b and %B as user-registered format specifiers continues to work (and we already have a test that covers that, tst-printfsz.c). Note that C2X also has scanf %b support, plus support for binary constants starting 0b in strtol (base 0 and 2) and scanf %i (strtol base 0 and scanf %i coming from a previous paper that added binary integer literals). I intend to implement those features in a separate patch or patches; as discussed in the thread starting at <https://sourceware.org/pipermail/libc-alpha/2020-December/120414.html>, they will be more complicated because they involve adding extra public symbols to ensure compatibility with existing code that might not expect 0b constants to be handled by strtol base 0 and 2 and scanf %i, whereas simply adding a new format specifier poses no such compatibility concerns. Note that the actual conversion from integer to string uses existing code in _itoa.c. That code has special cases for bases 8, 10 and 16, probably so that the compiler can optimize division by an integer constant in the code for those bases. If desired such special cases could easily be added for base 2 as well, but that would be an optimization, not actually needed for these printf formats to work. Tested for x86_64 and x86. Also tested with build-many-glibcs.py for aarch64-linux-gnu with GCC mainline to make sure that the test does indeed build with GCC 12 (where format checking warnings are enabled for most of the test).
* Fix memmove call in vfprintf-internal.c:group_numberJoseph Myers2021-11-081-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A recent GCC mainline change introduces errors of the form: vfprintf-internal.c: In function 'group_number': vfprintf-internal.c:2093:15: error: 'memmove' specified bound between 9223372036854775808 and 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Werror=stringop-overflow=] 2093 | memmove (w, s, (front_ptr -s) * sizeof (CHAR_T)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This is a genuine bug in the glibc code: s > front_ptr is always true at this point in the code, and the intent is clearly for the subtraction to be the other way round. The other arguments to the memmove call here also appear to be wrong; w and s point just *after* the destination and source for copying the rest of the number, so the size needs to be subtracted to get appropriate pointers for the copying. Adjust the memmove call to conform to the apparent intent of the code, so fixing the -Wstringop-overflow error. Now, if the original code were ever executed, a buffer overrun would result. However, I believe this code (introduced in commit edc1686af0c0fc2eb535f1d38cdf63c1a5a03675, "vfprintf: Reuse work_buffer in group_number", so in glibc 2.26) is unreachable in prior glibc releases (so there is no need for a bug in Bugzilla, no need to consider any backports unless someone wants to build older glibc releases with GCC 12 and no possibility of this buffer overrun resulting in a security issue). work_buffer is 1000 bytes / 250 wide characters. This case is only reachable if an initial part of the number, plus a grouped copy of the rest of the number, fail to fit in that space; that is, if the grouped number fails to fit in the space. In the wide character case, grouping is always one wide character, so even with a locale (of which there aren't any in glibc) grouping every digit, a number would need to occupy at least 125 wide characters to overflow, and a 64-bit integer occupies at most 23 characters in octal including a leading 0. In the narrow character case, the multibyte encoding of the grouping separator would need to be at least 42 bytes to overflow, again supposing grouping every digit, but MB_LEN_MAX is 16. So even if we admit the case of artificially constructed locales not shipped with glibc, given that such a locale would need to use one of the character sets supported by glibc, this code cannot be reached at present. (And POSIX only actually specifies the ' flag for grouping for decimal output, though glibc acts on it for other bases as well.) With binary output (if you consider use of grouping there to be valid), you'd need a 15-byte multibyte character for overflow; I don't know if any supported character set has such a character (if, again, we admit constructed locales using grouping every digit and a grouping separator chosen to have a multibyte encoding as long as possible, as well as accepting use of grouping with binary), but given that we have this code at all (clearly it's not *correct*, or in accordance with the principle of avoiding arbitrary limits, to skip grouping on running out of internal space like that), I don't think it should need any further changes for binary printf support to go in. On the other hand, support for large sizes of _BitInt in printf (see the N2858 proposal) *would* require something to be done about such arbitrary limits (presumably using dynamic allocation in printf again, for sufficiently large _BitInt arguments only - currently only floating-point uses dynamic allocation, and, as previously discussed, that could actually be replaced by bounded allocation given smarter code). Tested with build-many-glibcs.py for aarch64-linux-gnu (GCC mainline). Also tested natively for x86_64.
* Fix stdio-common tests for GCC 12 -WaddressJoseph Myers2021-10-043-10/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | My glibc bot shows failures building the testsuite with GCC mainline across all architectures: tst-vfprintf-width-prec.c: In function 'do_test': tst-vfprintf-width-prec.c:90:16: error: the comparison will always evaluate as 'false' for the address of 'result' will never be NULL [-Werror=address] 90 | if (result == NULL) | ^~ tst-vfprintf-width-prec.c:89:13: note: 'result' declared here 89 | wchar_t result[100]; | ^~~~~~ This is clearly a correct warning; the comparison against NULL is clearly a cut-and-paste mistake from an earlier case in the test that does use calloc. Thus, remove the unnecessary check for NULL shown up by the warning. Similarly, two other tests have bogus comparisons against NULL; remove those as well: scanf14a.c:95:13: error: the comparison will always evaluate as 'false' for the address of 'fname' will never be NULL [-Werror=address] 95 | if (fname == NULL) | ^~ scanf14a.c:93:8: note: 'fname' declared here 93 | char fname[strlen (tmpdir) + sizeof "/tst-scanf14.XXXXXX"]; | ^~~~~ scanf16a.c:125:13: error: the comparison will always evaluate as 'false' for the address of 'fname' will never be NULL [-Werror=address] 125 | if (fname == NULL) | ^~ scanf16a.c:123:8: note: 'fname' declared here 123 | char fname[strlen (tmpdir) + sizeof "/tst-scanf16.XXXXXX"]; | ^~~~~ Tested with build-many-glibcs.py (GCC mainline) for aarch64-linux-gnu.
* vfprintf: Unify argument handling in process_argFlorian Weimer2021-09-231-117/+89
| | | | | | | Instead of checking a pointer argument for NULL, use helper macros defined differently in the non-positional and positional cases. This avoids frequent conditional checks and a GCC 12 warning about comparing pointers against NULL which cannot be NULL.
* vfprintf: Handle floating-point cases outside of process_arg macroFlorian Weimer2021-09-231-111/+75
| | | | | | A lot of the code is unique to the positional and non-positional code. Also unify the decimal and hexadecimal cases via the new helper function __printf_fp_spec.
* Remove "Contributed by" linesSiddhesh Poyarekar2021-09-0319-22/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | We stopped adding "Contributed by" or similar lines in sources in 2012 in favour of git logs and keeping the Contributors section of the glibc manual up to date. Removing these lines makes the license header a bit more consistent across files and also removes the possibility of error in attribution when license blocks or files are copied across since the contributed-by lines don't actually reflect reality in those cases. Move all "Contributed by" and similar lines (Written by, Test by, etc.) into a new file CONTRIBUTED-BY to retain record of these contributions. These contributors are also mentioned in manual/contrib.texi, so we just maintain this additional record as a courtesy to the earlier developers. The following scripts were used to filter a list of files to edit in place and to clean up the CONTRIBUTED-BY file respectively. These were not added to the glibc sources because they're not expected to be of any use in future given that this is a one time task: https://gist.github.com/siddhesh/b5ecac94eabfd72ed2916d6d8157e7dc https://gist.github.com/siddhesh/15ea1f5e435ace9774f485030695ee02 Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* hurd: Fix errlist error mappingSamuel Thibault2021-08-231-5/+7
| | | | | | On the Hurd, the errno values don't start at 0, so _sys_errlist_internal needs index remapping. The _sys_errlist_internal definition already properly uses ERR_MAP, but __get_errlist and __get_errname were not.
* Move malloc hooks into a compat DSOSiddhesh Poyarekar2021-07-221-5/+10
| | | | | | | | | | | | | | | | | | | | | | | | Remove all malloc hook uses from core malloc functions and move it into a new library libc_malloc_debug.so. With this, the hooks now no longer have any effect on the core library. libc_malloc_debug.so is a malloc interposer that needs to be preloaded to get hooks functionality back so that the debugging features that depend on the hooks, i.e. malloc-check, mcheck and mtrace work again. Without the preloaded DSO these debugging features will be nops. These features will be ported away from hooks in subsequent patches. Similarly, legacy applications that need hooks functionality need to preload libc_malloc_debug.so. The symbols exported by libc_malloc_debug.so are maintained at exactly the same version as libc.so. Finally, static binaries will no longer be able to use malloc debugging features since they cannot preload the debugging DSO. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* libio: Replace internal _IO_getdelim symbol with __getdelimFlorian Weimer2021-07-071-1/+1
| | | | | | | __getdelim is exported, _IO_getdelim is not. Add a hidden prototype for __getdelim. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* stdio-common: Remove _IO_vfwscanfFlorian Weimer2021-06-012-39/+1
| | | | | | | | | The symbol has never been exported, so no compatibility symbol is needed. Removing this file prevents ld from creation an exported symbol in case GLIBC_2_0 expands to a symbol version which does not have a local: *; directive in the symbol version map file. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* linux: Move funlockfile/_IO_funlockfile into libcAdhemerval Zanella2021-05-101-3/+3
| | | | | | | | | | The nptl version is used as default, since now with symbol always present the single-thread optimization is tricky. Hurd is not change, it is used it own lock scheme (which call _cthreads_funlockfile). Checked on x86_64-linux-gnu.
* linux: Move ftrylockfile/_IO_ftrylockfile into libcAdhemerval Zanella2021-05-101-4/+3
| | | | | | | | | | The nptl version is used as default, since now with symbol always present the single-thread optimization is tricky. Hurd is not change, it is used it own lock scheme (which call _cthreads_ftrylockfile). Checked on x86_64-linux-gnu.
* linux: Move flockfile/_IO_flockfile into libcAdhemerval Zanella2021-05-101-3/+3
| | | | | | | | | | The nptl version is used as default, since now with symbol always present the single-thread optimization is tricky. Hurd is not change, it is used it own lock scheme (which call _cthreads_flockfile). Checked on x86_64-linux-gnu.
* Annotate additional APIs with GCC attribute access.Martin Sebor2021-05-062-2/+2
| | | | | | | | | | | | | | | | This change continues the improvements to compile-time out of bounds checking by decorating more APIs with either attribute access, or by explicitly providing the array bound in APIs such as tmpnam() that expect arrays of some minimum size as arguments. (The latter feature is new in GCC 11.) The only effects of the attribute and/or the array bound is to check and diagnose calls to the functions that fail to provide a sufficient number of elements, and the definitions of the functions that access elements outside the specified bounds. (There is no interplay with _FORTIFY_SOURCE here yet.) Tested with GCC 7 through 11 on x86_64-linux.
* stdio: fix vfscanf with matches longer than INT_MAX (bug 27650)Alyssa Ross2021-05-031-9/+4
| | | | | | | | | | Patterns like %*[ can safely be used to match a great many characters, and it's quite realisitic to use them for more than INT_MAX characters from an IO stream. With the previous approach, after INT_MAX characters (v)fscanf would return successfully, indicating an end to the match, even though there wasn't one.
* stdio-common/printf-prs.c: Reword commentAlejandro Colomar \(man-pages\)2021-03-311-2/+2
| | | | | | | | | | | 'this' can be understood as the current parameter, but in this case it is meaning the other one, the one holding the width/precission. 'it' better describes that parameter, differentiating it from the one corresponding to the current specifier. Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* printf: Add smoke tests for long doubleSiddhesh Poyarekar2021-02-052-28/+103
| | | | | | | The printf tests have no coverage for long double. Duplicate the double tests so that we have some basic coverage. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* stdio-common: Add a few double formatting tests [BZ #27245]Mike Hommey2021-02-031-1/+29
| | | | | | Checked on x86_64-linux-gnu. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Update copyright dates with scripts/update-copyrightsPaul Eggert2021-01-02120-120/+120
| | | | | | | | | | | | | | | | I used these shell commands: ../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright (cd ../glibc && git commit -am"[this commit message]") and then ignored the output, which consisted lines saying "FOO: warning: copyright statement not found" for each of 6694 files FOO. I then removed trailing white space from benchtests/bench-pthread-locks.c and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this diagnostic from Savannah: remote: *** pre-commit check failed ... remote: *** error: lines with trailing whitespace found remote: error: hook declined to update refs/heads/master
* tests: Remove NULL check for an arraySiddhesh Poyarekar2020-11-124-8/+0
| | | | | The NULL check for an array on stack is pointless since it will always be false, so drop it.
* __vfscanf_internal: fix aliasing violation (bug 26690)Andreas Schwab2020-10-081-11/+11
| | | | | | | As noted in <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97264>, the cast in the call to the read_int function is an aliasing violation. Change the type of local variable f to a pointer to unsigned, which allows to eliminate most casts while only adding three new ones.
* Revert "Fix missing redirects in testsuite targets"Andreas Schwab2020-10-081-2/+2
| | | | | This reverts commit d5afb38503. The log files are actually created by the various shell scripts that drive the tests.
* string: Fix strerrorname_np return value [BZ #26555]Adhemerval Zanella2020-09-293-37/+669
| | | | | | | | | | | | | | | It returns the string of the error constant, not its description (as strerrordesc_np). To handle the Hurd error mapping, the ERR_MAP was removed from errlist.h to errlist.c. Also, the testcase test-strerr (added on 325081b9eb2) was not added on the check build neither it builds correctly. This patch also changed it to decouple from errlist.h, the expected return values are added explicitly for both both strerrorname_np and strerrordesc_np directly. Checked on x86_64-linux-gnu and i686-linux-gnu. I also run a make check for i686-gnu.
* Fix memory leak in __printf_fp_l (bug 26215).Joseph Myers2020-07-093-8/+57
| | | | | | | | | | __printf_fp_l has a memory leak in the case of some I/O errors, where both buffer and wbuffer have been malloced but the handling of I/O errors only frees wbuffer. This patch fixes this by moving the declaration of buffer to an outer scope and ensuring that it is freed when wbuffer is freed. Tested for x86_64 and x86.
* Fix double free in __printf_fp_l (bug 26214).Joseph Myers2020-07-093-3/+48
| | | | | | | | | | | __printf_fp_l has a double free bug in the case where it allocates memory with malloc internally, then has an I/O error while outputting trailing padding and tries to free that already-freed memory when the error occurs. This patch fixes this by setting the relevant pointer to NULL after the first free (the only free of this pointer that isn't immediately followed by returning from the function). Tested for x86_64 and x86.
* string: Add strerrorname_np and strerrordesc_npAdhemerval Zanella2020-07-072-0/+98
| | | | | | | | | | | | | | | | | The strerrorname_np returns error number name (e.g. "EINVAL" for EINVAL) while strerrordesc_np returns string describing error number (e.g "Invalid argument" for EINVAL). Different than strerror, strerrordesc_np does not attempt to translate the return description, both functions return NULL for an invalid error number. They should be used instead of sys_errlist and sys_nerr, both are thread and async-signal safe. These functions are GNU extensions. Checked on x86-64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu, and s390x-linux-gnu. Tested-by: Carlos O'Donell <carlos@redhat.com> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* string: Add sigabbrev_np and sigdescr_npAdhemerval Zanella2020-07-071-0/+1
| | | | | | | | | | | | | | | | | | The sigabbrev_np returns the abbreviated signal name (e.g. "HUP" for SIGHUP) while sigdescr_np returns the string describing the error number (e.g "Hangup" for SIGHUP). Different than strsignal, sigdescr_np does not attempt to translate the return description and both functions return NULL for an invalid signal number. They should be used instead of sys_siglist or sys_sigabbrev and they are both thread and async-signal safe. They are added as GNU extensions on string.h header (same as strsignal). Checked on x86-64-linux-gnu, i686-linux-gnu, powerpc64le-linux-gnu, and s390x-linux-gnu. Tested-by: Carlos O'Donell <carlos@redhat.com> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* signal: Move sys_errlist to a compat symbolAdhemerval Zanella2020-07-074-14/+101
| | | | | | | | | | | | | | | | | | | | The symbol is deprecated by strerror since its usage imposes some issues such as copy relocations. Its internal name is also changed to _sys_errlist_internal to avoid static linking usage. The compat code is also refactored by removing the over enginered errlist-compat.c generation from manual entried and extra comment token in linker script file. It disantangle the code generation from manual and simplify both Linux and Hurd compat code. The definitions from errlist.c are moved to errlist.h and a new test is added to avoid a new errno entry without an associated one in manual. Checked on x86_64-linux-gnu and i686-linux-gnu. I also run a check-abi on all affected platforms. Tested-by: Carlos O'Donell <carlos@redhat.com> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* signal: Move sys_siglist to a compat symbolAdhemerval Zanella2020-07-073-5/+7
| | | | | | | | | | | | | | | | | | | The symbol was deprecated by strsignal and its usage imposes issues such as copy relocations. Its internal name is changed to __sys_siglist and __sys_sigabbrev to avoid static linking usage. The compat code is also refactored, since both Linux and Hurd usage the same strategy: export the same array with different object sizes. The libSegfault change avoids calling strsignal on the SIGFAULT signal handler (the current usage is already sketchy, adding a call that potentially issue locale internal function is even sketchier). Checked on x86_64-linux-gnu and i686-linux-gnu. I also run a check-abi on all affected platforms. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* Remove most vfprintf width/precision-dependent allocations (bug 14231, bug ↵Joseph Myers2020-07-074-121/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 26211). The vfprintf implementation (used for all printf-family functions) contains complicated logic to allocate internal buffers of a size depending on the width and precision used for a format, using either malloc or alloca depending on that size, and with consequent checks for size overflow and allocation failure. As noted in bug 26211, the version of that logic used when '$' plus argument number formats are in use is missing the overflow checks, which can result in segfaults (quite possibly exploitable, I didn't try to work that out) when the width or precision is in the range 0x7fffffe0 through 0x7fffffff (maybe smaller values as well in the wprintf case on 32-bit systems, when the multiplication by sizeof (CHAR_T) can overflow). All that complicated logic in fact appears to be useless. As far as I can tell, there has been no need (outside the floating-point printf code, which does its own allocations) for allocations depending on width or precision since commit 3e95f6602b226e0de06aaff686dc47b282d7cc16 ("Remove limitation on size of precision for integers", Sun Sep 12 21:23:32 1999 +0000). Thus, this patch removes that logic completely, thereby fixing both problems with excessive allocations for large width and precision for non-floating-point formats, and the problem with missing overflow checks with such allocations. Note that this does have the consequence that width and precision up to INT_MAX are now allowed where previously INT_MAX / sizeof (CHAR_T) - EXTSIZ or more would have been rejected, so could potentially expose any other overflows where the value would previously have been rejected by those removed checks. I believe this completely fixes bugs 14231 and 26211. Excessive allocations are still possible in the floating-point case (bug 21127), as are other integer or buffer overflows (see bug 26201). This does not address the cases where a precision larger than INT_MAX (embedded in the format string) would be meaningful without printf's return value overflowing (when it's used with a string format, or %g without the '#' flag, so the actual output will be much smaller), as mentioned in bug 17829 comment 8; using size_t internally for precision to handle that case would be complicated by struct printf_info being a public ABI. Nor does it address the matter of an INT_MIN width being negated (bug 17829 comment 7; the same logic appears a second time in the file as well, in the form of multiplying by -1). There may be other sources of memory allocations with malloc in printf functions as well (bug 24988, bug 16060). From inspection, I think there are also integer overflows in two copies of "if ((width -= len) < 0)" logic (where width is int, len is size_t and a very long string could result in spurious padding being output on a 32-bit system before printf overflows the count of output characters). Tested for x86-64 and x86.
* Rename __LONG_DOUBLE_USES_FLOAT128 to __LDOUBLE_REDIRECTS_TO_FLOAT128_ABIPaul E. Murphy2020-04-302-2/+2
| | | | | | | | | | | | | | | Improve the commentary to aid future developers who will stumble upon this novel, yet not always perfect, mechanism to support alternative formats for long double. Likewise, rename __LONG_DOUBLE_USES_FLOAT128 to __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI now that development work has settled down. The command used was git grep -l __LONG_DOUBLE_USES_FLOAT128 ':!./ChangeLog*' | \ xargs sed -i 's/__LONG_DOUBLE_USES_FLOAT128/__LDOUBLE_REDIRECTS_TO_FLOAT128_ABI/g' Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
* Fix tests which expose ldbl -> _Float128 redirectsPaul E. Murphy2020-03-251-0/+4
| | | | | | | | | | | | | | | | | | The ldbl redirects for ieee128 have some jagged edges when inspecting and manipulating symbols directly. e.g asprintf is unconditionally redirected to __asprintfieee128 thus any tests relying on GCC's redirect behavior will encounter problems if they inspect the symbol names too closely. I've mitigated tests which expose the limitations of the ldbl -> f128 redirects by giving them knowledge about the redirected symbol names. Hopefully there isn't much user code which depends on this implementation specific behavior. Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
* stdio: Add tests for printf multibyte convertion leak [BZ#25691]Adhemerval Zanella2020-03-202-2/+115
| | | | Checked on x86_64-linux-gnu and i686-linux-gnu.
* stdio: Remove memory leak from multibyte convertion [BZ#25691]Florian Weimer2020-03-201-144/+180
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This is an updated version of a previous patch [1] with the following changes: - Use compiler overflow builtins on done_add_func function. - Define the scratch +utstring_converted_wide_string using CHAR_T. - Added a testcase and mention the bug report. Both default and wide printf functions might leak memory when manipulate multibyte characters conversion depending of the size of the input (whether __libc_use_alloca trigger or not the fallback heap allocation). This patch fixes it by removing the extra memory allocation on string formatting with conversion parts. The testcase uses input argument size that trigger memory leaks on unpatched code (using a scratch buffer the threashold to use heap allocation is lower). Checked on x86_64-linux-gnu and i686-linux-gnu. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> [1] https://sourceware.org/pipermail/libc-alpha/2017-June/082098.html
* Prepare redirections for IEEE long double on powerpc64leGabriel F. T. Gomes2020-02-171-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | All functions that have a format string, which can consume a long double argument, must have one version for each long double format supported on a platform. On powerpc64le, these functions currently have two versions (i.e.: long double with the same format as double, and long double with IBM Extended Precision format). Support for a third long double format option (i.e. long double with IEEE long double format) is being prepared and all the aforementioned functions now have a third version (not yet exported on the master branch, but the code is in). For these functions to get selected (during build time), references to them in user programs (or dependent libraries) must get redirected to the aforementioned new versions of the functions. This patch installs the header magic required to perform such redirections. Notice, however, that since the redirections only happen when __LONG_DOUBLE_USES_FLOAT128 is set to 1, and no platform (including powerpc64le) currently does it, no redirections actually happen. Redirections and the exporting of the new functions will happen at the same time (when powerpc64le adds ldbl-128ibm-compat to their Implies. Reviewed-by: Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com> Reviewed-by: Paul E. Murphy <murphyp@linux.vnet.ibm.com>
* Update copyright dates with scripts/update-copyrights.Joseph Myers2020-01-01114-114/+114
|
* Prefer https to http for gnu.org and fsf.org URLsPaul Eggert2019-09-07114-114/+114
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also, change sources.redhat.com to sourceware.org. This patch was automatically generated by running the following shell script, which uses GNU sed, and which avoids modifying files imported from upstream: sed -ri ' s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g ' \ $(find $(git ls-files) -prune -type f \ ! -name '*.po' \ ! -name 'ChangeLog*' \ ! -path COPYING ! -path COPYING.LIB \ ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \ ! -path manual/texinfo.tex ! -path scripts/config.guess \ ! -path scripts/config.sub ! -path scripts/install-sh \ ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \ ! -path INSTALL ! -path locale/programs/charmap-kw.h \ ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \ ! '(' -name configure \ -execdir test -f configure.ac -o -f configure.in ';' ')' \ ! '(' -name preconfigure \ -execdir test -f preconfigure.ac ';' ')' \ -print) and then by running 'make dist-prepare' to regenerate files built from the altered files, and then executing the following to cleanup: chmod a+x sysdeps/unix/sysv/linux/riscv/configure # Omit irrelevant whitespace and comment-only changes, # perhaps from a slightly-different Autoconf version. git checkout -f \ sysdeps/csky/configure \ sysdeps/hppa/configure \ sysdeps/riscv/configure \ sysdeps/unix/sysv/linux/csky/configure # Omit changes that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines git checkout -f \ sysdeps/powerpc/powerpc64/ppc-mcount.S \ sysdeps/unix/sysv/linux/s390/s390-64/syscall.S # Omit change that caused a pre-commit check to fail like this: # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
* Prepare vfprintf to use __printf_fp/__printf_fphex with float128 argGabriel F. T. Gomes2019-06-272-13/+63
| | | | | | | | | | | | | | | | | | | | | | | | On powerpc64le, long double can currently take two formats: the same as double (-mlong-double-64) or IBM Extended Precision (default with -mlong-double-128 or explicitly with -mabi=ibmlongdouble). The internal implementation of printf-like functions is aware of these possibilities and properly parses floating-point values from the variable arguments, before making calls to __printf_fp and __printf_fphex. These functions are also aware of the format possibilities and know how to convert both formats to string. When library support for TS 18661-3 was added to glibc, __printf_fp and __printf_fphex were extended with support for an additional type (__float128/_Float128) with a different format (binary128). Now that powerpc64le is getting support for its third long double format, and taking into account that this format is the same as the format of __float128/_Float128, this patch extends __vfprintf_internal to properly call __printf_fp and __printf_fphex with this new format. Tested for powerpc64le (with additional patches to actually enable the use of these preparations) and for x86_64. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Break lines before not after operators, batch 4.Joseph Myers2019-03-071-22/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes further coding style issues where code should have broken lines before operators in accordance with the GNU Coding Standards but instead was breaking lines after them. Tested for x86_64, and with build-many-glibcs.py. * stdio-common/vfscanf-internal.c (ARG): Break lines before rather than after operators. * sysdeps/mach/hurd/setitimer.c (timer_thread): Likewise. (setitimer_locked): Likewise. * sysdeps/mach/hurd/sigaction.c (__sigaction): Likewise. * sysdeps/mach/hurd/sigaltstack.c (__sigaltstack): Likewise. * sysdeps/mach/pagecopy.h (PAGE_COPY_FWD): Likewise. * sysdeps/mach/thread_state.h (machine_get_basic_state): Likewise. * sysdeps/powerpc/powerpc64/tst-ucontext-ppc64-vscr.c (PPC_CPU_SUPPORTED): Likewise. * sysdeps/unix/sysv/linux/alpha/a.out.h (N_TXTOFF): Likewise. * sysdeps/unix/sysv/linux/generic/wordsize-32/overflow.h (stat_overflow): Likewise. (statfs_overflow): Likewise. * sysdeps/unix/sysv/linux/tst-personality.c (do_test): Likewise. * sysdeps/unix/sysv/linux/tst-ttyname.c (eq_ttyname): Likewise. (eq_ttyname_r): Likewise. (run_chroot_tests): Likewise.
* hurd: Add renameat2 support for RENAME_NOREPLACESamuel Thibault2019-02-271-1/+3
| | | | | | | | | * include/stdio.h (__renameat2): New hidden prototype. * stdio-common/renameat2.c (__renameat2): Add hidden definition. * sysdeps/mach/hurd/renameat.c (__renameat): Move implementation to... * sysdeps/mach/hurd/renameat2.c (__renameat2): ... new function, and add support for RENAME_NOREPLACE. * sysdeps/unix/sysv/linux/renameat2.c (__renameat2): Add hidden definition.
* Add some spaces before '('.Joseph Myers2019-02-273-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes various places where a space should have been present before '(' in accordance with the GNU Coding Standards. Most but not all of the fixes in this patch are for calls to sizeof (but it's not exhaustive regarding such calls that should be fixed). Tested for x86_64, and with build-many-glibcs.py. * benchtests/bench-strcpy.c (do_test): Use space before '('. * benchtests/bench-string.h (cmdline_process_function): Likewise. * benchtests/bench-strlen.c (do_test): Likewise. (test_main): Likewise. * catgets/gencat.c (read_old): Likewise. * elf/cache.c (load_aux_cache): Likewise. * iconvdata/bug-iconv8.c (do_test): Likewise. * math/test-tgmath-ret.c (do_test): Likewise. * nis/nis_call.c (rec_dirsearch): Likewise. * nis/nis_findserv.c (__nis_findfastest_with_timeout): Likewise. * nptl/tst-audit-threads.c (do_test): Likewise. * nptl/tst-cancel4-common.h (set_socket_buffer): Likewise. * nss/nss_test1.c (init): Likewise. * nss/test-netdb.c (test_hosts): Likewise. * posix/execvpe.c (maybe_script_execute): Likewise. * stdio-common/tst-fmemopen4.c (do_test): Likewise. * stdio-common/tst-printf.c (do_test): Likewise. * stdio-common/vfscanf-internal.c (__vfscanf_internal): Likewise. * stdlib/fmtmsg.c (NKEYWORDS): Likewise. * stdlib/qsort.c (STACK_SIZE): Likewise. * stdlib/test-canon.c (do_test): Likewise. * stdlib/tst-swapcontext1.c (do_test): Likewise. * string/memcmp.c (OPSIZ): Likewise. * string/test-strcpy.c (do_test): Likewise. (do_random_tests): Likewise. * string/test-strlen.c (do_test): Likewise. (test_main): Likewise. * string/test-strrchr.c (do_test): Likewise. (do_random_tests): Likewise. * string/tester.c (test_memrchr): Likewise. (test_memchr): Likewise. * sysdeps/generic/memcopy.h (OPSIZ): Likewise. * sysdeps/generic/unwind-dw2.c (execute_stack_op): Likewise. * sysdeps/generic/unwind-pe.h (read_sleb128): Likewise. (read_encoded_value_with_base): Likewise. * sysdeps/hppa/dl-machine.h (elf_machine_runtime_setup): Likewise. * sysdeps/hppa/fpu/feupdateenv.c (__feupdateenv): Likewise. * sysdeps/ia64/fpu/sfp-machine.h (TI_BITS): Likewise. * sysdeps/mach/hurd/spawni.c (__spawni): Likewise. * sysdeps/posix/spawni.c (maybe_script_execute): Likewise. * sysdeps/powerpc/fpu/tst-setcontext-fpscr.c (query_auxv): Likewise. * sysdeps/unix/sysv/linux/aarch64/bits/procfs.h (ELF_NGREG): Likewise. * sysdeps/unix/sysv/linux/arm/bits/procfs.h (ELF_NGREG): Likewise. * sysdeps/unix/sysv/linux/arm/ioperm.c (init_iosys): Likewise. * sysdeps/unix/sysv/linux/csky/bits/procfs.h (ELF_NGREG): Likewise. * sysdeps/unix/sysv/linux/m68k/bits/procfs.h (ELF_NGREG): Likewise. * sysdeps/unix/sysv/linux/nios2/bits/procfs.h (ELF_NGREG): Likewise. * sysdeps/unix/sysv/linux/spawni.c (maybe_script_execute): Likewise. * sysdeps/unix/sysv/linux/x86/bits/procfs.h (ELF_NGREG): Likewise. * sysdeps/unix/sysv/linux/x86/bits/sigcontext.h (FP_XSTATE_MAGIC2_SIZE): Likewise. * sysdeps/x86/fpu/sfp-machine.h (TI_BITS): Likewise. * time/test_time.c (main): Likewise.
* Break some lines before not after operators.Joseph Myers2019-02-223-15/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The GNU Coding Standards specify that line breaks in expressions should go before an operator, not after one. This patch fixes various code to do this. It only changes code that appears to be mostly following GNU style anyway, not files and directories with substantially different formatting. It is not exhaustive even for files using GNU style (for example, changes to sysdeps files are deferred for subsequent cleanups). Some files changed are shared with gnulib, but most are specific to glibc. Changes were made manually, with places to change found by grep (so some cases, e.g. where the operator was followed by a comment at end of line, are particularly liable to have been missed by grep, but I did include cases where the operator was followed by backslash-newline). This patch generally does not attempt to address other coding style issues in the expressions changed (for example, missing spaces before '(', or lack of parentheses to ensure indentation of continuation lines properly reflects operator precedence). Tested for x86_64, and with build-many-glibcs.py. * benchtests/bench-memmem.c (simple_memmem): Break lines before rather than after operators. * benchtests/bench-skeleton.c (TIMESPEC_AFTER): Likewise. * crypt/md5.c (md5_finish_ctx): Likewise. * crypt/sha256.c (__sha256_finish_ctx): Likewise. * crypt/sha512.c (__sha512_finish_ctx): Likewise. * elf/cache.c (load_aux_cache): Likewise. * elf/dl-load.c (open_verify): Likewise. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * elf/readelflib.c (process_elf_file): Likewise. * elf/rtld.c (dl_main): Likewise. * elf/sprof.c (generate_call_graph): Likewise. * hurd/ctty-input.c (_hurd_ctty_input): Likewise. * hurd/ctty-output.c (_hurd_ctty_output): Likewise. * hurd/dtable.c (reauth_dtable): Likewise. * hurd/getdport.c (__getdport): Likewise. * hurd/hurd/signal.h (_hurd_interrupted_rpc_timeout): Likewise. * hurd/hurd/sigpreempt.h (HURD_PREEMPT_SIGNAL_P): Likewise. * hurd/hurdfault.c (_hurdsig_fault_catch_exception_raise): Likewise. * hurd/hurdioctl.c (fioctl): Likewise. * hurd/hurdselect.c (_hurd_select): Likewise. * hurd/hurdsig.c (_hurdsig_abort_rpcs): Likewise. (STOPSIGS): Likewise. * hurd/hurdstartup.c (_hurd_startup): Likewise. * hurd/intr-msg.c (_hurd_intr_rpc_mach_msg): Likewise. * hurd/lookup-retry.c (__hurd_file_name_lookup_retry): Likewise. * hurd/msgportdemux.c (msgport_server): Likewise. * hurd/setauth.c (_hurd_setauth): Likewise. * include/features.h (__GLIBC_USE_DEPRECATED_SCANF): Likewise. * libio/libioP.h [IO_DEBUG] (CHECK_FILE): Likewise. * locale/programs/ld-ctype.c (set_class_defaults): Likewise. * localedata/tests-mbwc/tst_swscanf.c (tst_swscanf): Likewise. * login/tst-utmp.c (do_check): Likewise. (simulate_login): Likewise. * mach/lowlevellock.h (lll_lock): Likewise. (lll_trylock): Likewise. * math/test-fenv.c (ALL_EXC): Likewise. * math/test-fenvinline.c (ALL_EXC): Likewise. * misc/sys/cdefs.h (__attribute_deprecated_msg__): Likewise. * nis/nis_call.c (__do_niscall3): Likewise. * nis/nis_callback.c (cb_prog_1): Likewise. * nis/nis_defaults.c (searchaccess): Likewise. * nis/nis_findserv.c (__nis_findfastest_with_timeout): Likewise. * nis/nis_ismember.c (internal_ismember): Likewise. * nis/nis_local_names.c (nis_local_principal): Likewise. * nis/nss_nis/nis-rpc.c (_nss_nis_getrpcbyname_r): Likewise. * nis/nss_nisplus/nisplus-netgrp.c (_nss_nisplus_getnetgrent_r): Likewise. * nis/ypclnt.c (yp_match): Likewise. (yp_first): Likewise. (yp_next): Likewise. (yp_master): Likewise. (yp_order): Likewise. * nscd/hstcache.c (cache_addhst): Likewise. * nscd/initgrcache.c (addinitgroupsX): Likewise. * nss/nss_compat/compat-pwd.c (copy_pwd_changes): Likewise. (internal_getpwuid_r): Likewise. * nss/nss_compat/compat-spwd.c (copy_spwd_changes): Likewise. * posix/glob.h (__GLOB_FLAGS): Likewise. * posix/regcomp.c (peek_token): Likewise. (peek_token_bracket): Likewise. (parse_expression): Likewise. * posix/regexec.c (sift_states_iter_mb): Likewise. (check_node_accept_bytes): Likewise. * posix/tst-spawn3.c (do_test): Likewise. * posix/wordexp-test.c (testit): Likewise. * posix/wordexp.c (parse_tilde): Likewise. (exec_comm): Likewise. * posix/wordexp.h (__WRDE_FLAGS): Likewise. * resource/vtimes.c (TIMEVAL_TO_VTIMES): Likewise. * setjmp/sigjmp.c (__sigjmp_save): Likewise. * stdio-common/printf_fp.c (__printf_fp_l): Likewise. * stdio-common/tst-fileno.c (do_test): Likewise. * stdio-common/vfprintf-internal.c (vfprintf): Likewise. * stdlib/strfmon_l.c (__vstrfmon_l_internal): Likewise. * stdlib/strtod_l.c (round_and_return): Likewise. (____STRTOF_INTERNAL): Likewise. * stdlib/tst-strfrom.h (TEST_STRFROM): Likewise. * string/strcspn.c (STRCSPN): Likewise. * string/test-memmem.c (simple_memmem): Likewise. * termios/tcsetattr.c (tcsetattr): Likewise. * time/alt_digit.c (_nl_parse_alt_digit): Likewise. * time/asctime.c (asctime_internal): Likewise. * time/strptime_l.c (__strptime_internal): Likewise. * time/sys/time.h (timercmp): Likewise. * time/tzfile.c (__tzfile_compute): Likewise.
* Add internal implementations for argp.h, err.h, and error.h functionsGabriel F. T. Gomes2019-02-211-7/+9
| | | | | | | | | | | | Since the introduction of explicit flags in the internal implementation of the printf family of functions, the 'mode' parameter can be used to select which format long double parameters have (with the mode flag: PRINTF_LDBL_IS_DBL). This patch uses this feature in the implementation of some functions in argp.h, err.h, and error.h (only those that take a format string and positional parameters). Future patches will add support for 'nldbl' and 'ieee128' versions of these functions. Tested for powerpc64le and x86_64.
* Use C99-compliant scanf under _GNU_SOURCE with modern compilers.Zack Weinberg2019-01-0314-72/+447
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The only difference between noncompliant and C99-compliant scanf is that the former accepts the archaic GNU extension '%as' (also %aS and %a[...]) meaning to allocate space for the input string with malloc. This extension conflicts with C99's use of %a as a format _type_ meaning to read a floating-point number; POSIX.1-2008 standardized equivalent functionality using the modifier letter 'm' instead (%ms, %mS, %m[...]). The extension was already disabled in most conformance modes: specifically, any mode that doesn't involve _GNU_SOURCE and _does_ involve either strict conformance to C99 or loose conformance to both C99 and POSIX.1-2001 would get the C99-compliant scanf. With compilers new enough to use -std=gnu11 instead of -std=gnu89, or equivalent, that includes the default mode. With this patch, we now provide C99-compliant scanf in all configurations except when _GNU_SOURCE is defined *and* __STDC_VERSION__ or __cplusplus (whichever is relevant) indicates C89/C++98. This leaves the old scanf available under e.g. -std=c89 -D_GNU_SOURCE, but removes it from e.g. -std=gnu11 -D_GNU_SOURCE (it was already not present under -std=gnu11 without -D_GNU_SOURCE) and from -std=gnu89 without -D_GNU_SOURCE. There needs to be an internal override so we can compile the noncompliant scanf itself. This is the same problem we had when we removed 'gets' from _GNU_SOURCE and it's dealt with the same way: there's a new __GLIBC_USE symbol, DEPRECATED_SCANF, which defaults to off under the appropriate conditions for external code, but can be overridden by individual files within stdio. We also run into problems with PLT bypass for internal uses of sscanf, because libc_hidden_proto uses __REDIRECT and so does the logic in stdio.h for choosing which implementation of scanf to use; __REDIRECT isn't transitive, so include/stdio.h needs to bridge the gap with a macro. As far as I can tell, sscanf is the only function in this family that's internally called by unrelated code. Finally, there are several tests in stdio-common that use the extension. bug21.c is a regression test for a crash; it still exercises the relevant code when changed to use %ms instead of %as. scanf14.c through scanf17.c are more complicated since they are actually testing the subtleties of the extension - under what circumstances is 'a' treated as a modifier letter, etc. I changed all of them to use %ms instead of %as as well, but duplicated scanf14.c and scanf16.c as scanf14a.c and scanf16a.c. These still use %as and are compiled with -std=gnu89 to access the old extension. A bunch of diagnostic overrides and manual workarounds for the old stdio.h behavior become unnecessary. Yay! * include/features.h (__GLIBC_USE_DEPRECATED_SCANF): New __GLIBC_USE parameter. Only use deprecated scanf when __USE_GNU is defined and __STDC_VERSION__ is less than 199901L or __cplusplus is less than 201103L, whichever is relevant for the language being compiled. * libio/stdio.h, libio/bits/stdio-ldbl.h: Decide whether to redirect scanf, fscanf, sscanf, vscanf, vfscanf, and vsscanf to their __isoc99_ variants based only on __GLIBC_USE (DEPRECATED_SCANF). * wcsmbs/wchar.h: wcsmbs/bits/wchar-ldbl.h: Likewise for wscanf, fwscanf, swscanf, vwscanf, vfwscanf, and vswscanf. * libio/iovsscanf.c * libio/fwscanf.c * libio/iovswscanf.c * libio/swscanf.c * libio/vscanf.c * libio/vwscanf.c * libio/wscanf.c * stdio-common/fscanf.c * stdio-common/scanf.c * stdio-common/vfscanf.c * stdio-common/vfwscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-compat.c * sysdeps/ieee754/ldbl-opt/nldbl-fscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-fwscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-iovfscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-scanf.c * sysdeps/ieee754/ldbl-opt/nldbl-sscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-swscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-vfscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-vfwscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-vscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-vsscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-vswscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-vwscanf.c * sysdeps/ieee754/ldbl-opt/nldbl-wscanf.c: Override __GLIBC_USE_DEPRECATED_SCANF to 1. * stdio-common/sscanf.c: Likewise. Remove ldbl_hidden_def for __sscanf. * stdio-common/isoc99_sscanf.c: Add libc_hidden_def for __isoc99_sscanf. * include/stdio.h: Provide libc_hidden_proto for __isoc99_sscanf, not sscanf. [!__GLIBC_USE (DEPRECATED_SCANF)]: Define sscanf as __isoc99_scanf with a preprocessor macro. * stdio-common/bug21.c, stdio-common/scanf14.c: Use %ms instead of %as, %mS instead of %aS, %m[] instead of %a[]; remove DIAG_IGNORE_NEEDS_COMMENT for -Wformat. * stdio-common/scanf16.c: Likewise. Add __attribute__ ((format (scanf))) to xscanf, xfscanf, xsscanf. * stdio-common/scanf14a.c: New copy of scanf14.c which still uses %as, %aS, %a[]. Remove DIAG_IGNORE_NEEDS_COMMENT for -Wformat. * stdio-common/scanf16a.c: New copy of scanf16.c which still uses %as, %aS, %a[]. Add __attribute__ ((format (scanf))) to xscanf, xfscanf, xsscanf. * stdio-common/scanf15.c, stdio-common/scanf17.c: No need to override feature selection macros or provide definitions of u_char etc. * stdio-common/Makefile (tests): Add scanf14a and scanf16a. (CFLAGS-scanf15.c, CFLAGS-scanf17.c): Remove. (CFLAGS-scanf14a.c, CFLAGS-scanf16a.c): New. Compile these files with -std=gnu89.