about summary refs log tree commit diff
path: root/string
Commit message (Collapse)AuthorAgeFilesLines
* elf: Add support for GNU_PROPERTY_NO_MEMORY_SEAL azanella/msealAdhemerval Zanella2024-07-311-1/+0
| | | | | | | | | | | | | | | | The GNU_PROPERTY_NO_MEMORY_SEAL is a GNU property per module instructing the glibc not to seal the object PT_LOAD. It can be used for any reason the modules require to seal not to be enabled (i.e., on Firefox hack to bypass the dynamic loader and enable DT_RELR on older glibc [1]). In this case, it is up to the module to apply memory sealing itself. The sealing is applied by default, and it is always enforced with glibc.rtld.seal=2. Checked on aarch64-linux-gnu, x86_64-linux-gnu, and powerpc64le-linux-gnu. [1] https://glandium.org/blog/?p=4297
* elf: Add support to memory sealingAdhemerval Zanella2024-07-311-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The new Linux mseal syscall allows seal memory mappings to avoid further changes such as memory protection or remap. The sealing is done in multiple places where the memory is supposed to be immutable over program execution: * All shared library dependencies from the binary, including the read-only segments after PT_GNU_RELRO setup. * The binary itself, including dynamic and static links. In both It is up either to binary or the loader to set up the sealing. * Any preload libraries. * Any library loaded with dlopen with RTLD_NODELETE flag (including libgcc.so loaded to enable unwind and/or thread cancellation). * Audit modules. * The loader bump allocator. For binary dependencies, the RTLD_NODELETE signals the link_map should be sealed. It also makes dlopen objects with the flag sealed as well. The sealing is controlled by a new tunable, glibc.rtld.seal, with three different states: 0. Disabled, where no memory sealing is done. 1. Enabled, where the loader will issue the mseal syscall on the memory mappings but any failure will be ignored. This is the default. 2. Enforce, similar to Enabled but any failure from the mseal will terminate the process. Checked on x86_64-linux-gnu and aarch64-linux-gnu.
* wcsmbs: Ensure wcstr worst-case linear execution time (BZ 23865)Adhemerval Zanella2024-04-111-0/+172
| | | | | | | | | | It uses the same two-way algorithm used on strstr, strcasestr, and memmem. Different than strstr, neither the "shift table" optimization nor the self-adapting filtering check is used because it would result in a too-large shift table (and it also simplifies the implementation bit). Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: DJ Delorie <dj@redhat.com>
* wcsmbs: Add test-wcsstrAdhemerval Zanella2024-04-111-53/+91
| | | | | | | | Parametrize test-strstr.c so it can be used to check wcsstr. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: DJ Delorie <dj@redhat.com>
* string: Improve fortify with clangAdhemerval Zanella2024-02-271-22/+34
| | | | | | | | | | It improve fortify checks for strcpy, stpcpy, strncpy, stpncpy, strcat, strncat, strlcpy, and strlcat. The runtime and compile checks have similar coverage as with GCC. Checked on aarch64, armhf, x86_64, and i686. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>
* Fix stringop-overflow warning in tst-strlcat2.Stefan Liebler2024-02-051-0/+1
| | | | | | | | | | | | | | | | On s390x, I get warnings like this when do_one_test is inlined with SIZE_MAX: In function ‘do_one_test’, inlined from ‘do_overflow_tests’ at tst-strlcat2.c:184:2: tst-strlcat2.c:49:18: error: ‘strnlen’ specified bound [18446744073709550866, 18446744073709551615] exceeds maximum object size 9223372036854775807 [-Werror=stringop-overflow=] 49 | # define STRNLEN strnlen | ^ tst-strlcat2.c:89:23: note: in expansion of macro ‘STRNLEN’ 89 | size_t dst_length = STRNLEN (dst, n); | ^~~~~~~ This patch just marks the do_one_test function as noinline as also done in test-strncat.c: Fix stringop-overflow warning in test-strncat. https://sourceware.org/git/?p=glibc.git;a=commit;h=51aeab9a363a0d000d0912aa3d6490463a26fba2
* string: Use builtins for ffs and ffsllAdhemerval Zanella Netto2024-02-012-3/+13
| | | | | | | It allows to remove a lot of arch-specific implementations. Checked on x86_64, aarch64, powerpc64. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* Refer to C23 in place of C2X in glibcJoseph Myers2024-02-011-3/+3
| | | | | | | | | | | | | | | WG14 decided to use the name C23 as the informal name of the next revision of the C standard (notwithstanding the publication date in 2024). Update references to C2X in glibc to use the C23 name. This is intended to update everything *except* where it involves renaming files (the changes involving renaming tests are intended to be done separately). In the case of the _ISOC2X_SOURCE feature test macro - the only user-visible interface involved - support for that macro is kept for backwards compatibility, while adding _ISOC23_SOURCE. Tested for x86_64.
* string: Disable stack protector for memset in early static initializationAdhemerval Zanella2024-01-231-0/+1
| | | | | | | | | | For ports that use the default memset, the compiler might generate early calls before the stack protector is initialized (for instance, riscv with -fstack-protector-all on _dl_aux_init). Checked on riscv64-linux-gnu-rv64imafdc-lp64d. Reviewed-by: Florian Weimer <fweimer@redhat.com>
* string: Add additional output in test-strchr failureNoah Goldstein2024-01-011-5/+12
| | | | | | | | Seeing occasional failures in `__strchrnul_evex512` that are not consistently reproducible. Hopefully by adding this the next failure will provide enough information to debug. Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
* Update copyright dates with scripts/update-copyrightsPaul Eggert2024-01-01153-153/+153
|
* string: Add internal memswap implementationAdhemerval Zanella2023-10-312-0/+204
| | | | | | | | | | | | | | The prototype is: void __memswap (void *restrict p1, void *restrict p2, size_t n) The function swaps the content of two memory blocks P1 and P2 of len N. Memory overlap is NOT handled. It will be used on qsort optimization. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
* Add strlcat/wcslcat testcase.Sunil K Pandey2023-10-172-0/+402
| | | | | | | | This patch implements comprehensive tests for strlcat/wcslcat functions. Tests are mostly derived from strncat test suites and modified to incorporate strlcat/wcslcat specifications. Reviewed-by: DJ Delorie <dj@redhat.com>
* Add strlcpy/wcslcpy testcaseSunil K Pandey2023-10-172-0/+323
| | | | | | | | This patch implements comprehensive tests for strlcpy/wcslcpy functions. Tests are mostly derived from strncpy test suites and modified to incorporate strlcpy/wcslcpy specifications. Reviewed-by: DJ Delorie <dj@redhat.com>
* string: Fix tester build with fortify enable with gcc < 12Mahesh Bodapati2023-08-181-3/+8
| | | | | | | | | When building with fortify enabled, GCC < 12 issues a warning on the fortify strncat wrapper might overflow the destination buffer (the failure is tied to -Werror). Checked on ppc64 and x86_64. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* string: Fix tester build with fortify enable with gcc 6Adhemerval Zanella Netto2023-07-261-0/+9
| | | | | | | | | | | When building with fortify enabled, GCC 6 issues an warning the fortify wrapper might overflow the destination buffer. However, GCC does not provide a specific flag to disable the warning (the failure is tied to -Werror). So to avoid disable all errors, only enable the check for GCC 7 or newer. Checked on i686-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* string: Fix tester with fortify enabledAdhemerval Zanella Netto2023-07-241-4/+8
| | | | | | | | | | | | | | | | | | | | | | | | | If fortify is enabled, the truncated output warning is issued by the wrapper itself: In function ‘strncpy’, inlined from ‘test_strncpy’ at tester.c:505:10: ../string/bits/string_fortified.h:95:10: error: ‘__builtin_strncpy’ destination unchanged after copying no bytes from a string of length 3 [-Werror=stringop-truncation] 95 | return __builtin___strncpy_chk (__dest, __src, __len, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 96 | __glibc_objsize (__dest)); | ~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from ../include/bits/string_fortified.h:1, from ../string/string.h:548, from ../include/string.h:60, from tester.c:33, from inl-tester.c:6: In function ‘strncpy’, inlined from ‘test_strncpy’ at tester.c:505:10: Checked on x86_64-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* string: Fix bug-strncat1 with fortify enabledAdhemerval Zanella Netto2023-07-241-6/+8
| | | | | | | | | | | | | | If fortify is enabled, the truncated output warning is issued by the wrapper itself: bug-strncat1.c: In function ‘main’: bug-strncat1.c:14:3: error: ‘__builtin___strncat_chk’ output truncated copying 1 byte from a string of length 2 [-Werror=stringop-truncation] 14 | strncat (d, "\5\6", 1); | ^ Checked on x86_64-linux-gnu. Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* Exclude routines from fortificationFrédéric Bérat2023-07-051-0/+17
| | | | | | | | | | | | | | | | | Since the _FORTIFY_SOURCE feature uses some routines of Glibc, they need to be excluded from the fortification. On top of that: - some tests explicitly verify that some level of fortification works appropriately, we therefore shouldn't modify the level set for them. - some objects need to be build with optimization disabled, which prevents _FORTIFY_SOURCE to be used for them. Assembler files that implement architecture specific versions of the fortified routines were not excluded from _FORTIFY_SOURCE as there is no C header included that would impact their behavior. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* string: strerror must not return NULL (bug 30555) fw/bug30555Florian Weimer2023-06-153-4/+87
| | | | | | | | | For strerror, this fixes commit 28aff047818eb1726394296d27b ("string: Implement strerror in terms of strerror_l"). This commit avoids returning NULL for strerror_l as well, although POSIX allows this behavior for strerror_l. Reviewed-by: Arjun Shankar <arjun@redhat.com>
* Implement strlcpy and strlcat [BZ #178]Florian Weimer2023-06-148-0/+314
| | | | | | | | | | | These functions are about to be added to POSIX, under Austin Group issue 986. The fortified strlcat implementation does not raise SIGABRT if the destination buffer does not contain a null terminator, it just inherits the non-failing regular strlcat behavior. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
* Fix all the remaining misspellings -- BZ 25337Paul Pluzhnikov2023-06-029-9/+9
|
* string: Add tests for strndup (BZ #30266)Joe Simmons-Talbott2023-04-212-0/+201
| | | | | | | | | Copy strncpy tests for strndup. Covers some basic testcases with random strings. Remove tests that set the destination's bytes and checked the resulting buffer's bytes. Remove wide character test support since wcsndup() doesn't exist. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* string: Add tests for strdup (BZ #30266)Joe Simmons-Talbott2023-04-212-0/+202
| | | | | | | Copy strcpy tests for strdup. Covers some basic testcases with random strings. Add a zero-length string testcase. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* string: Allow use of test-string.h for non-ifunc implementations.Joe Simmons-Talbott2023-04-211-2/+2
| | | | | | | Mark two variables as unused to silence warning when using test-string.h for non-ifunc implementations. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* <string.h>: Make strchrnul, strcasestr, memmem available by defaultFlorian Weimer2023-04-061-3/+3
| | | | | | | FreeBSD makes them available by default, too, so there does not seem to be a reason to restrict these functions to _GNU_SOURCE. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
* Fix stringop-overflow warning in test-strncat.Stefan Liebler2023-03-021-0/+1
| | | | | | | | | | | | | | | | | | | | | | Starting with commit b2c474f8de4c92bfe7435853a96805ec32d68dfa "x86: Fix strncat-avx2.S reading past length [BZ #30065]" Building on s390 the test fails due warnings like: In function ‘do_one_test’, inlined from ‘do_overflow_tests’ at test-strncat.c:175:7: test-strncat.c:31:18: error: ‘strnlen’ specified bound [4294966546, 4294967295] exceeds maximum object size 2147483647 [-Werror=stringop-overflow=] 31 | # define STRNLEN strnlen | ^ test-strncat.c:83:16: note: in expansion of macro ‘STRNLEN’ 83 | size_t len = STRNLEN (src, n); | ^~~~~~~ In all werror cases, the call to strnlen (.., SIZE_MAX) is inlined. Therefore this patch just marks the do_one_test function as noinline. Reviewed-by: Wilco Dijkstra <Wilco.Dijkstra@arm.com>
* string: Disable stack protector in early static initializationAdhemerval Zanella2023-02-081-0/+2
| | | | | | | For powerpc, strncmp is used on _dl_string_platform issued by __tcb_parse_hwcap_and_convert_at_platform. Reviewed-by: Carlos Eduardo Seo <carlos.seo@linaro.org>
* string: Add libc_hidden_proto for memrchrAdhemerval Zanella2023-02-081-0/+1
| | | | | | | Although static linker can optimize it to local call, it follows the internal scheme to provide hidden proto and definitions. Reviewed-by: Carlos Eduardo Seo <carlos.seo@linaro.org>
* string: Add libc_hidden_proto for strchrnulAdhemerval Zanella2023-02-081-0/+1
| | | | | | | Although static linker can optimize it to local call, it follows the internal scheme to provide hidden proto and definitions. Reviewed-by: Carlos Eduardo Seo <carlos.seo@linaro.org>
* string: Hook up the default implementation on test-strrchrAdhemerval Zanella2023-02-061-14/+24
| | | | | | And remove SIMPLE_STRRCHR, which is not used anywhere. Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
* string: Hook up the default implementation on test-memrchrAdhemerval Zanella2023-02-061-0/+7
| | | | Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
* string: Hook up the default implementation on test-memchrAdhemerval Zanella2023-02-061-11/+20
| | | | | | And remove SIMPLE_MEMCHR, which is not used anywhere. Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
* string: Hook up the default implementation on test-strcpyAdhemerval Zanella2023-02-061-10/+24
| | | | Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
* string: Hook up the default implementation on test-stpcpyAdhemerval Zanella2023-02-061-11/+21
| | | | Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
* string: Hook up the default implementation on test-strncmpAdhemerval Zanella2023-02-061-0/+16
| | | | Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
* string: Hook up the default implementation on test-strcmpAdhemerval Zanella2023-02-061-0/+22
| | | | Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
* string: Hook up the default implementation on test-strchrAdhemerval Zanella2023-02-061-15/+38
| | | | | | Also remove the simple_STRCHR, which can be easily replaced. Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
* string: Hook up the default implementation on test-strnlenAdhemerval Zanella2023-02-061-11/+24
| | | | | | Also remove the SIMPLE_STRNLEN, which is not used anywhere. Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
* string: Hook up the default implementation on test-strlenAdhemerval Zanella2023-02-061-17/+14
| | | | | | | Also remove the simple_STRLEN and builtin_strlen, which are not used anywhere. Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
* string: Improve generic strrchr with memrchr and strlenAdhemerval Zanella2023-02-061-17/+1
| | | | | | | | | | | Now that both strlen and memrchr have word vectorized implementation, it should be faster to implement strrchr based on memrchr over the string length instead of calling strchr on a loop. Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc-linux-gnu, and powerpc64-linux-gnu by removing the arch-specific assembly implementation and disabling multi-arch (it covers both LE and BE for 64 and 32 bits).
* string: Improve generic memrchrAdhemerval Zanella2023-02-061-157/+39
| | | | | | | | | | | | | | New algorithm read the lastaligned address and mask off the unwanted bytes. The loop now read word-aligned address and check using the has_eq macro. Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc-linux-gnu, and powerpc64-linux-gnu by removing the arch-specific assembly implementation and disabling multi-arch (it covers both LE and BE for 64 and 32 bits). Co-authored-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
* string: Improve generic strnlen with memchrAdhemerval Zanella2023-02-061-132/+5
| | | | | | | | It also cleanups the multiple inclusion by leaving the ifunc implementation to undef the weak_alias and libc_hidden_def. Co-authored-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
* string: Improve generic memchrAdhemerval Zanella2023-02-061-125/+51
| | | | | | | | | | | | | | | | | New algorithm read the first aligned address and mask off the unwanted bytes (this strategy is similar to arch-specific implementations used on powerpc, sparc, and sh). The loop now read word-aligned address and check using the has_eq macro. Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc-linux-gnu, and powerpc64-linux-gnu by removing the arch-specific assembly implementation and disabling multi-arch (it covers both LE and BE for 64 and 32 bits). Co-authored-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
* string: Improve generic strcpyAdhemerval Zanella2023-02-061-1/+5
| | | | | | | | | | | | | Now that stpcpy is vectorized based on op_t, it should be better to call it instead of strlen plus memcpy. Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64-linux-gnu, and powerpc-linux-gnu by removing the arch-specific assembly implementation and disabling multi-arch (it covers both LE and BE for 64 and 32 bits). Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
* string: Improve generic stpcpyAdhemerval Zanella2023-02-061-6/+86
| | | | | | | | | | | | | | | | | | | | | | | It follows the strategy: - Align the destination on word boundary using byte operations. - If source is also word aligned, read a word per time, check for null (using has_zero from string-fzb.h), and write the remaining bytes. - If source is not word aligned, loop by aligning the source, and merging the result of two reads. Similar to aligned case, check for null with has_zero, and write the remaining bytes if null is found. Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64-linux-gnu, and powerpc-linux-gnu by removing the arch-specific assembly implementation and disabling multi-arch (it covers both LE and BE for 64 and 32 bits). Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
* string: Improve generic strncmpAdhemerval Zanella2023-02-061-37/+101
| | | | | | | | | | | | | | | | | | | | | It follows the strategy: - Align the first input to word boundary using byte operations. - If second input is also word aligned, read a word per time, check for null (using has_zero), and check final words using byte operation. - If second input is not word aligned, loop by aligning the source, and merge the result of two reads. Similar to aligned case, check for null with has_zero, and check final words using byte operation. Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64-linux-gnu, and powerpc-linux-gnu by removing the arch-specific assembly implementation and disabling multi-arch (it covers both LE and BE for 64 and 32 bits). Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
* string: Improve generic strcmpAdhemerval Zanella2023-02-061-16/+94
| | | | | | | | | | | | | | | | | | | | | It follows the strategy: - Align the first input to word boundary using byte operations. - If second input is also word aligned, read a word per time, check for null (using has_zero), and check final words using byte operation. - If second input is not word aligned, loop by aligning the source, and merging the result of two reads. Similar to aligned case, check for null with has_zero, and check final words using byte operation. Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64-linux-gnu, and powerpc-linux-gnu by removing the arch-specific assembly implementation and disabling multi-arch (it covers both LE and BE for 64 and 32 bits). Co-authored-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
* string: Improve generic strchrAdhemerval Zanella2023-02-061-156/+8
| | | | | | | | | | | | New algorithm now calls strchrnul. Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc-linux-gnu, and powerpc64-linux-gnu by removing the arch-specific assembly implementation and disabling multi-arch (it covers both LE and BE for 64 and 32 bits). Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
* string: Improve generic strchrnulAdhemerval Zanella2023-02-061-133/+22
| | | | | | | | | | | | | | | | | New algorithm read the first aligned address and mask off the unwanted bytes (this strategy is similar to arch-specific implementations used on powerpc, sparc, and sh). The loop now read word-aligned address and check using the has_zero_eq function. Checked on x86_64-linux-gnu, i686-linux-gnu, powerpc64-linux-gnu, and powerpc-linux-gnu by removing the arch-specific assembly implementation and disabling multi-arch (it covers both LE and BE for 64 and 32 bits). Co-authored-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>