| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
the swprintf write callback never reset its buffer pointers, so after
its 256-byte buffer filled up, it would keep repeating those bytes
over and over in the output until the destination buffer filled up. it
also failed to set the error indicator for the stream on EILSEQ,
potentially allowing output to continue after the error.
|
|
|
|
|
|
| |
the overflow check for years+100 did not account for the extra
year computed from the remaining months. instead, perform this
check after obtaining the final number of years.
|
|
|
|
|
|
|
|
|
| |
If a DT_NEEDED entry was the prefix of a reserved library name
(up to the first dot) then it was incorrectly treated as a libc
reserved name.
e.g. libp.so dependency was not loaded as it matched libpthread
reserved name.
|
|
|
|
|
| |
this was harmless as load_library is not called concurrently,
but it used one word of bss.
|
|
|
|
|
|
|
|
|
| |
the value 19991006 for __RES implies availability of res_ninit and
related functions that take a resolver state argument; these are not
supported since our resolver is stateless. instead claim support for
just the older API by defining __RES to 19960801.
based on patch by Dmitrij D. Czarkoff.
|
|
|
|
|
| |
Fix parsing of the < > quoted time zone names. Compare the correct
character instead of repeatedly comparing the first character.
|
|
|
|
|
| |
this header is XSI-shaded itself and thus does not need to limit
specific content to _XOPEN_SOURCE.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the old snprintf design setup the FILE buffer pointers to point
directly into the destination buffer; if n was actually larger than
the buffer size, the pointer arithmetic to compute the buffer end
pointer was undefined. this affected sprintf, which is implemented in
terms of snprintf, as well as some unusual but valid direct uses of
snprintf.
instead, setup the FILE as unbuffered and have its write function
memcpy to the destination. the printf core sets up its own temporary
buffer for unbuffered streams.
|
|
|
|
| |
reported and changes suggested by Daniel Sabogal.
|
|
|
|
|
| |
inclusion of these names was unintentional and in most cases is a
namespace violation. Daniel Sabogal tracked down and reported these.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
ETH_P_HSR (IEC 62439-3 HSRv1) added in
linux 4.7 commit ee1c27977284907d40f7f72c2d078d709f15811f
ETH_P_TSN (IEEE 1722) added in
linux 4.3 commit 1ab1e895492d8084dfc1c854efacde219e56b8c1
this constant breaks the ascending order to match the kernel header
ETH_P_XDSA (Multiplexed DSA protocol) added in
linux 3.18 commit 3e8a72d1dae374cf6fc1dba97cec663585845ff9
|
|
|
|
|
| |
ARPHRD_6LOWPAN (IPv6 over LoWPAN) added in
linux 3.14 commit 0abc652c796dab74d34d60473ec5594cd21620be
|
| |
|
|
|
|
|
|
|
|
|
|
| |
the _CS_V6_ENV and _CS_V7_ENV constants are required to be available for use
with confstr. glibc defines these constants with values 1148 and 1149,
respectively.
the only missing (and required) confstr constants are
_CS_POSIX_V7_THREADS_CFLAGS and _CS_POSIX_V7_THREADS_LDFLAGS which remain
unavailable in glibc.
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit 6ffdc4579ffb34f4aab69ab4c081badabc7c0a9a set lnz in the code
path for non-zero digits after a huge string of zeros, but the
assignment of dc to lnz truncates if the value of dc does not fit in
int; this is possible for some pathologically long inputs, either via
strings on 64-bit systems or via scanf-family functions.
instead, simply set lnz to match the point at which we add the
artificial trailing 1 bit to simulate nonzero digits after a huge
run of zeros.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the mid-sized integer optimization relies on lnz set up properly
to mark the last non-zero decimal digit, but this was not done
if the non-zero digit lied outside the KMAX digits of the base
10^9 number representation.
so if the fractional part was a very long list of zeros (>2048*9 on
x86) followed by non-zero digits then the integer optimization could
kick in discarding the tiny non-zero fraction which can mean wrong
result on non-nearest rounding mode.
strtof, strtod and strtold were all affected.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in certain cases excessive trailing zeros could cause incorrect
rounding from long double to double or float in decfloat.
e.g. in strtof("9444733528689243848704.000000", 0) the argument
is 0x1.000001p+73, exactly halfway between two representible floats,
this incorrectly got rounded to 0x1.000002p+73 instead of 0x1p+73,
but with less trailing 0 the rounding was fine.
the fix makes sure that the z index always points one past the last
non-zero digit in the base 10^9 representation, this way trailing
zeros don't affect the rounding logic.
|
|
|
|
|
| |
accessing an object of type const char *restrict as if it had type
char * is not defined.
|
| |
|
|
|
|
|
|
|
|
| |
in nearest rounding mode exact halfway cases were not following the
round to even rule if the rounding happened at a base 1000000000 digit
boundary of the internal representation and the previous digit was odd.
e.g. printf("%.0f", 1.5) printed 1 instead of 2.
|
|
|
|
| |
the thread name is displayed by gdb's "info threads".
|
|
|
|
|
|
| |
posix requires that EINVAL be returned if the first parameter specifies
the cpu-time clock of the calling thread (CLOCK_THREAD_CPUTIME_ID).
linux returns ENOTSUP instead so we handle this.
|
|
|
|
|
|
|
|
|
|
|
|
| |
j is int32_t and thus j<<31 is undefined if j==1, so j is changed to
uint32_t locally as a quick fix, the generated code is not affected.
(this is a strict conformance fix, future c standard may allow 1<<31,
see DR 463. the bug was inherited from freebsd fdlibm, the proper fix
is to use uint32_t for all bit hacks, but that requires more intrusive
changes.)
reported by Daniel Sabogal
|
|
|
|
|
| |
add union field that is used in the kernel for SIT/GRE tunneling ICMPv4
messages. see linux commit 20e1954fe238dbe5f8d3a979e593fe352bd703cf
|
|
|
|
|
| |
another kernel internal state exposure for checkpoint-restore.
see linux commit b1ed4c4fa9a5ccf325184fd90edc50978ef6e33a
|
|
|
|
|
|
|
|
|
| |
aarch64, arm, mips, mips64, mipsn32, powerpc, powerpc64 and sh have
cpu feature bits defined in linux for AT_HWCAP auxv entry, so expose
those in sys/auxv.h
it seems the mips hwcaps were never exposed to userspace neither
by linux nor by glibc, but that's most likely an oversight.
|
|
|
|
|
|
|
|
| |
sync with gabi: http://www.sco.com/developers/gabi/latest/ch4.eheader.html
EM_BPF is new in linux v4.8 and officially assigned:
https://lists.iovisor.org/pipermail/iovisor-dev/2016-June/000266.html
added related relocs too.
|
|
|
|
| |
see linux commit 6389eaa7fa9c3ee6c7d39f6087b86660d17236ac
|
|
|
|
|
| |
sh was updated in linux commit 74bdaa611fa69368fb4032ad437af073d31116bd
to have numbers for new syscalls.
|
|
|
|
|
| |
the numbers were wrong in musl, but they were also wrong in the kernel
and got fixed in v4.8 commit 3ebfd81f7fb3e81a754e37283b7f38c62244641a
|
|
|
|
|
|
|
|
|
|
| |
overlayfs may have fairly long lines so we use getline to allocate a
buffer dynamically. The buffer will be allocated on first use, expand as
needed, but will never be free'ed.
Downstream bug: http://bugs.alpinelinux.org/issues/5703
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this patch fixes a large number of missed internal signed-overflow
checks and errors in determining when the return value (output length)
would exceed INT_MAX, which should result in EOVERFLOW. some of the
issues fixed were reported by Alexander Cherepanov; others were found
in subsequent review of the code.
aside from the signed overflows being undefined behavior, the
following specific bugs were found to exist in practice:
- overflows computing length of floating point formats with huge
explicit precisions, integer formats with prefix characters and huge
explicit precisions, or string arguments or format strings longer
than INT_MAX, resulted in wrong return value and wrong %n results.
- literal width and precision values outside the range of int were
misinterpreted, yielding wrong behavior in at least one well-defined
case: string formats with precision greater than INT_MAX were
sometimes truncated.
- in cases where EOVERFLOW is produced, incorrect values could be
written for %n specifiers past the point of exceeding INT_MAX.
in addition to fixing these bugs, we now stop producing output
immediately when output length would exceed INT_MAX, rather than
continuing and returning an error only at the end.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
if the requested precision is close to INT_MAX, adding
LDBL_MANT_DIG/3+8 overflows. in practice the resulting undefined
behavior manifests as a large negative result, which is then used to
compute the new end pointer (z) with a wildly out-of-bounds value
(more overflow, more undefined behavior). the end result is at least
incorrect output and character count (return value); worse things do
not seem to happen, but detailed analysis has not been done.
this patch fixes the overflow by performing the intermediate
computation as unsigned; after division by 9, the final result
necessarily fits in int.
|
|
|
|
|
|
|
|
|
|
|
|
| |
we inherited from TRE regexec code that's utterly wrong with respect
to the integer types it's using. while it doesn't appear that
compilers are producing unsafe output, signed integer overflows seem
to happen, and regexec fails to find matches past offset INT_MAX.
this patch fixes the type of all variables/fields used to store
offsets in the string from int to regoff_t. after the changes, basic
testing showed that regexec can now find matches past 2GB (INT_MAX)
and past 4GB on x86_64, and code generation is unchanged on i386.
|
|
|
|
|
|
|
|
|
|
|
| |
most of the possible overflows were already ruled out in practice by
regcomp having already succeeded performing larger allocations.
however at least the num_states*num_tags multiplication can clearly
overflow in practice. for safety, check them all, and use the proper
type, size_t, rather than int.
also improve comments, use calloc in place of malloc+memset, and
remove bogus casts.
|
| |
|
|
|
|
|
|
|
| |
this is a clone of the fix to the gethostby*_r functions in
commit fe82bb9b921be34370e6b71a1c6f062c20999ae0. the man pages
document that the getservby*_r functions set this pointer to
NULL if there was an error or if no record was found.
|
|
|
|
|
| |
this case statement was accidently left behind when this function
was refactored in commit e8f39ca4898237cf71657500f0b11534c47a0521.
|
|
|
|
|
|
|
|
|
|
|
| |
since cpu sets can be dynamically allocated and have variable size,
accessing their contents via ->__bits is not valid; performing pointer
arithmetic outside the range of the size of the declared __bits array
results in undefined beahavior. instead, only use cpu_set_t for
fixed-size cpu set objects (instantiated by the caller) and as an
abstract pointer type for dynamically allocated ones. perform all
accesses simply by casting the abstract pointer type cpuset_t * back
to unsigned long *.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
previously, fflush_unlocked was an alias for an internal backend that
was called by fflush, either for its argument or in a loop for each
file if a null pointer was passed. since the logic for the latter was
in the main fflush function, fflush_unlocked crashed when passed a
null pointer, rather than flushing all open files. since
fflush_unlocked is not a standard function and has no specification,
it's not clear whether it should be expected to accept null pointers
like fflush does, but a reasonable argument could be made that it
should.
this patch eliminates the helper function, simplifying fflush, and
makes fflush_unlocked an alias for fflush, which is valid because the
two functions agree in their behavior in all cases where their
behavior is defined (the unlocked version has undefined behavior if
another thread could hold locks).
|
|
|
|
| |
these functions had been implemented, but prototypes were not made available
|
|
|
|
|
| |
posix requires errno to be set to ENXIO if the interface does not exist.
linux returns ENODEV instead so we handle this.
|
|
|
|
|
| |
glibc, freebsd, and openbsd use character pointers (caddr_t) for
these fields. only linux uses void pointer for the ifru_data type.
|
|
|
|
|
|
|
|
|
|
| |
commit b91cdbe2bc8b626aa04dc6e3e84345accf34e4b1, in fixing another
issue, changed the logic for how alt-form octal adds the leading zero
to adjust the precision rather than using a prefix character. this
wrongly suppressed the zero flag by mimicing an explicit precision
given by the format string. switch back to using a prefix character.
based on bug report and patch by Dmitry V. Levin, but simplified.
|
|
|
|
|
|
|
|
|
|
|
|
| |
this reverts commit 2c1f8fd5da3306fd7c8a2267467e44eb61f12dd4. without
the _Noreturn attribute, the compiler cannot use asserts to perform
reachability/range analysis. this leads to missed optimizations and
spurious warnings.
the original backtrace problem that prompted the removal of _Noreturn
was not clearly documented at the time, but it seems to happen only
when libc was built without -g, which also breaks many other
backtracing cases.
|
|
|
|
| |
This makes the result consistent with sysconf(_SC_OPEN_MAX).
|
|
|
|
| |
O_FSYNC was never defined and is legacy/wrong, nothing seems to use it.
|
|
|
|
|
| |
the gnu config.sub script recognizes several mipsisa64* cpu types
that musl supports as mips64 targets.
|
|
|
|
|
|
|
|
|
| |
there was a copy paste error that could cause large ulp errors
in atan2l, atanl, asinl and acosl on aarch64, mips64 and mipsn32.
(the implementation is from freebsd fdlibm, but the tail end
of the polynomial was wrong. 128 bit long double functions
are not yet tested so this went undetected.)
|