about summary refs log tree commit diff
Commit message (Collapse)AuthorAgeFilesLines
...
* fix possible access to uninitialized memory in shgetc (via scanf)Rich Felker2020-04-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | shgetc sets up to be able to perform an "unget" operation without the caller having to remember and pass back the character value, and for this purpose used a conditional store idiom: if (f->rpos[-1] != c) f->rpos[-1] = c to make it safe to use with non-writable buffers (setup by the sh_fromstring macro or __string_read with sscanf). however, validity of this depends on the buffer space at rpos[-1] being initialized, which is not the case under some conditions (including at least unbuffered files and fmemopen ones). whenever data was read "through the buffer", the desired character value is already in place and does not need to be written. thus, rather than testing for the absence of the value, we can test for rpos<=buf, indicating that the last character read could not have come from the buffer, and thereby that we have a "real" buffer (possibly of zero length) with writable pushback (UNGET bytes) below it.
* fix undefined behavior in scanf coreRich Felker2020-04-171-0/+3
| | | | | | | | | | | | | | | | as reported/analyzed by Pascal Cuoq, the shlim and shcnt macros/functions are called by the scanf core (vfscanf) with f->rpos potentially null (if the FILE is not yet activated for reading at the time of the call). in this case, they compute differences between a null pointer (f->rpos) and a non-null one (f->buf), resulting in undefined behavior. it's unlikely that any observably wrong behavior occurred in practice, at least without LTO, due to limits on what's visible to the compiler from translation unit boundaries, but this has not been checked. fix is simply ensuring that the FILE is activated for read mode before entering the main scanf loop, and erroring out early if it can't be.
* math: add x86_64 remquolAlexander Monakov2020-03-241-0/+32
|
* math: move x87-family fmod functions to C with inline asmAlexander Monakov2020-03-248-44/+38
|
* math: move x87-family remainder functions to C with inline asmAlexander Monakov2020-03-248-50/+42
|
* math: move x87-family rint functions to C with inline asmAlexander Monakov2020-03-248-24/+28
|
* math: move x87-family lrint functions to C with inline asmAlexander Monakov2020-03-2416-60/+64
|
* math: move x86_64 (l)lrint(f) functions to C with inline asmAlexander Monakov2020-03-248-20/+32
|
* math: move i386 sqrt to C with inline asmAlexander Monakov2020-03-242-21/+15
|
* math: move i386 sqrtf to C with inline asmAlexander Monakov2020-03-242-7/+12
|
* math: move trivial x86-family sqrt functions to C with inline asmAlexander Monakov2020-03-248-18/+28
|
* math: move x87-family fabs functions to C with inline asmAlexander Monakov2020-03-248-24/+28
|
* math: move x86_64 fabs, fabsf to C with inline asmAlexander Monakov2020-03-244-16/+20
|
* fix parsing offsets after long timezone namesSamuel Holland2020-03-211-5/+5
| | | | | | | | | | | | TZ containg a timezone name with >TZNAME_MAX characters currently breaks musl's timezone parsing. getname() stops after TZNAME_MAX characters. getoff() will consume no characters (because the next character is not a digit) and incorrectly return 0. Then, because there are remaining alphabetic characters, __daylight == 1, and dst_off == -3600. getname() must consume the entire timezone name, even if it will not fit in d/__tzname, so when it returns, s points to the offset digits.
* avoid out-of-bounds read for invalid quoted timezoneSamuel Holland2020-03-211-2/+2
| | | | | Parsing the timezone name must stop when reaching the null terminator. In that case, there is no '>' to skip.
* remove redundant condition in memccpyAlexander Monakov2020-03-201-1/+1
| | | | | | | | Commit d9bdfd164 ("fix memccpy to not access buffer past given size") correctly added a check for 'n' nonzero, but made the pre-existing test '*s==c' redundant: n!=0 implies *s==c. Remove the unnecessary check. Reported by Alexey Izbyshev.
* ldso: remove redundant switch case for REL_NONEFangrui Song2020-03-201-2/+0
| | | | | as a result of commit b6a6cd703ffefa6352249fb01f4da28d85d17306, the REL_NONE case is now redundant.
* define MAP_SYNC on powerpc/powerpc64Samuel Holland2020-03-142-2/+0
| | | | | | Linux defines MAP_SYNC on powerpc and powerpc64 as of commit 22fcea6f85f2 ("mm: move MAP_SYNC to asm-generic/mman-common.h"), so we can stop undefining it on those architectures.
* improve strerror speedTimo Teräs2020-03-142-22/+32
| | | | | change the current O(n) lookup to O(1) based on the machinery described in "How To Write Shared Libraries" (Appendix B).
* fix corrupt sysvipc timestamps on 32-bit archs with old kernelsRich Felker2020-03-143-0/+30
| | | | | | | | | | | | kernel commit 4693916846269d633a3664586650dbfac2c5562f (first included in release v4.14) silently fixed a bug whereby the reserved space (which was later used for high bits of time) in IPC_STAT structures was left untouched rather than zeroed. this means that a caller that wants to read the high bits needs to pre-zero the memory. since it's not clear that these operations are permitted to modify the destination buffer on failure, use a temp buffer and copy back to the caller's buffer on success.
* work around negated error code bug on some mips kernelsRich Felker2020-03-143-22/+22
| | | | | | | | | | | | on all mips variants, Linux did (and maybe still does) have some syscall return paths that wrongly return both the error flag in r7 and a negated error code in r2. in particular this happened for at least some causes of ENOSYS. add an extra check to only negate the error code if it's positive to begin with. bug report and concept for patch by Andreas Dröscher.
* remove useless mips syscall asm constraint, align style with mips64/n32Rich Felker2020-03-141-15/+16
| | | | | | | | | | | | | | | | | | commit 4221f154ff29ab0d6be1e7beaa5ea2d1731bc58e added the r7 constraint apparently out of a misunderstanding of the breakage it was addressing, and did so because the asm was in a shared macro used by all the __syscallN inline functions. now "+r" is used in the output section for the forms 4-argument and up, so having it in input is redundant, and the forms with 0-3 arguments don't need it as an input at all. the r2 constraint is kept because without it most gcc versions (seems to be all prior to 9.x) fail to honor the output register binding for r2. this seems to be a variant of gcc bug #87733. both the r7 and r2 input constraints look useless, but the r2 one was a quiet workaround for gcc bug 87733, which affects all modern versions prior to 9.x, so it's kept and documented.
* revert mips (32-bit, o32) syscall asm clean-up due to regressionsRich Felker2020-03-141-32/+31
| | | | | | | | | | exactly revert commit 604f8d3d8b08ee4f548de193050ef93a7753c2e0 which was wrong; it caused a major regression on Linux versions prior to 2.6.36. old kernels did not properly preserve r2 across syscall restart, and instead restarted with the instruction right before syscall, imposing a contract that the previous instruction must load r2 from an immediate or a register (or memory) not clobbered by the syscall.
* revert mips64/n32 syscall asm clean-up due to regressionsRich Felker2020-03-142-56/+61
| | | | | | | | | | | | | | | | | | | | | | effectivly revert commit ddc7c4f936c7a90781072f10dbaa122007e939d0 which was wrong; it caused a major regression on Linux versions prior to 2.6.36. old kernels did not properly preserve r2 across syscall restart, and instead restarted with the instruction right before syscall, imposing a contract that the previous instruction must load r2 from an immediate or a register (or memory) not clobbered by the syscall. since other changes were made since, including removal of the struct stat conversion that was replaced by separate struct kstat, this is not a direct revert, only a functional one. the "0"(r2) input constraint added back seems useless/erroneous, but without it most gcc versions (seems to be all prior to 9.x) fail to honor the output register binding for r2. this seems to be a variant of gcc bug #87733. further changes should be made later if a better workaround is found, but this one has been working since 2012. it seems this issue was encountered but misidentified then, when it inspired commit 4221f154ff29ab0d6be1e7beaa5ea2d1731bc58e.
* remove duplicate definitions of INET[6]_ADDRSTRLENRich Felker2020-03-042-7/+0
| | | | | these were leftover from early beginnings when arpa/inet.h was not including netinet/in.h.
* add PTHREAD_NULLRich Felker2020-02-261-0/+3
| | | | | | this is added for POSIX-future as the outcome of Austin Group issue 599. since it's in the reserved namespace for pthread.h, there are no namespace considerations for adding it early.
* use __socketcall to simplify socket()Rich Felker2020-02-221-5/+5
| | | | | | | | | | | | commit 59324c8b0950ee94db846a50554183c845ede160 added __socketcall analogous to __syscall, returning the negated error rather than setting errno. use it to simplify the fallback path of socket(), avoiding extern calls and access to errno. Author: Rich Felker <dalias@aerifal.cx> Date: Tue Jul 30 17:51:16 2019 -0400 make __socketcall analogous to __syscall, error-returning
* remove wrap_write helper from vdprintfRich Felker2020-02-211-6/+1
| | | | | | | | | | this reverts commit 4ee039f3545976f9e3e25a7e5d7b58f1f2316dc3, which added the helper as a hack to make vdprintf usable before relocation, contingent on strong assumptions about the arch and tooling, back when the dynamic linker did not have a real staged model for self-relocation. since commit f3ddd173806fd5c60b3f034528ca24542aecc5b9 this has been unnecessary and the function was just wasting size and execution time.
* math: fix sinh overflows in non-nearest roundingSzabolcs Nagy2020-02-217-10/+12
| | | | | | | | | | | | | | The final rounding operation should be done with the correct sign otherwise huge results may incorrectly get rounded to or away from infinity in upward or downward rounding modes. This affected sinh and sinhf which set the sign on the result after a potentially overflowing mul. There may be other non-nearest rounding issues, but this was a known long standing issue with large ulp error (depending on how ulp is defined near infinity). The fix should have no effect on sinh and sinhf performance but may have a tiny effect on cosh and coshf.
* math: fix __rem_pio2 in non-nearest rounding modesSzabolcs Nagy2020-02-213-3/+41
| | | | | | | | | | | | | | | | | | Handle when after reduction |y| > pi/4+tiny. This happens in directed rounding modes because the fast round to int code does not give the nearest integer. In such cases the reduction may not be symmetric between x and -x so e.g. cos(x)==cos(-x) may not hold (but polynomial evaluation is not symmetric either with directed rounding so fixing that would require more changes with bigger performance impact). The fix only adds two predictable branches in nearest rounding mode, simple ubenchmark does not show relevant performance regression in nearest rounding mode. The code could be improved: e.g reducing the medium size threshold such that two step reduction is enough instead of three, and the single precision case can avoid the issue by doing the round to int differently, but this fix was kept minimal.
* release 1.2.0 v1.2.0Rich Felker2020-02-202-1/+37
|
* fix remaining direct use of stat syscalls outside fstatat.cRich Felker2020-02-124-6/+10
| | | | | | | | | | | | | | | | | | because struct stat is no longer assumed to correspond to the structure used by the stat-family syscalls, it's not valid to make any of these syscalls directly using a buffer of type struct stat. commit 9493892021eac4edf1776d945bcdd3f7a96f6978 moved all logic around this change for stat-family functions into fstatat.c, making the others wrappers for it. but a few other direct uses of the syscall were overlooked. the ones in tmpnam/tempnam are harmless since the syscalls are just used to test for file existence. however, the uses in fchmodat and __map_file depend on getting accurate file properties, and these functions may actually have been broken one or more mips variants due to removal of conversion hacks from syscall_arch.h. as a low-risk fix, simply use struct kstat in place of struct stat in the affected places.
* remove i386 asm for single and double precision exp-family functionsRich Felker2020-02-069-62/+3
| | | | | | | | | these did not truncate excess precision in the return value. fixing them looks like considerable work, and the current C code seems to outperform them significantly anyway. long double functions are left in place because they are not subject to excess precision issues and probably better than the C code.
* rename i386 exp.s to exp_ld.sRich Felker2020-02-062-0/+1
| | | | this commit is for the sake of reviewable history.
* fix excess precision in return value of i386 log-family functionsRich Felker2020-02-068-0/+20
|
* fix excess precision in return value of i386 acos[f] and asin[f]Rich Felker2020-02-066-42/+75
| | | | | analogous to commit 1c9afd69051a64cf085c6fb3674a444ff9a43857 for atan[2][f].
* fix excess precision in return value of i386 atan[2][f]Rich Felker2020-02-064-2/+8
| | | | | | | | | | | | for functions implemented in C, this is a requirement of C11 (F.6); strictly speaking that text does not apply to standard library functions, but it seems to be intended to apply to them, and C2x is expected to make it a requirement. failure to drop excess precision is particularly bad for inverse trig functions, where a value with excess precision can be outside the range of the function (entire range, or range for a particular subdomain), breaking reasonable invariants a caller may expect.
* remove legacy time32 timer[fd] syscalls from public syscall.hRich Felker2020-02-0510-36/+52
| | | | | | | this extends commit 5a105f19b5aae79dd302899e634b6b18b3dcd0d6, removing timer[fd]_settime and timer[fd]_gettime. the timerfd ones are likely to have been used in software that started using them before it could rely on libc exposing functions.
* remove further legacy time32 clock syscalls from public syscall.hRich Felker2020-02-0510-36/+52
| | | | | this extends commit 5a105f19b5aae79dd302899e634b6b18b3dcd0d6, removing clock_settime, clock_getres, clock_nanosleep, and settimeofday.
* fix incorrect results for catanf and catanl with some inputsRich Felker2020-02-052-26/+2
| | | | | | catan was fixed in 10e4bd3780050e75b72aac5d85c31816419bb17d but the same bug in catanf and catanl was overlooked. the patch is completely analogous.
* move riscv64 register index constants to signal.hRich Felker2020-02-042-6/+9
| | | | | | under _GNU_SOURCE for namespace cleanliness, analogous to other archs. the original placement in sys/reg.h seems not to have been motivated; such a header isn't even present on other implementations.
* remove legacy clock_gettime and gettimeofday from public syscall.hRich Felker2020-01-3010-18/+25
| | | | | | | | | | | | | | | | | | | | | | | some nontrivial number of applications have historically performed direct syscalls for these operations rather than using the public functions. such usage is invalid now that time_t is 64-bit and these syscalls no longer match the types they are used with, and it was already harmful before (by suppressing use of vdso). since syscall() has no type safety, incorrect usage of these syscalls can't be caught at compile-time. so, without manually inspecting or running additional tools to check sources, the risk of such errors slipping through is high. this patch renames the syscalls on 32-bit archs to clock_gettime32 and gettimeofday_time32, so that applications using the original names will fail to build without being fixed. note that there are a number of other syscalls that may also be unsafe to use directly after the time64 switchover, but (1) these are the main two that seem to be in widespread use, and (2) most of the others continue to have valid usage with a null timeval/timespec argument, as the argument is an optional timeout or similar.
* fix misleading use of _POSIX_VDISABLE in sys/ttydefaults.hRich Felker2020-01-291-5/+0
| | | | | | _POSIX_VDISABLE is only visible if unistd.h has already been included, so conditional use of it here makes no sense. the value is always 0 anyway; it does not vary.
* fix unprotected macro argument in sys/ttydefaults.hRich Felker2020-01-291-1/+1
|
* math/x32: correct lrintl.s for 32-bit longAlexander Monakov2020-01-271-2/+2
|
* move struct dirent to bits header, allow NAME_MAX to varyRich Felker2020-01-253-12/+15
| | | | | | this is not necessary for linux but is a simple, inexpensive change to make that facilitates ports to systems where NAME_MAX needs to be longer.
* fix riscv64 a_cas inline asm operand sign extensionLuís Marques2020-01-221-1/+1
| | | | | | | | This patch adds an explicit cast to the int arguments passed to the inline asm used in the RISC-V's implementation of `a_cas`, to ensure that they are properly sign extended to 64 bits. They aren't automatically sign extended by Clang, and GCC technically also doesn't guarantee that they will be sign extended.
* fix incorrect escaping in add-cfi.*.awk scriptsWill Dietz2020-01-202-2/+2
| | | | gawk 5 complains.
* add thumb2 support to arm assembler memcpyAndre McCurdy2020-01-162-6/+9
| | | | | | | For Thumb2 compatibility, replace two instances of a single instruction "orr with a variable shift" with the two instruction equivalent. Neither of the replacements are in a performance critical loop.
* fix incorrect __hwcap seen in dynamic-linked __set_thread_areaRich Felker2020-01-151-1/+1
| | | | | | | | | | | | | the bug fixed in commit b82cd6c78d812d38c31febba5a9e57dbaa7919c4 was mostly masked on arm because __hwcap was zero at the point of the call from the dynamic linker to __set_thread_area, causing the access to libc.auxv to be skipped and kuser_helper versions of TLS access and atomics to be used instead of the armv6 or v7 versions. however, on kernels with kuser_helper removed for hardening it would crash. since __set_thread_area potentially uses __hwcap, it must be initialized before the function is called. move the AT_HWCAP lookup from stage 3 to stage 2b.