about summary refs log tree commit diff
path: root/src/stdio
Commit message (Collapse)AuthorAgeFilesLines
* minor vfprintf and vfwprintf changes to please static code analyzersSzabolcs Nagy2013-10-072-6/+11
| | | | add missing va_end and remove some unnecessary code.
* removed unused variable in vfwprintfRich Felker2013-10-041-2/+1
|
* fix special-case breakage in popen due to reversed argument orderRich Felker2013-09-011-1/+1
|
* fix invalid %m format crash in wide scanf variantsRich Felker2013-08-311-0/+2
| | | | the wide variant was missed in the previous commit.
* avoid crash in scanf when invalid %m format is encounteredRich Felker2013-08-311-0/+2
| | | | | | | invalid format strings invoke undefined behavior, so this is not a conformance issue, but it's nicer for scanf to report the error safely instead of calling free on a potentially-uninitialized pointer or a pointer to memory belonging to the caller.
* protect against long double type mismatches (mainly powerpc for now)Rich Felker2013-08-021-0/+7
| | | | | | check in configure to be polite (failing early if we're going to fail) and in vfprintf.c since that is the point at which a mismatching type would be extremely dangerous.
* fix uninitialized/stale use of alloc (%m modifier) flag in scanfRich Felker2013-07-202-0/+4
| | | | | | | | | for conversion specifiers, alloc is always set when the specifier is parsed. however, if scanf stops due to mismatching literal text, either an uninitialized (if no conversions have been performed yet) or stale (from the previous conversion) of the flag will be used, possibly causing an invalid pointer to be passed to free when the function returns.
* fix scanf %c conversion wrongly storing a terminating null byteRich Felker2013-06-222-4/+8
| | | | | this seems to have been a regression from the refactoring which added the 'm' modifier.
* implement 'm' modifier for wide scanf variantsRich Felker2013-06-061-7/+40
|
* implement the 'm' (malloc) modifier for scanfRich Felker2013-06-051-22/+48
| | | | | this commit only covers the byte-based scanf-family functions. the wide functions still lack support for the 'm' modifier.
* refactor wide-char scanf string handlingRich Felker2013-06-051-55/+32
| | | | | | this brings the wide version of the code into alignment with the byte-based version, in preparation for adding support for the m (malloc) modifier.
* simplify some logic in scanf and remove redundant invalid-format checkRich Felker2013-06-041-18/+8
|
* refactor scanf core to use common code path for all string formatsRich Felker2013-06-041-85/+52
| | | | | | | | | | | the concept here is that %s and %c are essentially special-cases of %[, with some minimal additional special-casing. aside from simplifying the code and reducing the number of complex code-paths that would need changing to make optimizations later, the main purpose of this change is to simplify addition of the 'm' modifier which causes scanf to allocate storage for the string being read.
* fix argument omission in ABI-compat weak_alias for fscanfRich Felker2013-04-061-1/+1
|
* Add ABI compatability aliases.Isaac Dunham2013-04-0511-0/+33
| | | | | | | | GNU used several extensions that were incompatible with C99 and POSIX, so they used alternate names for the standard functions. The result is that we need these to run standards-conformant programs that were linked with glibc.
* rewrite popen to use posix_spawn instead of fragile vfork hacksRich Felker2013-03-241-41/+41
|
* document self-synchronized destruction issue for stdio lockingRich Felker2012-12-101-0/+10
|
* always add memory streams to stdio open file listRich Felker2012-11-093-18/+21
| | | | | | | | | | | | per interpretation for austin group issue #626, fflush(0) and exit() must block waiting for a lock if another thread has locked a memory stream with flockfile. this adds some otherwise-unnecessary synchronization cost to use of memory streams, but there was already a synchronization cost calling malloc anyway. previously the stream was only added to the open file list in single-threaded programs, so that upon subsequent call to pthread_create, locking could be turned on for the stream.
* clean up sloppy nested inclusion from pthread_impl.hRich Felker2012-11-082-0/+4
| | | | | | | | | | | | | | this mirrors the stdio_impl.h cleanup. one header which is not strictly needed, errno.h, is left in pthread_impl.h, because since pthread functions return their error codes rather than using errno, nearly every single pthread function needs the errno constants. in a few places, rather than bringing in string.h to use memset, the memset was replaced by direct assignment. this seems to generate much better code anyway, and makes many functions which were previously non-leaf functions into leaf functions (possibly eliminating a great deal of bloat on some platforms where non-leaf functions require ugly prologue and/or epilogue).
* clean up stdio_impl.hRich Felker2012-11-0835-2/+83
| | | | | | | | | | | this header evolved to facilitate the extremely lazy practice of omitting explicit includes of the necessary headers in individual stdio source files; not only was this sloppy, but it also increased build time. now, stdio_impl.h is only including the headers it needs for its own use; any further headers needed by source files are included directly where needed.
* fix more unused variable warningsRich Felker2012-11-012-3/+2
| | | | | | | some of these were coming from stdio functions locking files without unlocking them. I believe it's useful for this to throw a warning, so I added a new macro that's self-documenting that the file will never be unlocked to avoid the warning in the few places where it's wrong.
* separate getc/putc from fgetc/fputcRich Felker2012-10-274-6/+25
| | | | | | | | | for conformance, two functions should not have the same address. a conforming program could use the addresses of getc and fgetc in ways that assume they are distinct. normally i would just use a wrapper, but these functions are so small and performance-critical that an extra layer of function call could make the one that's a wrapper nearly twice as slow, so I'm just duplicating the code instead.
* correct locking in stdio functions that tried to be lock-freeRich Felker2012-10-246-16/+36
| | | | | | | | | | | | | these functions must behave as if they obtain the lock via flockfile to satisfy POSIX requirements. since another thread can provably hold the lock when they are called, they must wait to obtain the lock before they can return, even if the correct return value could be obtained without locking. in the case of fclose and freopen, failure to do so could cause correct (albeit obscure) programs to crash or otherwise misbehave; in the case of feof, ferror, and fwide, failure to obtain the lock could sometimes return incorrect results. in any case, having these functions proceed and return while another thread held the lock was wrong.
* greatly improve freopen behaviorRich Felker2012-10-243-15/+27
| | | | | | | | | | | | | 1. don't open /dev/null just as a basis to copy flags; use shared __fmodeflags function to get the right file flags for the mode. 2. handle the case (probably invalid, but whatever) case where the original stream's file descriptor was closed; previously, the logic re-closed it. 3. accept the "e" mode flag for close-on-exec; update dup3 to fallback to using dup2 so we can simply call __dup3 instead of putting fallback logic in freopen itself.
* remove useless failure-check from freopen (can't happen)Rich Felker2012-10-241-2/+2
|
* fix copy/paste error in popen changes that broke signalsRich Felker2012-10-211-1/+1
| | | | signal mask was not being restored after fork, but instead blocked again.
* fix usage of locks with vforkRich Felker2012-10-191-1/+1
| | | | | | __release_ptc() is only valid in the parent; if it's performed in the child, the lock will be unlocked early then double-unlocked later, corrupting the lock state.
* avoid raising spurious division-by-zero exception in printfRich Felker2012-10-181-1/+1
|
* overhaul system() and popen() to use vfork; fix various related bugsRich Felker2012-10-181-24/+44
| | | | | | | | | | | | | | | | since we target systems without overcommit, special care should be taken that system() and popen(), like posix_spawn(), do not fail in processes whose commit charges are too high to allow ordinary forking. this in turn requires special precautions to ensure that the parent process's signal handlers do not end up running in the shared-memory child, where they could corrupt the state of the parent process. popen has also been updated to use pipe2, so it does not have a fd-leak race in multi-threaded programs. since pipe2 is missing on older kernels, (non-atomic) emulation has been added. some silly bugs in the old code should be gone too.
* add 'e' modifier (close-on-exec) to fopen and fdopenRich Felker2012-09-292-2/+5
| | | | | | this feature will be in the next version of POSIX, and can be used internally immediately. there are many internal uses of fopen where close-on-exec is needed to fix bugs.
* fix some more O_CLOEXEC/SOCK_CLOEXEC issuesRich Felker2012-09-291-1/+1
|
* fix invalid implicit pointer conversion in gnulib-compat functionsRich Felker2012-09-061-1/+1
|
* use restrict everywhere it's required by c99 and/or posix 2008Rich Felker2012-09-0642-43/+43
| | | | | | | | to deal with the fact that the public headers may be used with pre-c99 compilers, __restrict is used in place of restrict, and defined appropriately for any supported compiler. we also avoid the form [restrict] since older versions of gcc rejected it due to a bug in the original c99 standard, and instead use the form *restrict.
* implement "low hanging fruit" from C11Rich Felker2012-08-251-2/+2
| | | | | | | | based on Gregor's patch sent to the list. includes: - stdalign.h - removing gets in C11 mode - adding aligned_alloc and adjusting other functions to use it - adding 'x' flag to fopen for exclusive mode
* add bsd fgetln functionRich Felker2012-08-112-0/+20
| | | | | optimized to avoid allocation and return lines directly out of the stream buffer whenever possible.
* minor but worthwhile optimization in printf: avoid expensive strspnRich Felker2012-08-101-4/+2
| | | | | | the strspn call was made for every format specifier and end-of-string, even though the expected return value was 1-2 for normal usage. replace with simple loop.
* trivial optimization to printf: avoid wasted call frameRich Felker2012-08-101-1/+1
| | | | | | | | amusingly, this cuts more than 10% off the run time of printf("a"); on the machine i tested it on. sadly the same optimization is not possible for snprintf without duplicating all the pseudo-FILE setup code, which is not worth it.
* putw is supposed to return 0 (not the value written) on successRich Felker2012-07-041-1/+1
| | | | | this is not a standard but it's the traditional behavior and it's more useful because the caller can reliably detect errors.
* make sure getw/putw agree with prototypes by defining _GNU_SOURCERich Felker2012-07-042-0/+2
|
* fix missing function declarations for __stdio_exitRich Felker2012-07-022-0/+4
|
* fix fwrite return value when full write does not succeedRich Felker2012-06-201-1/+1
|
* avoid cancellation in pcloseRich Felker2012-06-201-3/+4
| | | | | | | | | | | | | | at the point pclose might receive and act on cancellation, it has already invalidated the FILE passed to it. thus, per musl's QOI guarantees about cancellation and resource allocation/deallocation, it's not a candidate for cancellation. if it were required to be a cancellation point by posix, we would have to switch the order of deallocation, but somehow still close the pipe in order to trigger the child process to exit. i looked into doing this, but the logic gets ugly, and i'm not sure the semantics are conformant, so i'd rather just leave it alone unless there's a need to change it.
* fix invalid memory access in pcloseRich Felker2012-06-201-1/+2
|
* make popen cancellation-safeRich Felker2012-06-201-0/+7
| | | | | | | close was the only cancellation point called from popen, but it left popen with major resource leaks if any call to close got cancelled. the easiest, cheapest fix is just to use a non-cancellable close function.
* popen: handle issues with fd0/1 being closedRich Felker2012-06-201-3/+3
| | | | | also check for failure of dup2 and abort the child rather than reading/writing the wrong file.
* fix another oob pointer arithmetic issue in printf floating pointRich Felker2012-06-201-1/+1
| | | | | | this one could never cause any problems unless the compiler/machine goes to extra trouble to break oob pointer arithmetic, but it's best to fix it anyway.
* minor perror behavior fixRich Felker2012-06-201-1/+1
| | | | patch by nsz
* fix pointer overflow bug in floating point printfRich Felker2012-06-191-3/+3
| | | | | | | | | | | | | | | | | | | | | large precision values could cause out-of-bounds pointer arithmetic in computing the precision cutoff (used to avoid expensive long-precision arithmetic when the result will be discarded). per the C standard, this is undefined behavior. one would expect that it works anyway, and in fact it did in most real-world cases, but it was randomly (depending on aslr) crashing in i386 binaries running on x86_64 kernels. this is because linux puts the userspace stack near 4GB (instead of near 3GB) when the kernel is 64-bit, leading to the out-of-bounds pointer arithmetic overflowing past the end of address space and giving a very low pointer value, which then compared lower than a pointer it should have been higher than. the new code rearranges the arithmetic so that no overflow can occur. while this bug could crash printf with memory corruption, it's unlikely to have security impact in real-world applications since the ability to provide an extremely large field precision value under attacker-control is required to trigger the bug.
* add new stdio extension functions to make gnulib happyRich Felker2012-06-191-0/+24
| | | | | this is mildly ugly, but less ugly than gnulib trying to poke at the definition of the FILE structure...
* stdio: handle file position correctly at program exitRich Felker2012-06-193-3/+35
| | | | | | | | | | | | | | | | for seekable files, posix imposed requirements on the offset of the underlying open file description after a stream is closed. this was correctly handled (as a side effect of the unconditional fflush call) when streams were explicitly closed by fclose, but was not handled correctly at program exit time, where fflush(0) was being used. the weak symbol hackery is to pull in __stdio_exit if either of __toread or __towrite is used, but avoid calling it twice so we don't have to keep extra state. the new __stdio_exit is a streamlined fflush variant that avoids performing any unnecessary operations and which never unlocks the files or open file list, so we can be sure no other threads write new data to a stream's buffer after it's already flushed.