about summary refs log tree commit diff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* fix support for initialized TLS in static PIE binariesRich Felker2016-12-201-0/+5
| | | | | | | | | | | | | | | | | | | | | the static-linked version of __init_tls needs to locate the TLS initialization image via the ELF program headers, which requires determining the base address at which the program was loaded. the existing code attempted to do this by comparing the actual address of the program headers (obtained via auxv) with the virtual address for the PT_PHDR record in the program headers. however, the linker seems to produce a PT_PHDR record only when a program interpreter (dynamic linker) is used. thus the computation failed and used the default base address of 0, leading to a crash when trying to access the TLS image at the wrong address. the dynamic linker entry point and static-PIE rcrt1.o startup code compute the base address instead by taking the difference between the run-time address of _DYNAMIC and the virtual address in the PT_DYNAMIC record. this patch copies the approach they use, but with a weak symbolic reference to _DYNAMIC instead of obtaining the address from the crt_arch.h asm. this works because relocations have already been performed at the time __init_tls is called.
* rework arm atomic/tp backends to be thumb-compatible and fdpic-readyRich Felker2016-12-194-56/+69
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | three problems are addressed: - use of pc arithmetic, which was difficult if not impossible to make correct in thumb mode on all models, so that relative rather than absolute pointers to the backends could be used. this was designed back when there was no coherent model for the early stages of the dynamic linker before relocations, and is no longer necessary. - assumption that data (the relative pointers to the backends) can be accessed at a constant displacement from the code. this will not be possible on future fdpic subarchs (for cortex-m), so move responsibility for loading the backend code address to the caller. - hard-coded arm opcodes using the .word directive. instead, use the .arch directive to work around the assembler's refusal to assemble instructions not available (or in some cases, available but just considered deprecated) in the target isa level. the obscure v6t2 arch is used for v6 code so as to (1) allow generation of thumb2 output if -mthumb is active, and (2) avoid warnings/errors for mcr barriers that clang would produce if we just set arch to v7-a. in addition, the __aeabi_read_tp function is moved out of the inner workings and implemented as an asm wrapper around a C function, so that asm code does not need to read global data. the asm wrapper serves to satisfy the ABI calling convention requirements for this function.
* disable use of arm memcpy asm if building as thumb codeRich Felker2016-12-172-2/+2
| | | | | the thumb incompatibilities in the asm are probably only minor and should be fixable, but for now just use the C version.
* make arm setjmp/longjmp asm thumb2-compatibleRich Felker2016-12-172-2/+6
| | | | sp cannot be used in the ldm/stm register set in thumb mode.
* use lookup table for malloc bin index instead of float conversionSzabolcs Nagy2016-12-171-2/+12
| | | | | | | | | | float conversion is slow and big on soft-float targets. The lookup table increases code size a bit on most hard float targets (and adds 60byte rodata), performance can be a bit slower because of position independent data access and cpu internal state dependence (cache, extra branches), but the overall effect should be minimal (common, small size allocations should be unaffected).
* handle ^ and $ in BRE subexpression start and end as anchorsSzabolcs Nagy2016-12-161-9/+12
| | | | | | | | | | | | | | | | | | | | | | In BRE, ^ is an anchor at the beginning of an expression, optionally it may be an anchor at the beginning of a subexpression and must be treated as a literal otherwise. Previously musl treated ^ in subexpressions as literal, but at least glibc and gnu sed treats it as an anchor and that's the more useful behaviour: it can always be escaped to get back the literal meaning. Same for $ at the end of a subexpression. Portable BRE should not rely on this, but there are sed commands in build scripts which do. This changes the meaning of the BREs: \(^a\) \(a\|^b\) \(a$\) \(a$\|b\)
* fix mrand48/jrand48 return value on 64-bit archsRich Felker2016-12-161-1/+1
| | | | | | | | POSIX specifies the result to have signed 32-bit range. on 32-bit archs, the implicit conversion to long achieved the desired range already, but when long is 64-bit, a cast is needed. patch by Ed Schouten.
* fix crashing sigsetjmp on s390xBobby Bingham2016-12-161-1/+1
| | | | | | the bz instruction that was wrongly used only admits a small immediate displacement and cannot be used with external symbols; apparently the linker fails to diagnose the overflow.
* remove largish unused field from pthread structureRich Felker2016-12-061-1/+0
|
* work around gdb issues recognizing sigreturn trampoline on x86_64Rich Felker2016-11-122-8/+6
| | | | | | | | | | | | | | | | | | | | | | | | gdb can only backtrace/unwind across signal handlers if it recognizes the sa_restorer trampoline. for x86_64, gdb first attempts to determine the symbol name for the function in which the program counter resides and match it against "__restore_rt". if no name can be found (e.g. in the case of a stripped binary), the exact instruction sequence is matched instead. when matching the function name, however, gdb's unwind code wrongly considers the interval [sym,sym+size] rather than [sym,sym+size). thus, if __restore_rt begins immediately after another function, gdb wrongly identifies pc as lying within the previous adjacent function. this patch adds a nop before __restore_rt to preclude that possibility. it also removes the symbol name __restore and replaces it with a macro since the stability of whether gdb identifies the function as __restore_rt or __restore is not clear. for the no-symbols case, the instruction sequence is changed to use %rax rather than %eax to match what gdb expects. based on patch by Szabolcs Nagy, with extended description and corresponding x32 changes added.
* add s390x portBobby Bingham2016-11-1112-0/+269
|
* treat null vdso base same as missingBobby Bingham2016-11-111-0/+1
| | | | | | On s390x, the kernel provides AT_SYSINFO_EHDR, but sets it to zero, if the program being run does not have a program interpreter. This causes problems when running the dynamic linker directly.
* generalize ELF hash table types not to assume 32-bit entriesRich Felker2016-11-111-1/+2
| | | | | | | | | | alpha and s390x gratuitously use 64-bit entries (wasting 2x space and cache utilization) despite the values always being 32-bit. based on patch by Bobby Bingham, with changes suggested by Alexander Monakov to use the public Elf_Symndx type from link.h (and make it properly variable by arch) rather than adding new internal infrastructure for handling the type.
* fix build regression on archs with variable page sizeRich Felker2016-11-081-1/+1
| | | | | | | | | | | commit 31fb174dd295e50f7c5cf18d31fcfd5fe5a063b7 used DEFAULT_GUARD_SIZE from pthread_impl.h in a static initializer, breaking build on archs where its definition, PAGE_SIZE, is not a constant. instead, just define DEFAULT_GUARD_SIZE as 4096, the minimal page size on any arch we support. pthread_create rounds up to whole pages anyway, so defining it to 1 would also work, but a moderately meaningful value is nicer to programs that use pthread_attr_getguardsize on default-initialized attribute objects.
* add limited pthread_setattr_default_np API to set stack size defaultsRich Felker2016-11-082-4/+43
| | | | | | | | | based on patch by Timo Teräs: While generally this is a bad API, it is the only existing API to affect c++ (std::thread) and c11 (thrd_create) thread stack size. This patch allows applications only to increate stack and guard page sizes.
* fix pthread_create regression from stack/guard size simplificationRich Felker2016-11-081-1/+4
| | | | | | | commit 33ce920857405d4f4b342c85b74588a15e2702e5 broke pthread_create in the case where a null attribute pointer is passed; rather than using the default sizes, sizes of 0 (plus the remainder of one page after TLS/TCB use) were used.
* simplify pthread_attr_t stack/guard size representationRich Felker2016-11-077-11/+13
| | | | | | | | previously, the pthread_attr_t object was always initialized all-zero, and stack/guard size were represented as differences versus their defaults. this required lots of confusing offset arithmetic everywhere they were used. instead, have pthread_attr_init fill in the default values, and work with absolute sizes everywhere.
* fix swprintf internal buffer state and error handlingRich Felker2016-11-071-1/+8
| | | | | | | | the swprintf write callback never reset its buffer pointers, so after its 256-byte buffer filled up, it would keep repeating those bytes over and over in the output until the destination buffer filled up. it also failed to set the error indicator for the stream on EILSEQ, potentially allowing output to continue after the error.
* fix integer overflow of tm_year in __secs_to_tmDaniel Sabogal2016-11-071-4/+5
| | | | | | the overflow check for years+100 did not account for the extra year computed from the remaining months. instead, perform this check after obtaining the final number of years.
* fix parsing of quoted time zone namesHannu Nyman2016-11-071-1/+1
| | | | | Fix parsing of the < > quoted time zone names. Compare the correct character instead of repeatedly comparing the first character.
* redesign snprintf without undefined behaviorRich Felker2016-10-211-25/+38
| | | | | | | | | | | | | the old snprintf design setup the FILE buffer pointers to point directly into the destination buffer; if n was actually larger than the buffer size, the pointer arithmetic to compute the buffer end pointer was undefined. this affected sprintf, which is implemented in terms of snprintf, as well as some unusual but valid direct uses of snprintf. instead, setup the FILE as unbuffered and have its write function memcpy to the destination. the printf core sets up its own temporary buffer for unbuffered streams.
* add missing confstr constantsDaniel Sabogal2016-10-201-1/+1
| | | | | | | | | | the _CS_V6_ENV and _CS_V7_ENV constants are required to be available for use with confstr. glibc defines these constants with values 1148 and 1149, respectively. the only missing (and required) confstr constants are _CS_POSIX_V7_THREADS_CFLAGS and _CS_POSIX_V7_THREADS_LDFLAGS which remain unavailable in glibc.
* fix minor problem in previous strtod non-nearest rounding bug fixRich Felker2016-10-201-1/+1
| | | | | | | | | | | | commit 6ffdc4579ffb34f4aab69ab4c081badabc7c0a9a set lnz in the code path for non-zero digits after a huge string of zeros, but the assignment of dc to lnz truncates if the value of dc does not fit in int; this is possible for some pathologically long inputs, either via strings on 64-bit systems or via scanf-family functions. instead, simply set lnz to match the point at which we add the artificial trailing 1 bit to simulate nonzero digits after a huge run of zeros.
* fix strtod int optimization in non-nearest rounding modeSzabolcs Nagy2016-10-201-1/+4
| | | | | | | | | | | | | | the mid-sized integer optimization relies on lnz set up properly to mark the last non-zero decimal digit, but this was not done if the non-zero digit lied outside the KMAX digits of the base 10^9 number representation. so if the fractional part was a very long list of zeros (>2048*9 on x86) followed by non-zero digits then the integer optimization could kick in discarding the tiny non-zero fraction which can mean wrong result on non-nearest rounding mode. strtof, strtod and strtold were all affected.
* fix strtod and strtof rounding with many trailing zerosSzabolcs Nagy2016-10-201-0/+3
| | | | | | | | | | | | | | in certain cases excessive trailing zeros could cause incorrect rounding from long double to double or float in decfloat. e.g. in strtof("9444733528689243848704.000000", 0) the argument is 0x1.000001p+73, exactly halfway between two representible floats, this incorrectly got rounded to 0x1.000002p+73 instead of 0x1p+73, but with less trailing 0 the rounding was fine. the fix makes sure that the z index always points one past the last non-zero digit in the base 10^9 representation, this way trailing zeros don't affect the rounding logic.
* fix gratuitous undefined behavior in strptimeRich Felker2016-10-201-2/+7
| | | | | accessing an object of type const char *restrict as if it had type char * is not defined.
* fix getopt_long_only misinterpreting "--" as an optionRich Felker2016-10-201-1/+1
|
* fix float formatting of some exact halfway casesSzabolcs Nagy2016-10-201-1/+2
| | | | | | | | in nearest rounding mode exact halfway cases were not following the round to even rule if the rounding happened at a base 1000000000 digit boundary of the internal representation and the previous digit was odd. e.g. printf("%.0f", 1.5) printed 1 instead of 2.
* add pthread_setname_npFelix Janda2016-10-201-0/+26
| | | | the thread name is displayed by gdb's "info threads".
* fix clock_nanosleep error caseDaniel Sabogal2016-10-201-1/+3
| | | | | | posix requires that EINVAL be returned if the first parameter specifies the cpu-time clock of the calling thread (CLOCK_THREAD_CPUTIME_ID). linux returns ENOTSUP instead so we handle this.
* math: fix pow signed shift ubSzabolcs Nagy2016-10-201-2/+2
| | | | | | | | | | | | j is int32_t and thus j<<31 is undefined if j==1, so j is changed to uint32_t locally as a quick fix, the generated code is not affected. (this is a strict conformance fix, future c standard may allow 1<<31, see DR 463. the bug was inherited from freebsd fdlibm, the proper fix is to use uint32_t for all bit hacks, but that requires more intrusive changes.) reported by Daniel Sabogal
* use dynamic buffer for getmntentNatanael Copa2016-10-201-4/+13
| | | | | | | | | | overlayfs may have fairly long lines so we use getline to allocate a buffer dynamically. The buffer will be allocated on first use, expand as needed, but will never be free'ed. Downstream bug: http://bugs.alpinelinux.org/issues/5703 Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
* fix integer overflows and uncaught EOVERFLOW in printf coreRich Felker2016-10-202-46/+89
| | | | | | | | | | | | | | | | | | | | | | | | | | | | this patch fixes a large number of missed internal signed-overflow checks and errors in determining when the return value (output length) would exceed INT_MAX, which should result in EOVERFLOW. some of the issues fixed were reported by Alexander Cherepanov; others were found in subsequent review of the code. aside from the signed overflows being undefined behavior, the following specific bugs were found to exist in practice: - overflows computing length of floating point formats with huge explicit precisions, integer formats with prefix characters and huge explicit precisions, or string arguments or format strings longer than INT_MAX, resulted in wrong return value and wrong %n results. - literal width and precision values outside the range of int were misinterpreted, yielding wrong behavior in at least one well-defined case: string formats with precision greater than INT_MAX were sometimes truncated. - in cases where EOVERFLOW is produced, incorrect values could be written for %n specifiers past the point of exceeding INT_MAX. in addition to fixing these bugs, we now stop producing output immediately when output length would exceed INT_MAX, rather than continuing and returning an error only at the end.
* fix integer overflow in float printf needed-precision computationRich Felker2016-10-191-1/+1
| | | | | | | | | | | | | | if the requested precision is close to INT_MAX, adding LDBL_MANT_DIG/3+8 overflows. in practice the resulting undefined behavior manifests as a large negative result, which is then used to compute the new end pointer (z) with a wildly out-of-bounds value (more overflow, more undefined behavior). the end result is at least incorrect output and character count (return value); worse things do not seem to happen, but detailed analysis has not been done. this patch fixes the overflow by performing the intermediate computation as unsigned; after division by 9, the final result necessarily fits in int.
* fix regexec with haystack strings longer than INT_MAXRich Felker2016-10-061-26/+28
| | | | | | | | | | | | we inherited from TRE regexec code that's utterly wrong with respect to the integer types it's using. while it doesn't appear that compilers are producing unsafe output, signed integer overflows seem to happen, and regexec fails to find matches past offset INT_MAX. this patch fixes the type of all variables/fields used to store offsets in the string from int to regoff_t. after the changes, basic testing showed that regexec can now find matches past 2GB (INT_MAX) and past 4GB on x86_64, and code generation is unchanged on i386.
* fix missing integer overflow checks in regexec buffer size computationsRich Felker2016-10-061-5/+18
| | | | | | | | | | | most of the possible overflows were already ruled out in practice by regcomp having already succeeded performing larger allocations. however at least the num_states*num_tags multiplication can clearly overflow in practice. for safety, check them all, and use the proper type, size_t, rather than int. also improve comments, use calloc in place of malloc+memset, and remove bogus casts.
* fix strftime %y for negative tm_yearSzabolcs Nagy2016-10-061-0/+1
|
* fix getservby*_r result pointer value on errorDaniel Sabogal2016-09-242-0/+3
| | | | | | | this is a clone of the fix to the gethostby*_r functions in commit fe82bb9b921be34370e6b71a1c6f062c20999ae0. the man pages document that the getservby*_r functions set this pointer to NULL if there was an error or if no record was found.
* remove dead case in gethostbyname2_rDaniel Sabogal2016-09-241-2/+0
| | | | | this case statement was accidently left behind when this function was refactored in commit e8f39ca4898237cf71657500f0b11534c47a0521.
* simplify/refactor fflush and make fflush_unlocked an alias for fflushRich Felker2016-09-181-30/+23
| | | | | | | | | | | | | | | | | | previously, fflush_unlocked was an alias for an internal backend that was called by fflush, either for its argument or in a loop for each file if a null pointer was passed. since the logic for the latter was in the main fflush function, fflush_unlocked crashed when passed a null pointer, rather than flushing all open files. since fflush_unlocked is not a standard function and has no specification, it's not clear whether it should be expected to accept null pointers like fflush does, but a reasonable argument could be made that it should. this patch eliminates the helper function, simplifying fflush, and makes fflush_unlocked an alias for fflush, which is valid because the two functions agree in their behavior in all cases where their behavior is defined (the unlocked version has undefined behavior if another thread could hold locks).
* fix if_indextoname error caseDaniel Sabogal2016-09-161-1/+6
| | | | | posix requires errno to be set to ENXIO if the interface does not exist. linux returns ENODEV instead so we handle this.
* fix printf regression with alt-form octal, zero flag, and field widthRich Felker2016-09-161-1/+1
| | | | | | | | | | commit b91cdbe2bc8b626aa04dc6e3e84345accf34e4b1, in fixing another issue, changed the logic for how alt-form octal adds the leading zero to adjust the precision rather than using a prefix character. this wrongly suppressed the zero flag by mimicing an explicit precision given by the format string. switch back to using a prefix character. based on bug report and patch by Dmitry V. Levin, but simplified.
* restore _Noreturn to __assert_failRich Felker2016-08-301-1/+1
| | | | | | | | | | | | this reverts commit 2c1f8fd5da3306fd7c8a2267467e44eb61f12dd4. without the _Noreturn attribute, the compiler cannot use asserts to perform reachability/range analysis. this leads to missed optimizations and spurious warnings. the original backtrace problem that prompted the removal of _Noreturn was not clearly documented at the time, but it seems to happen only when libc was built without -g, which also breaks many other backtracing cases.
* getdtablesize: fix returning hard instead of soft rlimitOlivier Brunel2016-08-301-1/+1
| | | | This makes the result consistent with sysconf(_SC_OPEN_MAX).
* math: fix 128bit long double inverse trigonometric functionsSzabolcs Nagy2016-08-301-1/+1
| | | | | | | | | there was a copy paste error that could cause large ulp errors in atan2l, atanl, asinl and acosl on aarch64, mips64 and mipsn32. (the implementation is from freebsd fdlibm, but the tail end of the polynomial was wrong. 128 bit long double functions are not yet tested so this went undetected.)
* verify that ttyname refers to the same file as the fdSzabolcs Nagy2016-08-301-4/+11
| | | | | | linux containers use separate mount namespace so the /proc symlink might not point to the right device if the fd was opened in the parent namespace, in this case return ENOENT.
* fix pread/pwrite syscall calling convention on shRich Felker2016-08-113-2/+6
| | | | | | | despite sh not generally using register-pair alignment for 64-bit syscall arguments, there are arch-specific versions of the syscall entry points for pread and pwrite which include a dummy argument for alignment before the 64-bit offset argument.
* revert unrelated change that slipped into last commitRich Felker2016-07-131-1/+1
|
* fix regression in tcsetattr on all mips archsRich Felker2016-07-131-1/+1
| | | | | revert commit 8c316e9e49d37ad92c2e7493e16166a2afca419f. it was wrong and does not match how the kernel API works.
* fix asctime day/month names not to vary by localeRich Felker2016-07-071-5/+4
| | | | | the FIXME comment here was overlooked at the time locale support was added.