about summary refs log tree commit diff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* add missing protocols to protoent lookup functionsTimo Teräs2016-01-061-1/+16
|
* fix overly pessimistic realloc strategy in getdelimRich Felker2015-12-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | previously, getdelim was allocating twice the space needed every time it expanded its buffer to implement exponential buffer growth (in order to avoid quadratic run time). however, this doubling was performed even when the final buffer length needed was already known, which is the common case that occurs whenever the delimiter is in the FILE's buffer. this patch makes two changes to remedy the situation: 1. over-allocation is no longer performed if the delimiter has already been found when realloc is needed. 2. growth factor is reduced from 2x to 1.5x to reduce the relative excess allocation in cases where the delimiter is not initially in the buffer, including unbuffered streams. in theory these changes could lead to quadratic time if the same buffer is reused to process a sequence of lines successively increasing in length, but once this length exceeds the stdio buffer size, the delimiter will not be found in the buffer right away and exponential growth will still kick in.
* avoid updating caller's size when getdelim fails to reallocRich Felker2015-12-191-5/+6
| | | | | | | | | | | getdelim was updating *n, the caller's stored buffer size, before calling realloc. if getdelim then failed due to realloc failure, the caller would see in *n a value larger than the actual size of the allocated block, and use of that value is unsafe. in particular, passing it again to getdelim is unsafe. now, temporary storage is used for the desired new size, and *n is not written until realloc succeeds.
* fix crash when signal number 0 is passed to sigactionRich Felker2015-12-151-5/+1
| | | | | | this error case was overlooked in the old range checking logic. new check is moved out of __libc_sigaction to the public wrapper in order to unify the error path and reduce code size.
* fix tsearch, tfind, tdelete to handle null pointer inputSzabolcs Nagy2015-12-081-0/+6
| | | | | POSIX specifies the behaviour for null rootp input, but it was not implemented correctly.
* tsearch code cleanupSzabolcs Nagy2015-12-081-24/+28
| | | | | changed the insertion method to simplify the recursion logic and reduce code size a bit.
* fix tsearch to avoid crash on oomSzabolcs Nagy2015-12-081-1/+1
| | | | | malloc failure was not properly propagated in the insertion method which led to null pointer dereference.
* fix tdelete to properly balance the treeSzabolcs Nagy2015-12-081-5/+14
| | | | | | | the tsearch data structure is an avl tree, but it did not implement the deletion operation correctly so the tree could become unbalanced. reported by Ed Schouten.
* properly handle point-to-point interfaces in getifaddrs()Jo-Philipp Wich2015-11-301-3/+16
| | | | | | | | | | | | | | | | With point-to-point interfaces, the IFA_ADDRESS netlink attribute contains the peer address while an extra attribute IFA_LOCAL carries the actual local interface address. Both the glibc and uclibc implementations of getifaddrs() handle this case by moving the ifa_addr contents to the broadcast/remote address union and overwriting ifa_addr upon receipt of an IFA_LOCAL attribute. This patch adds the same special treatment logic of IFA_LOCAL to musl's implementation of getifaddrs() in order to align its behaviour with that of uclibc and glibc. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
* ldso: fix the dtv update logic in __tls_get_newSzabolcs Nagy2015-11-281-1/+1
| | | | | | | | | | | | if two or more threads accessed tls in a dso that was loaded after the threads were created, then __tls_get_new could do out-of-bound memory access (leading to segfault). accidentally byte count was used instead of element count when the new dtv pointer was computed. (dso->new_dtv is (void**).) it is rare that the same dso provides dtv for several threads, the crash was not observed in practice, but possible to trigger.
* math: explicitly promote expressions to excess-precision typesRich Felker2015-11-213-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | a conforming compiler for an arch with excess precision floating point (FLT_EVAL_METHOD!=0; presently i386 is the only such arch supported) computes all intermediate results in the types float_t and double_t rather than the nominal type of the expression. some incorrect compilers, however, only keep excess precision in registers, and convert down to the nominal type when spilling intermediate results to memory, yielding unpredictable results that depend on the compiler's choices of what/when to spill. in particular, this happens on old gcc versions with -ffloat-store, which we need in order to work around bugs where the compiler wrongly keeps explicitly-dropped excess precision. by explicitly converting to double_t where expressions are expected be be evaluated in double_t precision, we can avoid depending on the compiler to get types correct when spilling; the nominal and intermediate precision now match. this commit should not change the code generated by correct compilers, or by old ones on non-i386 archs where double_t is defined as double. this fixes a serious bug in argument reduction observed on i386 with gcc 4.2: for values of x outside the unit circle, sin(x) was producing results outside the interval [-1,1]. changes made in commit 0ce946cf808274c2d6e5419b139e130c8ad4bd30 were likely responsible for breaking compatibility with this and other old gcc versions. patch by Szabolcs Nagy.
* remove undef weak refs to init/fini array symbols in libc.soRich Felker2015-11-194-14/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit ad1cd43a86645ba2d4f7c8747240452a349d6bc1 eliminated preprocessor-level omission of references to the init/fini array symbols from object files going into libc.so. the references are weak, and the intent was that the linker would resolve them to zero in libc.so, but instead it leaves undefined references that could be satisfied at runtime. normally these references would be harmless, since the code using them does not even get executed, but some older binutils versions produce a linking error: when linking a program against libc.so, ld first tries to use the hidden init/fini array symbols produced by the linker script to satisfy the references in libc.so, then produces an error because the definitions are hidden. ideally ld would have already provided definitions of these symbols when linking libc.so, but the linker script for -shared omits them. to avoid this situation, the dynamic linker now provides its own dummy definitions of the init/fini array symbols for libc.so. since they are hidden, everything binds at ld time and no references remain in the dynamic symbol table. with modern binutils and --gc-sections, both the dummy empty array objects and the code referencing them get dropped at link time, anyway. the _init and _fini symbols are also switched back to using weak definitions rather than weak references since the latter behave somewhat problematically in general, and the weak definition approach was known to work well.
* use private maps even for read-only segments of FDPIC librariesRich Felker2015-11-151-1/+1
| | | | | | | | | | the nommu kernel shares memory when it can anyway for private read-only maps, but semantically the map should be private. this can make a difference when debugging breakpoints are to be used, in which case the kernel may need to ensure that the mapping is not shared. the new behavior matches how the kernel FDPIC loader maps the main program and/or program interpreter (dynamic linker) binary.
* remove use of SHARED macro in dynamic linker version reportingRich Felker2015-11-122-4/+2
| | | | also fix visibility of the glue function used.
* unify static and dynamic linked implementations of thread-local storageRich Felker2015-11-124-132/+111
| | | | | | | | | | | | | | | | | this both allows removal of some of the main remaining uses of the SHARED macro and clears one obstacle to static-linked dlopen support, which may be added at some point in the future. specialized single-TLS-module versions of __copy_tls and __reset_tls are removed and replaced with code adapted from their dynamic-linked versions, capable of operating on a whole chain of TLS modules, and use of the dynamic linker's DSO chain (which contains large struct dso objects) by these functions is replaced with a new chain of struct tls_module objects containing only the information needed for implementing TLS. this may also yield some performance benefit initializing TLS for a new thread when a large number of modules without TLS have been loaded, since since there is no need to walk structures for modules without TLS.
* unify static and dynamic libc init/fini code pathsRich Felker2015-11-113-28/+22
| | | | | | use weak definitions that the dynamic linker can override instead of preprocessor conditionals on SHARED so that the same libc start and exit code can be used for both static and dynamic linking.
* eliminate use of SHARED macro in __tls_get_addrRich Felker2015-11-111-6/+6
| | | | | | this was only a tiny optimization, and static-linked binaries should not be calling __tls_get_addr anyway since the linker is supposed to perform relaxation, resulting in use of the local-exec TLS model.
* eliminate use of SHARED macro to suppress visibility attributesRich Felker2015-11-116-32/+5
| | | | | | | | | | | | | | | | this is the first and simplest stage of removal of the SHARED macro, which will eventually allow libc.a and libc.so to be produced from the same object files. the original motivation for these #ifdefs which are now being removed was to allow building a static-only libc using a compiler that does not support visibility. however, SHARED was the wrong condition to test for this anyway; various assembly-language sources refer to hidden symbols and declare them with the .hidden directive, making it wrong to define the referenced symbols as non-hidden. if there is a need in the future to build libc using compilers that lack visibility, support could be moved to the build system or perhaps the __PIC__ macro could be checked instead of SHARED.
* use correct nofpu versions of setjmp/longjmp used on sh-nofpu-fdpicRich Felker2015-11-114-0/+4
| | | | | when adding the fdpic subarchs, the need for these sub files was overlooked. thus setjmp and longjmp performed illegal instructions.
* fix dynamic loader library mapping for nommu systemsRich Felker2015-11-112-4/+19
| | | | | | | | | | | | | | | | | | | | | on linux/nommu, non-writable private mappings of files may actually use memory shared with other processes or the fs cache. the old nommu loader code (used when mmap with MAP_FIXED fails) simply wrote over top of the original file mapping, possibly clobbering this shared memory. no such breakage was observed in practice, but it should have been possible. the new code starts by mapping anonymous writable memory on archs that might support nommu, then maps load segments over top of it, falling back to read if MAP_FIXED fails. we use an anonymous map rather than a writable file map to avoid reading more data from disk than needed. since pages cannot be loaded lazily on fault, in case of large data/bss, mapping the full file may read a lot of data that will subsequently be thrown away when processing additional LOAD segments. as a result, we cannot skip the first LOAD segment when operating in this mode. these changes affect only non-FDPIC nommu support.
* fix return value of nl_langinfo for invalid item argumentsRich Felker2015-11-101-5/+5
| | | | it was wrongly returning a null pointer instead of an empty string.
* explicitly assemble all arm asm sources as UALRich Felker2015-11-1014-0/+15
| | | | | | | | these files are all accepted as legacy arm syntax when producing arm code, but legacy syntax cannot be used for producing thumb2 with access to the full ISA. even after switching to UAL, some asm source files contain instructions which are not valid in thumb mode, so these will need to be addressed separately.
* remove non-working pre-armv4t support from arm asmRich Felker2015-11-096-16/+2
| | | | | | | | | | | | | | | the idea of the three-instruction sequence being removed was to be able to return to thumb code when used on armv4t+ from a thumb caller, but also to be able to run on armv4 without the bx instruction available (in which case the low bit of lr would always be 0). however, without compiler support for generating such a sequence from C code, which does not exist and which there is unlikely to be interest in implementing, there is little point in having it in the asm, and it would likely be easier to add pre-armv4t support via enhanced linker handling of R_ARM_V4BX than at the compiler level. removing this code simplifies adding support for building libc in thumb2-only form (for cortex-m).
* use vfp mnemonics rather than hard-coded opcodes in arm setjmp/longjmpRich Felker2015-11-092-2/+10
| | | | | | | | | | | | | | | | | | the code to save/restore vfp registers needs to build even when the configured target does not have fpu; this is because code using vfp fpu (but with the standard soft-float EABI) may call a libc built for a soft-float only, and the EABI considers these registers call-saved when they exist. thus, extra directives are used to force the assembler to allow vfp instructions and to avoid marking the resulting object files as requiring vfp. moving away from using hard-coded opcode words is necessary in order to eventually support producing thumb2-only output for cortex-m. conditional execution of these instructions based on hwcap flags was already implemented. when building for arm (non-thumb) output, the only currently-supported configuration, this commit does not change the code emitted.
* use vfp mnemonics instead of p10 coprocessor ones in armhf fenv asmSzabolcs Nagy2015-11-051-10/+10
| | | | | mrc/mcr p10 coprocessor mnemonics are deprecated by some toolchains.
* convert arm memcpy asm to UAL, remove .word hacksRich Felker2015-11-051-22/+24
| | | | | contrary to commit 9367fe926196f407705bb07cd29c6e40eb1774dd, all relevant gas versions actually do support .syntax unified.
* remove external linkage from __simple_malloc definitionRich Felker2015-11-041-1/+1
| | | | | | | | this function is used only as a weak definition for malloc, for static linking in programs which do not call realloc or free. since it had external linkage and was thereby exported in libc.so's dynamic symbol table, --gc-sections was unable to drop it. this was merely an oversight; there's no reason for it to be external, so make it static.
* fix mremap memory synchronization and use of variadic argumentRich Felker2015-11-021-4/+11
| | | | | | | | | | | | since mremap with the MREMAP_FIXED flag is an operation that unmaps existing mappings, it needs to use the vm lock mechanism to ensure that any in-progress synchronization operations using vm identities from before the call have finished. also, the variadic argument was erroneously being read even if the MREMAP_FIXED flag was not passed. in practice this didn't break anything, but it's UB and in theory LTO could turn it into a hard error.
* prevent allocs than PTRDIFF_MAX via mremapDaniel Micay2015-11-021-1/+8
| | | | It's quite feasible for this to happen via MREMAP_MAYMOVE.
* use explicit __cp_cancel label in cancellable syscall asm for all archsRich Felker2015-11-028-28/+32
| | | | | | | | | | | | | previously, only archs that needed to do stack cleanup defined a __cp_cancel label for acting on cancellation in their syscall asm, and a default definition was provided by a weak alias to __cancel, the C function. this resulted in wrong codegen for arm on gcc versions affected by pr 68178 and possibly similar issues (like pr 66609) on other archs, and also created an inconsistency where the __cp_begin and __cp_end labels were treated as const data but __cp_cancel was treated as a function. this in turn caused incorrect code generation on archs where function pointers point to function descriptors rather than code (for now, only sh/fdpic).
* properly access mcontext_t program counter in cancellation handlerRich Felker2015-11-021-3/+4
| | | | | | | | | using the actual mcontext_t definition rather than an overlaid pointer array both improves correctness/readability and eliminates some ugly hacks for archs with 64-bit registers bit 32-bit program counter. also fix UB due to comparison of pointers not in a common array object.
* fix missing bss handling in FDPIC ELF loaderRich Felker2015-10-281-0/+13
| | | | | | | | when a library being loaded has bss (i.e. data segment with p_memsz>p_filesz), this region needs to be zeroed with a combination of memset and/or mmap. the regular ELF loader always did this but the FDPIC code path omitted it, leading to objects in bss having uninitialized/junk contents.
* getnameinfo: make size check not fail for bigger sizesHauke Mehrtens2015-10-261-2/+2
| | | | | | | | | | | | | | | | getnameinfo() compares the size of the given struct sockaddr with sizeof(struct sockaddr_in) and sizeof(struct sockaddr_in6) depending on the net family. When you add a sockaddr of size sizeof(struct sockaddr_storage) this function will fail because the size of the sockaddr is too big. Change the check that it only fails if the size is too small, but make it work when it is too big for example when someone calls this function with a struct sockaddr_storage and its size. This fixes a problem with IoTivity 1.0.0 and musl. glibc and bionic are only failing if it is smaller, net/freebsd implemented the != check. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* safely handle failure to open hosts, services, resolv.conf filesRich Felker2015-10-263-4/+29
| | | | | | | | | | | | | | | | | | | | previously, transient failures like fd exhaustion or other resource-related errors were treated the same as non-existence of these files, leading to fallbacks or false-negative results. in particular: - failure to open hosts resulted in fallback to dns, possibly yielding EAI_NONAME for a hostname that should be defined locally, or an unwanted result from dns that the hosts file was intended to replace. - failure to open services resulted in EAI_SERVICE. - failure to open resolv.conf resulted in querying localhost rather than the configured nameservers. now, only permanent errors trigger the fallback behaviors above; all other errors are reportable to the caller as EAI_SYSTEM.
* fix single-byte overflow of malloc'd buffer in getdelimRich Felker2015-10-241-1/+1
| | | | | | | | | | the buffer enlargement logic here accounted for the terminating null byte, but not for the possibility of hitting the delimiter in the buffer-refill code path that uses getc_unlocked, in which case two additional bytes (the delimiter and the null termination) are written without another chance to enlarge the buffer. this patch and the corresponding bug report are by Felix Janda.
* declare fpu usage to the assembler in arm hard-float asm filesSzabolcs Nagy2015-10-195-0/+6
| | | | | | | Some armhf gcc toolchains (built with --with-float=hard but without --with-fpu=vfp*) do not pass -mfpu=vfp to the assembler and then binutils rejects the UAL mnemonics for VFP unless there is an .fpu vfp directive in the asm source.
* add missing memory barrier to pthread_joinBobby Bingham2015-10-151-0/+1
| | | | | | | POSIX requires pthread_join to synchronize memory on success. The futex wait inside __timedwait_cp cannot handle this because it's not called in all cases. Also, in the case of a spurious wake, tid can become zero between the wake and when the joining thread checks it.
* fix dladdr treatment of function descriptors for fdpicRich Felker2015-10-151-9/+22
| | | | | | | | | | | | | | when determining which module an address belongs to, all function descriptor ranges must be checked first, in case the allocated memory falls inside another module's memory range. dladdr itself must also check addresses against function descriptors before doing a best-match search against the symbol table. even when doing the latter (e.g. for code addresses obtained from mcontext_t), also check whether the best-match was a function, and if so, replace the result with a function descriptor address. which is the nominal "base address" of the function and which the caller needs if it intends to subsequently call the matching function.
* fix visibility mismatch in dynamic linker stage 2 function definitionRich Felker2015-10-151-0/+1
| | | | | | | | | | | | | | | since commits 2907afb8dbd4c1d34825c3c9bd2b41564baca210 and 6fc30c2493fcfedec89e45088bea87766a1e3286, __dls2 is no longer called via symbol lookup, but instead uses relative addressing that needs to be resolved at link time. on some linker versions, and/or if -Bsymbolic-functions is not used, the linker may leave behind a dynamic relocation, which is not suitable for bootstrapping the dynamic linker, if the reference to __dls2 is marked hidden but the definition is not actually hidden. correcting the definition to use hidden visibility fixes the problem. the static-PIE entry point rcrt1 was likewise affected and is also fixed by this patch.
* fix strftime handling of out-of-range struct tm fieldsRich Felker2015-10-141-8/+12
| | | | | | | | | | strftime results are unspecified in this case, but should not invoke undefined behaviour. tm_wday, tm_yday, tm_mon and tm_year fields were used in signed int arithmetic that could overflow. based on patch by Szabolcs Nagy.
* fix integer overflows in time_t/struct tm conversion codeRich Felker2015-10-081-3/+3
| | | | | | | | | | as found and reported by Brian Mastenbrook, the expressions 400*qc_cycles and years+100 in __secs_to_tm were both subject to integer overflow for extreme values of the input t. this patch by Szabolcs Nagy fixes the code by switching to larger types, and matches the original intent I had in mind when writing this code.
* fix open_[w]memstream behavior when no writes take placeRich Felker2015-10-082-4/+18
| | | | | | | | | | | | | the specification for these functions requires that the buffer/size exposed to the caller be valid after any successful call to fflush or fclose on the stream. the implementation's approach is to update them only at flush time, but that misses the case where fflush or fclose is called without any writes having taken place, in which case the write flushing callback will not be called. to fix both the observable bug and the desired invariant, setup empty buffers at open time and fail the open operation if no memory is available.
* make nl_langinfo(CODESET) always return "ASCII" in byte-based C localeRich Felker2015-10-011-1/+1
| | | | | | | | | | | | | | | | | | | | | commit 844212d94f582c4e3c5055e0a1524931e89ebe76, which did not make it into any releases, changed nl_langinfo(CODESET) to always return "UTF-8", even in the byte-based C locale. this was problematic because application software was found to use the string match for "UTF-8" to activate its own UTF-8 processing. this both undermines the byte-based functionality of the C locale, and if mixed with with calls to the standard multibyte functions, which happened in practice, could result in severe mis-handling of input. the motive for the previous change was that, to avoid widespread compatibility problems, the string returned by nl_langinfo(CODESET) needs to be accepted by iconv and by third-party character conversion code. thus, the only remaining choice is "ASCII". this choice accurately represents the intent that high bytes do not have individual meaning in the C locale, but it does mean that iconv, when passed nl_langinfo(CODESET) in the C locale, will produce errors in cases where mbrtowc would have succeeded. for reference, glibc behaves similarly in this regard, so I don't think it will be a problem.
* fix mips fesetround failure to write back resulting modeRich Felker2015-10-011-0/+1
| | | | patch by Anand Takale.
* eliminate protected-visibility data in libc.so with vis.h preincludeRich Felker2015-09-291-0/+3
| | | | | | | | | | | | | | | some newer binutils versions print scary warnings about protected data because most gcc versions fail to produce the right address references/relocations for such data that might be subject to copy relocations. originally vis.h explicitly assigned default visibility to all public data symbols to avoid this issue, but commit b8dda24fe1caa901a99580f7a52defb95aedb67c removed this treatment for stdin/out/err to work around a gcc 3.x bug, and since they don't actually need it (because taking their addresses is not valid C). instead, a check for the gcc 3.x bug is added to the configure check for vis.h preinclude support; this feature will simply be disabled when using a buggy version of gcc.
* avoid attempting to lookup IP literals as hostnamesRich Felker2015-09-251-27/+32
| | | | | | | | | | | | | | | | previously, __lookup_ipliteral only checked its argument against the requested address family, so IPv4 literals passed through to __lookup_name if the caller asked for only IPv6 results, and likewise for IPv6 literals when the caller asked for only IPv4. this resulted in spurious DNS lookups that reportedly even succeeded with some nameservers. now, __lookup_ipliteral attempts to parse its argument as both IPv4 and IPv6, and returns an error (to stop further search) rather than 0 (no results yet) if the form of the argument mismatches the requested address family. based on patch by Julien Ramseier.
* make getaddrinfo return error if both host and service name are nullRich Felker2015-09-251-0/+2
| | | | | | this case is specified as a mandatory ("shall fail") error. based on patch by Julien Ramseier.
* fix localeconv field value for unavailable valuesRich Felker2015-09-241-14/+15
| | | | | | | per ISO C, CHAR_MAX, not -1, is the value used to indicate that a char field in struct lconv is unavailable. patch by Julien Ramseier.
* avoid reading uninitialized memory in __map_fileSzabolcs Nagy2015-09-241-2/+3
| | | | | | | The value of *size is not relevant in case of failure, but it's better not to copy garbage from the stack into it. (The compiler cannot see through the syscall, so optimization was not affected by the unspecified value).
* regcomp: propagate allocation failuresSzabolcs Nagy2015-09-241-1/+2
| | | | The error code of an allocating function was not checked in tre_add_tag.