Commit Graph

100 Commits

Author SHA1 Message Date
Eivind Eklund
70efdda93d Note that dying on NULL is an implementation detail. 1998-12-17 17:13:47 +00:00
Robert Nordier
e524a581b1 Check for a zero-length as well as a NULL string argument. 1998-10-29 14:40:20 +00:00
Peter Wemm
ed1bbda829 Revert last change. mkstemp() wasn't to blame, it's nvi. However,
mkstemp() is not behaving as documented.
1998-10-20 15:33:21 +00:00
Peter Wemm
eb356f9af0 Stop mk*temp() from being pathologically stupid in the face of a umask(0);
There are other ways to fix this than wrapping _gettemp(), but this was
the most convenient.

Discovered by: bde
1998-10-20 12:36:36 +00:00
Eivind Eklund
b41c848d46 Remove the description of EBADF (that's an implementation detail if I
ever saw one), and move the description of NULL behaviour out to a
'NOTES' section, with an extra note that programs should not rely up
on it.

Kinda-approve-by:	bde (by not replying to the mail with the diff)
1998-10-10 13:31:32 +00:00
Eivind Eklund
aef1f383cf program written under FreeBSD -> programs written under FreeBSD
Noticed by:	Alex Nash <nash@mcs.net>
1998-10-03 16:17:30 +00:00
Eivind Eklund
8bd4c21699 Document that we will core-dump on getting a NULL pointer. 1998-09-28 15:34:24 +00:00
David E. O'Brien
5846581c2e Apply patch to properly sscanf(3) when there is whitespace in the format
string.  From the submitted patch:

Credit for patch:	Chris Torek <torek@bsdi.com>
			Tod Miller  <millert@openbsd.org>

This makes us in line with SunOS 4.1.3_U1, Solaris 2.6, OpenBSD 2.3,
HP-UX 10.20, Irix 5.3.  The previous behavior was in line with Ultrix 4.4.

PR:		bin/7970
Submitted by:	Niall Smart nialls@euristix.ie
1998-09-25 12:20:27 +00:00
Warner Losh
e8420087b0 Replace memory leaking instances of realloc with non-leaking reallocf.
In some cases replace if (a == null) a = malloc(x); else a =
realloc(a, x); with simple reallocf(a, x).  Per ANSI-C, this is
guaranteed to be the same thing.

I've been running these on my system here w/o ill effects for some
time.  However, the CTM-express is at part 6 of 34 for the CAM
changes, so I've not been able to do a build world with the CAM in the
tree with these changes.  Shouldn't impact anything, but...
1998-09-16 04:17:47 +00:00
Peter Wemm
64a965e707 Replace my original asprintf() and vasprintf() hacks with something
more cleanly integrated with stdio.  This should be faster and cleaner
since it doesn't memcpy() the data into a seperate buffer.  This lets
stdio allocate and manage the buffer and then hand it over to the user.

Obtained from: Todd Miller <Todd.Miller@courtesan.com> via OpenBSD
1998-07-08 00:44:56 +00:00
Joseph Koshy
9c727d2ca9 Spelling corrections.
PR: 6868
Submitted by: Josh Gilliam <josh@quick.net>
1998-06-06 05:50:53 +00:00
John Birrell
f9a8e5fafb Remote the NetBSD kludge for vfprintf.c 1998-05-08 05:17:11 +00:00
John Birrell
77af5d1ac8 Don't assign the va_list variable 'ap' directly to the argtable because
va_list is not a pointer on alpha. Instead, use the va_arg() macro
to return the address that is stored in the argtable.
1998-05-08 05:10:32 +00:00
John Birrell
4c717fd74d Remove leading underscores for the functions (weak symbols here) that
POSIX defines.
1998-05-05 21:56:42 +00:00
Peter Wemm
4fea76f539 Fix a nasty flaw as a result of using the arc4random() pre-seeding of
leading XXX's.  It could wrap an uppercase character through chars
like:  [ \ ] ^ _ `  in between Z and a.  The backslash and back tick
might be particularly nasty in a shell script context.  Also, since
we've been using upper-case generated values for a while now, go with
the flow and use them in the pathname search rotation.
1998-04-14 07:25:05 +00:00
John Birrell
ec216c2634 Add FILE locking stubs for libc.
Change the FILE locking to support kernel threads when linked with
libpthread (which you haven't see yet). This requires that libc become
thread-safe and thread-aware, testing __isthreaded before attempting
to do lock/unlock calls. The impact on non-threaded programs is minor.
This change works with libc_r, so it's the best compromise.
1998-04-11 07:40:47 +00:00
Bruce Evans
034abff918 Fixed disordering and inconsistent style in previous commit. 1998-03-12 12:05:14 +00:00
John Birrell
e7b6782c39 Added #include <string.h> to get prototypes. 1998-03-09 06:51:23 +00:00
Stephen McKay
b8e5e42d0f Fixed a few ancient typos, added a little missing stuff, and updated
references to abort() in light of POSIX mandated behaviour.  I'm
still not 100% happy with much of the wording, but it's better
than it was.
1998-03-08 15:15:33 +00:00
Bruce Evans
87ad126763 Fixed uninitialized pointer in previous commit. mktemp() was broken.
I noticed cvs core dumps and uncleaned cvs temporary files in /tmp.

Fixed ANSIisms.
1998-03-03 14:38:36 +00:00
Warner Losh
2f253e75c8 Many security improvements from OpenBSD:
implement mkdtemp
	improve man page for mk*temp
	use arc4random to seed extra XXX's randomly
	Optionally warn of unsafe mktemp uses
From various commits by theo de raadt and Todd Miller.
Obtained from: OpenBSD

This should go into 2.2 after a testing period.
1998-02-13 02:13:24 +00:00
Andrey A. Chernov
b250f24856 size_t -> unsigned
in arguments length INT_MAX overflow check
Suggested-by: bde
1998-01-04 22:28:47 +00:00
Andrey A. Chernov
8c6d2f42e1 1. EOF was returned when the buffer size was larger than INT_MAX. This
case has very little to do with the output size being larger than
   INT_MAX.
2. The new #include of <limits.h> was disordered.
3. The new declaration of `on' was disordered (integer types go together).
4. Testing an unsigned value for > 0 was fishy.

Submitted by: bde
1998-01-01 20:15:58 +00:00
Andrey A. Chernov
92e88f87b9 Add overflow checks: if output size becomes bigger than INT_MAX,
just return EOF
1997-12-25 00:32:17 +00:00
Andrey A. Chernov
fb25537fb8 Correct type of stored argument place (from previous fix) 1997-12-24 23:54:19 +00:00
Andrey A. Chernov
947d101171 1) Restore back comment about snprintf()
2) Optimize string buffer copy to call memcpy() and update pointers
only for count > 0, it makes snprintf(NULL, 0, ...) more efficient
1997-12-24 23:23:18 +00:00
Andrey A. Chernov
6e690ad4ca Return back to BSD snprintf semantics which recent C9x standard adopts
instead of Singe Unix, thanx Bruce for explaining, I am not realize
standards war was there.

But now, fix n == 0 case to not return error and fix check for too
big n.

Things left to do: check for overflow in arguments.
1997-12-24 23:02:47 +00:00
Andrey A. Chernov
e0b123f6d0 1) Oops! Insert again if (n == 0) return 0.
Final word is Bruce's quote:

C9x specifies the BSD4.4-Lite behaviour:

       [#3] ...   Thus,  the
       null-terminated  output  has  been completely written if and
       only if the returned value is less than n.

It means that if we not have any null-terminated output as for n == 0
we can't return value less than n, so we forced to return value
equal to n i.e. 0

The next good thing is glibc compatibility, of course.

2) Do check for too big n in machine-independent way.
3) Minor optimization assuming EOF is < 0
1997-12-24 20:24:08 +00:00
Andrey A. Chernov
5ebfa8de69 Back out part related to "return 0 if n == 0" and return EOF as before.
The main argument is that it is impossible to determine if %n evaluated or not
when snprintf return 0, because it can happens for both n == 0 and n == 1.
Although EOF here is good indication of the end of process, if n is
decreased in the loop...
Since it is already supposed in many places that EOF *is* negative, f.e.
from Single Unix specs for snprintf
"return ... a negative value if an output error was encountered"
this not makes situation worse.
1997-12-24 14:32:40 +00:00
Andrey A. Chernov
97adcd5ba1 Fix snprintf(...%n...)
to pass not more than buffer size to %n agrument, old variant
always assume infinite buffer.
%n is for actually transmitted characters, not for planned ones.
1997-12-24 13:47:13 +00:00
Andrey A. Chernov
a65a537cb1 Remove wrong comment about snprintf:
"return the number of bytes needed, rather the number used"

According to Single Unix specs:

Upon successful completion, these functions return the number of bytes
transmitted excluding the terminating null
1997-12-24 13:17:13 +00:00
Andrey A. Chernov
4ecaf22055 snprintf return value fixes to conform Single Unix specs:
1) if buffer size is smaller than arguments size, return buffer
size, not arguments size as before.

2) if buffer size is 0, return 0, not EOF as before.
(now it is compatible with Linux and Apache implementations too).

NOTE: Single Unix specs says:

If the value of n {buffer size} is zero on a call to snprintf(), an
unspecified value less than 1 is returned.

It means we can't return EOF since EOF can take *any* value in general
not especially < 1. Better variant will be return -1 (it is less then
1 and different with n == 1 case) but -1 value is already occuped by
EOF in our implementation, so we can't distinguish true IO error
in that case. So 0 here is only possible case still conforming
to Single Unix specs.
1997-12-24 12:31:32 +00:00
Bruce Evans
6a93659f24 Comment that long double is poorly implemented, not that it is unimplemented. 1997-12-19 21:59:22 +00:00
Bruce Evans
8fddd06099 Fixed long double formats. They were mostly not implemented except
on systems where long doubles are just doubles.  FreeBSD hasn't
been such a system since it started using gcc-2.5 many years ago.
The fix is of low quality.  It loses precision.

scanf() of long doubles doesn't seem to be used much, but gdb-4.16
uses %Lg format in its expression parser if it thinks that the
system supports printf'ing of long doubles.  The symptom was that
floating point literals were usually interpreted to be 0.0.
1997-11-23 06:02:47 +00:00
Bruce Evans
b966cc2394 Sorted lists. 1997-10-21 08:41:15 +00:00
Bruce Evans
2bc3b4d735 Removed the subdirectory paths from the definitions of MAN[1-9]. They
were a workaround for limitations in bsd.man.mk that were fixed about
2 years ago.
1997-10-15 16:16:41 +00:00
Peter Wemm
e48f3cfbfc Rework previous commit.. I was confused by the number of diffs in the PR
and forgot what I was trying to do originally and accidently zapped
a feature. :-]  The problem is that we are converting a counted buffer in
a malloc pool into a null terminated C-style string.  I was calling realloc
originally to shrink the buffer to the desired size.  If realloc failed, we
still returned the valid buffer - the only thing wrong was it was a tad
too large.  The previous commit disabled this.

This commit now handles the three cases..
1: the buffer is exactly right for the null byte to terminate the
string (we don't call realloc).
2: it's got h.left = 0, so we must expand it to make room. If realloc
fails here, it's fatal.
3: if there's too much room, we realloc to shrink it - a failed realloc
is not fatal, we use the original buffer which is still valid.
1997-07-06 08:42:37 +00:00
Peter Wemm
3c55a3f243 Fix off-by-one error
PR: 3451
Submitted by: Tim Vanderhoek <ac199@hwcn.org>
1997-07-06 07:54:56 +00:00
Jordan K. Hubbard
5e17038f01 Add 64 bit int support to scanf()
PR:		2080
Submitted by:	David Dawes <dawes@rf900.physics.usyd.edu.au>
1997-07-01 17:46:39 +00:00
John Birrell
870039320f Changed all paths to be relative to src/lib instead of src/lib/libc
so that all these makefiles can be used to build libc_r too.

Added .if ${LIB} == "c" tests to restrict man page builds to libc
to avoid needlessly building them with libc_r too.

Split libc Makefile into Makefile and Makefile.inc to allow the
libc_r Makefile to include Makefile.inc too.
1997-05-03 03:50:06 +00:00
Bruce Evans
23f0c1fcf6 Fixed #include and/or prototype bugs in synopsis. 1997-04-13 13:35:33 +00:00
Guido van Rooij
0fb28c0973 Fix race
Obtained from: Keith Bostic
1997-04-07 18:01:10 +00:00
Andrey A. Chernov
ed2bf9a999 Eliminate yet one function call when locale not used 1997-04-04 19:07:02 +00:00
Andrey A. Chernov
350498c58e Speedup in case locale not used 1997-04-04 18:28:38 +00:00
Mike Pritchard
6c0aebfa90 The w+ entry description was misformatted.
Pointed out by: bde
1997-03-27 18:08:23 +00:00
Bruce Evans
09589ca82e FIxed arg types (mostly missing consts) in synopsis. 1997-03-19 00:52:58 +00:00
Peter Wemm
4f02b68a12 Merge from Lite2 1997-03-11 11:40:40 +00:00
Peter Wemm
e5493ddb0f This commit was generated by cvs2svn to compensate for changes in r23658,
which included commits to RCS files with non-trunk default branches.
1997-03-11 11:29:42 +00:00
Peter Wemm
662909a780 Import CSRG 4.4BSD-Lite2 lib/libc onto vendor branch 1997-03-11 11:29:42 +00:00
Bruce Evans
e836e480dc Fixed handling of input failure by the scanf family.
- 0 was returned instead of EOF when an input failure occured while
  skipping white-space after 0 assignments.  This fixes PR2606.  The
  diagnosis in PR2606 is wrong.
- EOF was returned instead of 0 when an input failure occurred after
  zero assignments and nonzero suppressed assignments.
- EOF was spelled -1.

This should be in 2.2.
1997-03-03 17:53:02 +00:00