Commit Graph

589 Commits

Author SHA1 Message Date
John Baldwin
cc3d85727d When reopening a stream backed by an open file descriptor, do not close
the existing file descriptor.  Instead, let dup2() atomically close the
old file descriptor when assigning the newly opened file to the same
descriptor.  This closes a race in a multithreaded application where a
concurrent open() could allocate the existing file descriptor in between
the calls to close() and dup2().

PR:		threads/79887
Submitted by:	Dmitrij Tejblum  tejblum of yandex-team.ru
Reviewed by:	davidxu
MFC after:	1 week
2010-12-09 20:28:30 +00:00
Gavin Atkinson
da1e775d12 Remove two unused variables, left over from the refactoring in r180104.
PR:		bin/152551
Submitted by:	Henning Petersen <henning.petersen t-online.de>
MFC after:	2 weeks
2010-12-02 13:40:21 +00:00
David Schultz
06127c9c2a Update the documentation to reflect changes to the implementation in
r197752, which is related to handling of null buffer pointers.  Also
make a few minor wording changes.

Reported by:	jh@
2010-11-30 21:26:21 +00:00
Rebecca Cran
5512804bb8 Revert changes of 'assure' to 'ensure' made in r211936.
Approved by: rrs (mentor)
2010-09-11 10:49:56 +00:00
Rebecca Cran
e7f8dd75b3 Fix incorrect usage of 'assure' and 'insure'.
Approved by: rrs (mentor)
2010-08-28 16:32:01 +00:00
Ulrich Spörlein
0afc94c17a mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the
bottom of the manpages and order them consistently.

GNU groff doesn't care about the ordering, and doesn't even mention
CAVEATS and SECURITY CONSIDERATIONS as common sections and where to put
them.

Found by:	mdocml lint run
Reviewed by:	ru
2010-05-13 12:07:55 +00:00
Ulrich Spörlein
2a10d6d199 mdoc: fix parenthesis
Reviewed by:	brueffer
2010-05-11 23:08:31 +00:00
Ulrich Spörlein
488704b28a mdoc: use macro for +- that is understood by mdocml
Reviewed by:	brueffer
2010-05-11 23:08:15 +00:00
David E. O'Brien
6a18a77221 I feel this wording of the history is more clear.
ANSIfy vasprintf() while I'm here.
2010-04-05 22:09:29 +00:00
John Baldwin
1b0181df2f - Use an initializer macro to initialize fields in 'fake' FILE objects used
by *sprintf(), etc.
- Explicitly initialize _fl_mutex to PTHREAD_MUTEX_INITIALIZER for all FILE
  objects.  This is currently a nop on FreeBSD, but is import for other
  platforms (or in the future) where PTHREAD_MUTEX_INITIALIZER is not simply
  zero.

PR:		threads/141198
Reported by:	Jeremy Huddleston @ Apple
MFC after:	2 weeks
2010-03-11 17:03:32 +00:00
Jaakko Heinonen
6ca7812a19 In _gettemp(), check that the length of the path doesn't exceed
MAXPATHLEN. Otherwise the path name (or part of it) may not fit to
carrybuf causing a buffer overflow.

PR:		bin/140228
Suggested by:	jilles
2010-02-28 13:31:29 +00:00
Ruslan Ermilov
e363756c8f %U was macroized in mdoc(7), escape. 2010-02-16 12:29:02 +00:00
Colin Percival
c6a96a8441 Give a less silly response to a silly request.
Prior to this commit, fread/fwrite calls with size * nmemb > SIZE_MAX
were handled by reading or writing (size_t)(size * nmemb) bytes; for
example, on 32-bit platforms, fread(ptr, 641, 6700417, f) would read 1
byte and indicate that the requested 6700417 blocks had been read.

This commit adds a check for such integer overflows, and treats them as
if an overly large request was passed to read/write; i.e., it sets errno
to EINVAL, sets the error indicator on the file, and returns a short
object count (0, to be specific).

The overflow check involves an integer division, so as a performance
optimization we check first to see if both size and nmemb are less than
2^16; if they are, no overflow is possible and we avoid the division.
We assume here that size_t is at least 32 bits; this appears to be true
on all platforms FreeBSD supports.

Although this commit fixes an integer overflow, it is not likely to have
any security implications, since any program which would be affected by
this bug fix is quite clearly already very confused.

Reviewed by:	kib
MFC after:	1 month
2010-01-10 14:30:30 +00:00
Christian Brueffer
37dc3d28cb Remove unnecessary quoting and markup, add missing punctuation.
PR:		140494
Submitted by:	Jeremy Huddleston <jeremyhu@apple.com>, bde
MFC after:	1 week
2010-01-08 22:02:42 +00:00
Xin LI
280101b76e Use vsprintf instead of rolling our own.
PR:		bin/140496
Submitted by:	Jeremy Huddleston <jeremyhu apple.com>
MFC after:	1 month
2009-12-21 19:59:38 +00:00
Xin LI
d22fecc5e6 Use vsscanf instead of rolling our own.
PR:		bin/140530
Submitted by:	Jeremy Huddleston <jeremyhu apple.com>
MFC after:	1 month
2009-12-21 19:56:03 +00:00
Xin LI
c19ee5a0fb K&R -> ANSI prototype.
MFC after:	1 month
2009-12-21 19:55:05 +00:00
Matteo Riondato
5d26f10fbb 2009-12-16 04:19:23 +00:00
Ed Schouten
2c201a9afe Fix many "function declaration isn't a prototype" warnings in libc.
I've only fixed code that seems to be written by `us'. There are still
many warnings like this present in resolv/, rpc/, stdtime/ and yp/.
2009-12-05 19:31:38 +00:00
Christian Brueffer
da6186437a Fix the dprintf() prototype.
PR:		141087
Submitted by:	Jeremy Huddleston <jeremyhu@apple.com>
MFC after:	3 days
2009-12-02 07:51:25 +00:00
Garrett Wollman
0c0349bfa4 Eliminate more dead stores.
Found by:	Clang static analyzer
MFC after:	7 days
2009-11-25 04:45:45 +00:00
Garrett Wollman
750a395ba6 Make all three if conditions look similar by always initializing nsec
and moving the default initialization of prec into the else clause.
The clang static analyzer erroneously thought that nsec can be used
uninitialized here; it was not actually possible, but better to make
the code clearer.  (Clang can't know that sprintf() won't modify *pi
behind the scenes.)
2009-11-25 04:35:54 +00:00
Garrett Wollman
ab5b2fafec In __mbsconv(), if prec was zero, nconv could have been used
uninitialized.  Initialize it to a safe value so that there's no
chance of returning an error if stack garbage happens to be equal to
(size_t)-1 or (size_t)-2.

Found by:	Clang static analyzer
MFC after:	7 days
2009-11-25 04:27:55 +00:00
Garrett Wollman
e40c32385d Eliminate dead store.
Found by:	Clang static analyzer
MFC after:	7 days
2009-11-25 04:21:42 +00:00
David Schultz
7e817e2a03 Better glibc compatibility for getline/getdelim:
- Tolerate applications that pass a NULL pointer for the buffer and
  claim that the capacity of the buffer is nonzero.

- If an application passes in a non-NULL buffer pointer and claims the
  buffer has zero capacity, we should free (well, realloc) it
  anyway. It could have been obtained from malloc(0), so failing to
  free it would be a small memory leak.

MFC After:	2 weeks
Reported by:	naddy
PR:		ports/138320
2009-10-04 19:43:36 +00:00
Ed Schouten
4522791bb4 Make the description of `b' a little better.
If you have a one-byte sequence, `w', `b' is the second character. Not
the third.

Submitted by:	Christoph Mallon
2009-09-09 19:38:19 +00:00
Ed Schouten
77822acff7 Fix fwrite() to return 0 when size or nmemb are zero.
Right now nmemb is returned when size is 0. In newer versions of the
standards, it is explicitly required that fwrite() should return 0.

Submitted by:	Christoph Mallon
Approved by:	re (kib)
2009-07-12 13:09:43 +00:00
David Schultz
6685ac34d9 Return -1 instead of 0 upon reaching EOF. This is somewhat ill-advised
because it means getdelim() returns -1 for both error and EOF, and
never returns 0. However, this is what the original GNU	implementation
does, and POSIX inherited the bug.

Reported by:	marcus@
2009-04-06 13:50:04 +00:00
David Schultz
ad760e6fc9 Add dprintf() and vdprintf() from POSIX.1-2008. Like getline(),
dprintf() is a simple wrapper around another function, so we may as
well implement it. But also like getline(), we can't prototype it by
default right now because it would break too many ports.
2009-03-04 03:38:51 +00:00
David Schultz
601b205e47 Rewrite asprintf() as a wrapper around vasprintf(), thus reducing the
number of functions that have an incestuous relationship with the
arcane innards of stdio.
2009-03-02 04:11:42 +00:00
David Schultz
88f919d683 The argument corresponding to %zn is supposed to be an ssize_t *, not
a size_t *, although the distinction is moot in practice.
2009-03-02 04:07:58 +00:00
David Schultz
9e462ed058 Use C99-style initializers. No functional change.
Reviewed by:	md5(1)
2009-03-01 19:25:40 +00:00
David Schultz
353ce11c8b Replace a dozen lines of code with a call to strnlen() / wcsnlen(). 2009-02-28 06:06:57 +00:00
David Schultz
69099ba2ec - Add getdelim(), getline(), stpncpy(), strnlen(), wcsnlen(),
wcscasecmp(), and wcsncasecmp().
- Make some previously non-standard extensions visible
  if POSIX_VISIBLE >= 200809.
- Use restrict qualifiers in stpcpy().
- Declare off_t and size_t in stdio.h.
- Bump __FreeBSD_version in case the new symbols (particularly
  getline()) cause issues with ports.

Reviewed by:	standards@
2009-02-28 06:00:58 +00:00
David Schultz
0881683b36 Make sure %zd treats negative arguments properly on 32-bit platforms.
Fix harmless but related bugs in %_$zd and %_$tu.

PR:		131880
MFC after:	1 week
2009-02-28 04:58:18 +00:00
Tom Rhodes
f53807d218 Better wording for clearing EOF indicator.
Submitted by:	keramida and jhb
2009-01-28 14:38:41 +00:00
Tom Rhodes
f3f496333d Remove another comment about clearing EOF indicator.
Noticed by:	bde
2009-01-28 11:25:22 +00:00
David Schultz
aa83f5fff9 Update the manpage to reflect r145172. 2009-01-28 04:37:27 +00:00
Tom Rhodes
d568fa54db Remove comment about clearerr() being the only method of clearing
the EOF indicator, fseek() may also be used for this.

Bump document date.

PR:		76333
Submitted by:	Yoshihiko Sarumaru <mistral@imasy.or.jp>
2009-01-28 01:11:20 +00:00
David Schultz
21ca178ece Add support for multibyte thousands_sep encodings, e.g., U+066C.
The integer thousands' separator code is rewritten in order to
avoid having to preallocate a buffer for the largest possible
digit string with the most possible instances of the longest
possible multibyte thousands' separator. The new version inserts
thousands' separators for integers using the same code as floating point.
2009-01-22 08:14:28 +00:00
David Schultz
f8f571931d - Add support for multibyte decimal_point encodings, e.g., U+066B.
A forthcoming gdtoa import is needed to make this fully work.
- Improve the way "nan(...)" is parsed.
2009-01-19 06:19:51 +00:00
David Schultz
5004a238c3 Add support for multibyte decimal_point encodings, e.g., U+066B. 2009-01-19 06:19:38 +00:00
David Schultz
a1805f7bb9 When f[w]printf() is called on an unbuffered file like stdout, it
sets up a fake buffered FILE and then effectively calls itself
recursively. Unfortunately, gcc doesn't know how to do tail call
elimination in this case, and actually makes things worse by
inlining __sbprintf(). This means that f[w]printf() to stderr was
allocating about 5k of stack on 64-bit platforms, much of which was
never used.

I've reorganized things to eliminate the waste. In addition to saving
some stack space, this improves performance in my tests by anywhere
from 5% to 17% (depending on the test) when -fstack-protector is
enabled. I found no statistically significant performance difference
when stack protection is turned off. (The tests redirected stderr to
/dev/null.)
2009-01-17 18:57:12 +00:00
David Schultz
6ec3512368 Simplify printf's inlined output buffering routines. On amd64, this
reduces the code size by about 10% and improves performance slightly.
2009-01-17 05:38:14 +00:00
Roman Divacky
f27b1c064c Introduce a local variable and use it instead of passed in parameter
to get rid of restrict qualifier discarding. This lets libc compile
cleanly in gnu99 mode.

Suggested by:	kib, christoph.mallon at gmx.de
Approved by:	kib (mentor)
2009-01-15 18:53:52 +00:00
David Schultz
0a4926406a Reduce code duplication by moving functions that are identical in both
vfprintf.c and vfwprintf.c (except for char/wchar_t differences) to a
common header file.
2009-01-15 04:49:43 +00:00
David Schultz
814d1bc906 Convert the insidious macros that handle printf()'s buffering into
slightly less evil inline functions, and move the buffering state into
a struct. This will make it possible for helper routines to produce
output for printf() directly, making it possible to untangle the code
somewhat.

In wprintf(), use the same buffering mechanism to reduce diffs to
printf(). This has the side-effect of causing wprintf() to catch write
errors that it previously ignored.
2009-01-15 04:29:02 +00:00
David Schultz
0cab1fd236 Set the error indicator on an attempt to write to a read-only stream.
PR:		127335
MFC after:	2 weeks
2009-01-08 06:38:06 +00:00
David Schultz
e18701f4ac Consolidate some variable initializations. No substantive change. 2008-12-11 02:39:27 +00:00
David Schultz
33bff5d3e4 Move the xprintf hook to where it belongs; it shouldn't be in the
middle of vfprintf's variable declarations.
2008-12-10 02:32:06 +00:00